Privacy Policy

I. Legal framework, responsible entity, definitions

II. Data subject rights

III. Data processing during informational use of the website, technical background, cookies etc.

IV. Specific data processing in the application context

V. other

I. General information, responsible entity and legal framework

1. legal framework and principles of data processing

We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations (DSGVO and BDSG) and this privacy policy. 

When you use our website, we collect personal data about you.

This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. 

2. responsible bodies

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.). 

The responsible parties (hereinafter also "we", "us", "our") within the meaning of the Data Protection Act are:

Meyer Burger (Industries) GmbH
Carl-Schiffner-Strasse 17
09599 Freiberg
Germany
Tel.: +49 3723 671 101
E-mail: info-hohenstein@meyerburger.com

The contact details of the data protection officers are:

Meyer Burger (Industries) GmbH
- THE DATA PROTECTION AGENCY -
Carl-Schiffner-Strasse 17
09599 Freiberg
Germany

E-mail: dsb.mbde@meyerburger.com

Meyer Burger (Germany) GmbH
An der Baumschule 6-8
DE 09337 Hohenstein-Ernstthal
Germany

Phone +49 3723 671 101
Fax +49 3723 671 1000
E-mail: info-hohenstein@meyerburger.com

Depending on which position you apply for or which other position at other locations you are open to, both companies have an interest in accessing personal data, so joint processing may occur. The parties have jointly determined the order in which the personal data will be processed at each stage of the processing. They are therefore jointly responsible for the protection of your personal data within the process stages described below (Art. 26 GDPR). For more details, please refer to Section III.6.

3. Definitions

Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the General Data Protection Regulation (DSGVO). We would like to explain essential terms in the following:

a) Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) profiling means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

f) Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

h) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of and in accordance with the instructions of the Controller pursuant to Article 28 GDPR.

i) recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

j) third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.

k) Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

II. data subject rights according to Art. 15 ff and Art. 77 DSGVO

1. right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 (1) e) or f) DSGVO, you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.  If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. 

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising. 

2. revocation of your consent to data processing

Many data processing operations are only possible with your express consent. We obtain this from you before the start of the data processing that requires your consent. You can revoke this consent at any time. Insofar as a revocation option does not already arise via the clicking of links or the adjustment of browser settings, an informal communication to us by e-mail is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. 

3. right of appeal to the competent supervisory authority

In the event of violations of data protection law, data subjects have a right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company has its headquarters. A list of the data protection officers and their contact details can be found in the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The data protection authority responsible for us is:

Saxon Data Protection Commissioner
PO Box 11 01 32  
01330 Dresden
https://www.saechsdsb.de/n-kontakt

4. right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to another person responsible, in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible. 

5. information, correction, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given above in Section I.2. 

III. data processing during informational use of the website, technical background, cookies etc.

We collect and process the personal data listed below in sections 3 to 7 for the purposes stated therein, on the basis of the legal grounds stated therein and for the duration stated therein.

1. Legal basis and storage period

If you have consented to the processing of your personal data within the meaning of Art. 4 No. 1 DSGVO by us, Art. 6 (1) a) DSGVO serves as the legal basis for the processing. The processing of personal data, which we need to fulfill contractual or pre-contractual obligations, is based on Art. 6 para. 1 lit. b) DSGVO. If the processing is necessary to safeguard our legitimate interests or those of a third party and the interests, fundamental freedoms and fundamental rights of the data subject do not override these, then Art. 6 (1) (f) DSGVO serves us as the legal basis for the processing of personal data. For the processing operations carried out by us, we indicate below the applicable legal basis in each case. Processing may also be based on several legal bases.

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. 

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

2. data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see above).

3. Data processed during the (informational) use of the website

Inevitably, we can only provide you with the benefits of our Internet offering if, when you use it, we collect certain personal data from you that is necessary for the operation of the website.

We collect this data if this is necessary for the fulfillment of the contract between you and us (including in the form of terms of use for this website) (Art. 6 para. 1 lit. b) DSGVO) or your consent is given (Art. 6 para. 1 lit. a) DSGVO). Furthermore, we collect this data if this is necessary for the functionality of the website and your interest in the protection of your personal data does not outweigh this (Art. 6 para. 1 lit. f) DSGVO).

We collect and process the following data from you:

• Device information: Access data includes the IP address, device ID, device type, device-specific settings, the date and time of the retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, crash of the terminal device, browser type and operating system. This access data is processed in order to technically enable the operation of the website.

• Information with your consent: Other information (e.g. geo-location data, personal data such as name and e-mail address, etc.) is processed by us if you allow us to do so. ) we process if you allow us to do so.

4. Contact us

When you (proactively) contact us, e.g. via a contact form provided by us, the data you provide will be stored by us in order to answer your inquiry. The provision of certain truthful data is required to process your request, other information is voluntary. Mandatory data required to answer your inquiry are marked as such with an asterisk, the remaining data are provided voluntarily. The processing of the above data is based on your consent, which you have expressed by contacting us, in accordance with Art. 6 (1) a) DSGVO and, insofar as special categories of personal data (e.g. health data or other "sensitive" data) are concerned, in accordance with Art. 9 (2) a) DSGVO. The collected personal data will be deleted immediately after the complete completion of your request, unless it is required for the initiation or execution of a contract with you pursuant to Art. 6 (1) (b) DSGVO or you give us further consent.

5. Automated processing operations and use of cookies

Cookies may be used in the operation of our website. Cookies are small text files that are stored on the device memory of your end device and, if applicable, assigned to the mobile device you are using, and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your end device and therefore cannot cause any damage. They serve to make our Internet offer more user-friendly and effective overall, i.e. more pleasant for you.

Cookies cannot directly identify a user, but can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable.

A distinction is made between session cookies, which are deleted again as soon as you close your Internet session, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are again differentiated between:

Technically necessary cookies: these are mandatory in order to navigate within our website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;

Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;

Advertising cookies, targeting cookies: These are used to offer the user tailored advertising within our Internet offering or third-party offerings and to measure the effectiveness of these offerings; advertising and targeting cookies are stored for a maximum of 36 months;

Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 36 months.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your express consent to do so pursuant to Art. 6 (1) p. 1 lit. a) DSGVO. Please note that when cookies are used, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the DSGVO (e.g. USA). Details on this can be found in the following description of the individual marketing tools.

The following cookies may be used on our website:

Cookie name                         Purpose and stored data                                                        Validity period

JSESSIONID                          For identification of the visitor                                                End of session

Youtube                                  Display and play Youtube videos                                            8 months

AddThis                                  Enables job sharing on different platforms                           13 months

 

6. Recipient group and joint responsibility; third-country transfer

Within our company, the departments responsible for processing the requests have access to your data. In addition, we use external service providers, in particular order processors in accordance with Art. 28 DSGVO, insofar as we cannot or cannot reasonably perform services ourselves. These external service providers are thereby primarily providers of IT services and telecommunications services. If certain service providers are explicitly mentioned, you will also find further information in the privacy statements of the service providers. 

In order to fulfill the above purposes and to process your job application efficiently, it is necessary to pass on your data to your potential new employers within the Meyer Burger Group.

The cooperation takes place within the framework of the recruitment process on the basis of joint responsibility under data protection law within the meaning of Art. 4 No. 7 and Art. 26 (1) DSGVO. After completion or termination of the recruitment process, the joint responsibility ends. During the period of joint responsibility, you as the data subject may assert your rights (see Section II. in particular) against each of the data controllers, even though the two data controllers have contractually regulated their responsibilities and liability in their internal relationship with each other or, if applicable, divided them up differently. The fulfillment of your data protection rights may therefore not be carried out by the body to which you originally addressed your request in the context of the data protection rights. 

If a body exceeds the limits of permissible data processing and the other body becomes aware of this, it shall support the data subject in exercising his or her data subject rights if necessary and within the bounds of what is legally and actually reasonable.

If an entity as the sole responsible entity independently collects data of the data subject, it is obligated to implement the related information obligations from Art. 12 - 14 GDPR vis-à-vis the data subjects. This applies in particular to or from the establishment of an employment relationship or similar cooperation. The responsible bodies mentioned in Section I. are no longer jointly responsible for information obligations in this regard, unless the purposes and means of processing are also jointly determined for further processing and you have been informed about the further joint responsibility. 

A transfer to third countries outside the European Economic Area (EEA) only takes place under certain conditions within the framework of Art. 44ff DSGVO.

Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard data protection clauses of the European Commission for the protection of personal data (available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en), certificates or recognized codes of conduct. You can contact our data protection officer if you would like more information on this.

7. Minors

Persons under the age of 16 may not transmit personal data to us or submit declarations of consent without the consent of their legal guardians. We would like to urge parents and guardians and minors to comply with the requirements of the GDPR and not to circumvent any age restrictions.

8. No automated decision making (including profiling).

We do not intend to use any personal data collected from you for any automated decision making process (including profiling).

IV. specific data processing in the application context

1. processing purposes, categories of personal data

We process the application data outlined in this section for the purpose of initiating or implementing an employment relationship or a relationship similar to employment to the extent outlined below. 

In particular, the following categories of data may be processed:

General personal data (name, address and other contact data, application photo, dates of birth, nationality, marital status, other (possibly also sensitive) data disclosed by you to us)

• Job-related data (professional contact information, current position, responsibilities/responsibilities, current employer, current compensation, notice period, holds).

Experience-related data (previous positions and employers, school and academic education, vocational training, experience, knowledge)

Future-related data (wishes and ideas, assessments, conceivable areas of application, mediation ideas)

Other data (information focusing on your professional life that is publicly available through social media services (e.g., XING, Google, LinkedIn, Experteer, etc.) or otherwise available on the Internet that may be relevant to your qualifications for a particular vacancy)

2. further data processing by the controller; legal basis for data processing

If you approach us proactively, we will process the data you provide as part of the initial contact, as well as any other data we may request.

As application data, we treat and process all information (curriculum vitae, references, proof of qualifications) as well as all other information (e.g. in telephone interviews, in personal interviews). This is done for the contractual or pre-contractual purposes outlined above. 

The provision of certain truthful data is required in order to process your request, further information (in particular the submission of a photo) is voluntary.

Insofar as your data is required to carry out the application procedure, Art. 88 DSGVO in conjunction with. § Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for processing your data.

Insofar as special categories of personal data (e.g. health data, trade union or religious affiliation or other "sensitive" data) are concerned, which may not already be processed on the basis of Art. 6 para. 1 lit. b) DSGVO in conjunction with. § 26 BDSG, the processing is based on your consent pursuant to Art. 9 (2) a) DSGVO, which you have expressed by communicating this data.

If your application was successful and an employment relationship is established with us, your data will initially be stored for the duration of the employment relationship. After you leave us, we will process your data for a maximum of three years for the purpose of preserving evidence, unless there are longer legal retention periods (e.g., social security law).

The processed personal data will be deleted insofar as the processing is no longer necessary for the fulfillment of the contract or you request us to delete the data in the context of asserting your rights as a data subject. This is done regularly at the latest six (6) months after completion of the application process after a vacancy has not been filled, if no longer retention obligations apply. If we are not hired, a longer storage period of months24 from the last individual contact with you - for example, to defend against potential AGG claims - may be necessary in individual cases based on our legitimate interests pursuant to Art. 6 (1) f) DSGVO.

V. Other

Amendment of this privacy policy

We reserve the right to change this privacy policy at any time in compliance with legal requirements. 

Privacy Policy

I. Legal framework, responsible entity, definitions

II. Data subject rights

III. Data processing during informational use of the website, technical background, cookies etc.

IV. Specific data processing in the application context

V. other

I. General information, responsible entity and legal framework

1. legal framework and principles of data processing

We take the protection of your personal data very seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations (DSGVO and BDSG) and this privacy policy. 

When you use our website, we collect personal data about you.

This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done. 

2. responsible bodies

The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data (e.g. names, e-mail addresses, etc.). 

The responsible parties (hereinafter also "we", "us", "our") within the meaning of the Data Protection Act are:

Meyer Burger (Industries) GmbH
Carl-Schiffner-Strasse 17
09599 Freiberg
Germany
Tel.: +49 3723 671 101
E-mail: info-hohenstein@meyerburger.com

The contact details of the data protection officers are:

Meyer Burger (Industries) GmbH
- THE DATA PROTECTION AGENCY -
Carl-Schiffner-Strasse 17
09599 Freiberg
Germany

E-mail: dsb.mbde@meyerburger.com

Meyer Burger (Germany) GmbH
An der Baumschule 6-8
DE 09337 Hohenstein-Ernstthal
Germany

Phone +49 3723 671 101
Fax +49 3723 671 1000
E-mail: info-hohenstein@meyerburger.com

Depending on which position you apply for or which other position at other locations you are open to, both companies have an interest in accessing personal data, so joint processing may occur. The parties have jointly determined the order in which the personal data will be processed at each stage of the processing. They are therefore jointly responsible for the protection of your personal data within the process stages described below (Art. 26 GDPR). For more details, please refer to Section III.6.

3. Definitions

Our data protection declaration is based on the terms used by the European Directive and Ordinance Maker when issuing the General Data Protection Regulation (DSGVO). We would like to explain essential terms in the following:

a) Personal data means any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b) Data subject means any identified or identifiable natural person whose personal data are processed by the controller.

c) Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d) Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) profiling means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.

f) Pseudonymization means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

h) Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of and in accordance with the instructions of the Controller pursuant to Article 28 GDPR.

i) recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigative task under Union or Member State law shall not be considered as recipients.

j) third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct responsibility of the controller or the processor.

k) Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner, in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.

II. data subject rights according to Art. 15 ff and Art. 77 DSGVO

1. right to object to the collection of data in specific cases and to direct marketing (Art. 21 GDPR)

If the data processing is based on Art. 6 (1) e) or f) DSGVO, you have the right to object to the processing of personal data concerning you at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions. The respective legal basis on which processing is based can be found in this privacy policy.  If you object, we will no longer process your personal data concerned unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims. 

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising. 

2. revocation of your consent to data processing

Many data processing operations are only possible with your express consent. We obtain this from you before the start of the data processing that requires your consent. You can revoke this consent at any time. Insofar as a revocation option does not already arise via the clicking of links or the adjustment of browser settings, an informal communication to us by e-mail is sufficient. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation. 

3. right of appeal to the competent supervisory authority

In the event of violations of data protection law, data subjects have a right of appeal to the competent supervisory authority. The competent supervisory authority for data protection issues is the state data protection commissioner of the federal state in which our company has its headquarters. A list of the data protection officers and their contact details can be found in the following link:

https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

The data protection authority responsible for us is:

Saxon Data Protection Commissioner
PO Box 11 01 32  
01330 Dresden
https://www.saechsdsb.de/n-kontakt

4. right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to another person responsible, in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible. 

5. information, correction, blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of data processing and, if applicable, a right to correction, blocking or deletion of this data. For this purpose, as well as for further questions on the subject of personal data, you can contact us at any time at the address given above in Section I.2. 

III. data processing during informational use of the website, technical background, cookies etc.

We collect and process the personal data listed below in sections 3 to 7 for the purposes stated therein, on the basis of the legal grounds stated therein and for the duration stated therein.

1. Legal basis and storage period

If you have consented to the processing of your personal data within the meaning of Art. 4 No. 1 DSGVO by us, Art. 6 (1) a) DSGVO serves as the legal basis for the processing. The processing of personal data, which we need to fulfill contractual or pre-contractual obligations, is based on Art. 6 para. 1 lit. b) DSGVO. If the processing is necessary to safeguard our legitimate interests or those of a third party and the interests, fundamental freedoms and fundamental rights of the data subject do not override these, then Art. 6 (1) (f) DSGVO serves us as the legal basis for the processing of personal data. For the processing operations carried out by us, we indicate below the applicable legal basis in each case. Processing may also be based on several legal bases.

For the processing operations carried out by us, we indicate below in each case how long the data will be stored by us and when it will be deleted or blocked. If no explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for the storage no longer applies. 

However, storage may take place beyond the specified time in the event of a (threatened) legal dispute with you or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the responsible party (e.g. § 257 HGB, § 147 AO). If the storage period prescribed by the statutory provisions expires, the personal data will be blocked or deleted unless further storage by us is necessary and there is a legal basis for this.

2. data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, implementation costs and the nature, scope, context and purpose of the processing, as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

We will be happy to provide you with more detailed information on request. Please contact our data protection officer (see above).

3. Data processed during the (informational) use of the website

Inevitably, we can only provide you with the benefits of our Internet offering if, when you use it, we collect certain personal data from you that is necessary for the operation of the website.

We collect this data if this is necessary for the fulfillment of the contract between you and us (including in the form of terms of use for this website) (Art. 6 para. 1 lit. b) DSGVO) or your consent is given (Art. 6 para. 1 lit. a) DSGVO). Furthermore, we collect this data if this is necessary for the functionality of the website and your interest in the protection of your personal data does not outweigh this (Art. 6 para. 1 lit. f) DSGVO).

We collect and process the following data from you:

• Device information: Access data includes the IP address, device ID, device type, device-specific settings, the date and time of the retrieval, time zone, the amount of data transferred and the message whether the data exchange was complete, crash of the terminal device, browser type and operating system. This access data is processed in order to technically enable the operation of the website.

• Information with your consent: Other information (e.g. geo-location data, personal data such as name and e-mail address, etc.) is processed by us if you allow us to do so. ) we process if you allow us to do so.

4. Contact us

When you (proactively) contact us, e.g. via a contact form provided by us, the data you provide will be stored by us in order to answer your inquiry. The provision of certain truthful data is required to process your request, other information is voluntary. Mandatory data required to answer your inquiry are marked as such with an asterisk, the remaining data are provided voluntarily. The processing of the above data is based on your consent, which you have expressed by contacting us, in accordance with Art. 6 (1) a) DSGVO and, insofar as special categories of personal data (e.g. health data or other "sensitive" data) are concerned, in accordance with Art. 9 (2) a) DSGVO. The collected personal data will be deleted immediately after the complete completion of your request, unless it is required for the initiation or execution of a contract with you pursuant to Art. 6 (1) (b) DSGVO or you give us further consent.

5. Automated processing operations and use of cookies

Cookies may be used in the operation of our website. Cookies are small text files that are stored on the device memory of your end device and, if applicable, assigned to the mobile device you are using, and through which certain information flows to the location that sets the cookie. Cookies cannot execute programs or transfer viruses to your end device and therefore cannot cause any damage. They serve to make our Internet offer more user-friendly and effective overall, i.e. more pleasant for you.

Cookies cannot directly identify a user, but can contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information about certain settings that are not personally identifiable.

A distinction is made between session cookies, which are deleted again as soon as you close your Internet session, and permanent cookies, which are stored beyond the individual session. With regard to their function, cookies are again differentiated between:

Technically necessary cookies: these are mandatory in order to navigate within our website, use basic functions and ensure the security of the website; they do not collect information about you for marketing purposes, nor do they store which web pages you have visited;

Performance cookies: these collect information about how you use our website, which pages you visit and, for example, whether errors occur during website use; they do not collect information that could identify you - all information collected is anonymous and is only used to improve our website and find out what interests our users;

Advertising cookies, targeting cookies: These are used to offer the user tailored advertising within our Internet offering or third-party offerings and to measure the effectiveness of these offerings; advertising and targeting cookies are stored for a maximum of 36 months;

Sharing cookies: These are used to improve the interactivity of our website with other services (e.g. social networks); sharing cookies are stored for a maximum of 36 months.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your explicit and active consent pursuant to Art. 6 (1) p. 1 lit. a) DSGVO. This applies in particular to the use of advertising, targeting or sharing cookies. In addition, we will only share your personal data processed through cookies with third parties if you have given your express consent to do so pursuant to Art. 6 (1) p. 1 lit. a) DSGVO. Please note that when cookies are used, your data may be transferred to recipients outside the EEA where there is no adequate level of data protection in accordance with the DSGVO (e.g. USA). Details on this can be found in the following description of the individual marketing tools.

The following cookies may be used on our website:

Cookie name: JSESSIONID
Purpose and stored data: For identification of the visitor.
Validity period: End of session

Cookie name: Youtube
Purpose and stored data: Display and play Youtube videos.
Validity period: 8 months

Cookie name: AddThis
Purpose and stored data: Enables job sharing on different platforms.
Validity period: 13 months
                                                 

6. Recipient group and joint responsibility; third-country transfer

Within our company, the departments responsible for processing the requests have access to your data. In addition, we use external service providers, in particular order processors in accordance with Art. 28 DSGVO, insofar as we cannot or cannot reasonably perform services ourselves. These external service providers are thereby primarily providers of IT services and telecommunications services. If certain service providers are explicitly mentioned, you will also find further information in the privacy statements of the service providers. 

In order to fulfill the above purposes and to process your job application efficiently, it is necessary to pass on your data to your potential new employers within the Meyer Burger Group.

The cooperation takes place within the framework of the recruitment process on the basis of joint responsibility under data protection law within the meaning of Art. 4 No. 7 and Art. 26 (1) DSGVO. After completion or termination of the recruitment process, the joint responsibility ends. During the period of joint responsibility, you as the data subject may assert your rights (see Section II. in particular) against each of the data controllers, even though the two data controllers have contractually regulated their responsibilities and liability in their internal relationship with each other or, if applicable, divided them up differently. The fulfillment of your data protection rights may therefore not be carried out by the body to which you originally addressed your request in the context of the data protection rights. 

If a body exceeds the limits of permissible data processing and the other body becomes aware of this, it shall support the data subject in exercising his or her data subject rights if necessary and within the bounds of what is legally and actually reasonable.

If an entity as the sole responsible entity independently collects data of the data subject, it is obligated to implement the related information obligations from Art. 12 - 14 GDPR vis-à-vis the data subjects. This applies in particular to or from the establishment of an employment relationship or similar cooperation. The responsible bodies mentioned in Section I. are no longer jointly responsible for information obligations in this regard, unless the purposes and means of processing are also jointly determined for further processing and you have been informed about the further joint responsibility. 

A transfer to third countries outside the European Economic Area (EEA) only takes place under certain conditions within the framework of Art. 44ff DSGVO.

Some third countries are certified by the European Commission as having a level of data protection comparable to the EEA standard through so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be obtained here:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en). However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible through binding company regulations, standard data protection clauses of the European Commission for the protection of personal data (available at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en), certificates or recognized codes of conduct. You can contact our data protection officer if you would like more information on this.

7. Minors

Persons under the age of 16 may not transmit personal data to us or submit declarations of consent without the consent of their legal guardians. We would like to urge parents and guardians and minors to comply with the requirements of the GDPR and not to circumvent any age restrictions.

8. No automated decision making (including profiling).

We do not intend to use any personal data collected from you for any automated decision making process (including profiling).

IV. specific data processing in the application context

1. processing purposes, categories of personal data

We process the application data outlined in this section for the purpose of initiating or implementing an employment relationship or a relationship similar to employment to the extent outlined below. 

In particular, the following categories of data may be processed:

General personal data (name, address and other contact data, application photo, dates of birth, nationality, marital status, other (possibly also sensitive) data disclosed by you to us)

• Job-related data (professional contact information, current position, responsibilities/responsibilities, current employer, current compensation, notice period, holds).

Experience-related data (previous positions and employers, school and academic education, vocational training, experience, knowledge)

Future-related data (wishes and ideas, assessments, conceivable areas of application, mediation ideas)

Other data (information focusing on your professional life that is publicly available through social media services (e.g., XING, Google, LinkedIn, Experteer, etc.) or otherwise available on the Internet that may be relevant to your qualifications for a particular vacancy)

2. further data processing by the controller; legal basis for data processing

If you approach us proactively, we will process the data you provide as part of the initial contact, as well as any other data we may request.

As application data, we treat and process all information (curriculum vitae, references, proof of qualifications) as well as all other information (e.g. in telephone interviews, in personal interviews). This is done for the contractual or pre-contractual purposes outlined above. 

The provision of certain truthful data is required in order to process your request, further information (in particular the submission of a photo) is voluntary.

Insofar as your data is required to carry out the application procedure, Art. 88 DSGVO in conjunction with. § Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for processing your data.

Insofar as special categories of personal data (e.g. health data, trade union or religious affiliation or other "sensitive" data) are concerned, which may not already be processed on the basis of Art. 6 para. 1 lit. b) DSGVO in conjunction with. § 26 BDSG, the processing is based on your consent pursuant to Art. 9 (2) a) DSGVO, which you have expressed by communicating this data.

If your application was successful and an employment relationship is established with us, your data will initially be stored for the duration of the employment relationship. After you leave us, we will process your data for a maximum of three years for the purpose of preserving evidence, unless there are longer legal retention periods (e.g., social security law).

The processed personal data will be deleted insofar as the processing is no longer necessary for the fulfillment of the contract or you request us to delete the data in the context of asserting your rights as a data subject. This is done regularly at the latest six (6) months after completion of the application process after a vacancy has not been filled, if no longer retention obligations apply. If we are not hired, a longer storage period of months24 from the last individual contact with you - for example, to defend against potential AGG claims - may be necessary in individual cases based on our legitimate interests pursuant to Art. 6 (1) f) DSGVO.

V. Other

Amendment of this privacy policy

We reserve the right to change this privacy policy at any time in compliance with legal requirements.