1. Home
  2. Privacy Policy

Information about data processing

V2 (022024)

Magirus GmbH uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data by the onlyfy one service and by Magirus GmbH.

Shared responsibility

With regard to interaction within the company account of Magirus GmbH, Magirus GmbH and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.

Data processing by New Work SE

onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social and jobs network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet.

With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with Magirus GmbH, detailed information is available in the XING Privacy Policy at https://privacy.xing.com/en/privacy-policy. You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.

Job applications with onlyfy one

When submitting an application, you enter into a user relationship with New Work SE for the purpose of processing applications. In addition, you will receive support and New Work SE can present you with other opportunities in support of your career. A public profile will not be automatically created for you on the XING social and jobs network. The legal basis for New Work SE processing your data is, in particular, Article 6 (1)(b) GDPR (processing necessary for the performance of a contract).

Pausing your online application

You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of Magirus GmbH in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to Magirus GmbH only.

Visibility of your data

The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.

Notes on the special functions of onlyfy one

Calendar function

If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: https://www.cronofy.com/gdpr/ and https://docs.cronofy.com/policies/privacy-notice/

WhatsApp application

If you use the apply using WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.

The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here: https://www.pitchyou.de/en/pitchyou-gdpr. Candidate data from apply via WhatsApp are transferred to onlyfy one via an interface. Immediately after this transfer, candidate data are deleted from the apply via WhatsApp infrastructure in PitchYou. Further processing then takes place exclusively in onlyfy one.

Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here: https://www.whatsapp.com/legal/privacy-policy-eea.

Subject to your consent, your application will be sent from WhatsApp via the PitchYou infrastructure to onlyfy one. You have the right to withdraw your consent to this at any time. Either way, your application data will be deleted from the PitchYou infrastructure once transferred to onlyfy one, meaning that PitchYou will not process your data any further.

Applicability of the Swiss Federal Data Protection Act (FADP)

The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.

PRIVACY NOTICE

This Privacy Notice explains how your personal data (“Data”) will be handled by each of the companies 
(hereinafter “we”, “us”, “our”, or the “Company”) listed in Annex A to this Privacy Notice, in their capacity as 
Data Controllers and in their own area of competence, in compliance with applicable laws and regulations. 
We are committed to protecting and respecting your privacy.
Iveco Group Company offers equal employment opportunities to male and female workers without 
discriminating based upon sex, age etc. pursuant to the European Directives 2000/78/EC, 2004/113/EC, 
2006/54/EC and/or local Anti-discrimination/equal opportunity Laws.


1. HOW WE OBTAIN DATA

We collect, use and process Data for the purposes listed in section 2 of this Privacy Notice. Data we process 
about you will be different. Below we have listed the broad categories of Data we typically collect and 
process:

      a. Identification and Contact data (e.g. name, date of birth, gender, e-mail address, telephone 
          number, etc.)
      b. Professional data (e.g. job titles, work history, employee files)
      c. Family data (e.g. family structure, marital status)

Ordinarily, Data will be provided by you by filling out the form and attachment of your curriculum vitae, but 
in some cases we may collect Data about you from a third party (such as former employers, interim 
agencies, recruitment agencies and head hunters, social media, etc.) or from public records. We protect 
Data obtained from such third parties according to the practices described in this privacy notice.
You are requested not to provide data allowing the disclosure of race/ethnic origin, religion or belief, political 
opinions, membership of parties, trade unions, associations or organizations of a religious, philosophical, 
political or trade-unionist character, as well as personal data disclosing health conditions, welfare, 
pregnancy, sexual orientation and/or Judicial Data ("Judicial Data" shall mean personal data disclosing the 
status of being either defendant or the subject of investigations). 
Nevertheless, if you consider essential to provide Sensitive Data and/or Judicial Data, the curriculum vitae 
must be accompanied with the express written, signed and dated consent to their processing by all Iveco 
Group Company.


2. HOW WE USE DATA

Data collected is processed by us, subject to your express and specific consent, in order to evaluate and 
assess your profile for present and/or future openings at Iveco Group. Please be aware that, if you have 
given your consent, you may withdraw it at any time.
Data may be processed electronically within IT systems, and manually, in paper form. Data will be processed 
and stored for its whole lifecycle, ensuring security and confidentiality of the same in compliance with 
principles of fairness, lawfulness and transparency and in accordance with the provisions of applicable laws 
and regulations.


3. CONSEQUENCES OF FAILURE TO PROVIDE DATA

Providing Data and consent to the processing of Data are optional. However, should you decide not to 
provide data or not to authorize their processing, we will be unable to carry out the selection and evaluation 
activities.


4. HOW WE SHARE YOUR DATA

Data may be processed by each of the companies listed in Annex A to this Privacy Notice, in its capacity as 
Data Controller. The Controller may share and communicate data to third party processors based in and 
outside the European Union, which are under specific contractual obligations and using the Data solely for 
the fulfilment of the purposes listed above.


5. HOW WE TRANSFER YOUR DATA

In order to perform Data processing activities as detailed above, we may transfer Data in countries outside 
of the European Economic Area (EEA), including storing such Data in digital or physical databases managed 
by entities acting on our behalf. Database management and Data processing are limited to the purposes of 
the processing and are carried out according to applicable data protection laws and regulations.
In case Data are transferred outside of the EEA, the Company will use any appropriate contractual measures 
to guarantee adequate protection of the Data, including – among others – agreements based on Standard 
Data Protection Clauses adopted by the EU Commission applicable to the transfer of personal data outside 
the EEA.


6. RETAINING YOUR PERSONAL DATA

We maintain Data in our systems and archives for 12 months following the last registered activity related to 
your account on our website or in case of manual submission 12 months following the submission, unless 
you withdraw your consent. From that moment on, Data is deleted or kept in a form which does not permit 
the identification of data subjects, provided that we are not legally required or permitted to hold such Data. 

Data processed for the purposes described in this Privacy Notice will be retained in accordance with the 
above-mentioned principles and the guidelines provided by the relevant Privacy Authorities in this respect.


7. DATA CONTROLLER

 Controllers of your Data are listed in Annex A to this Privacy Notice.
Companies of Iveco Group may have a Data Protection Officer. If you want to know if a Data Protection 
Officer applies to Data processing, please refer to Annex A. 


8. YOUR RIGHTS REGARDING YOUR DATA

You may exercise your rights as defined by applicable laws and regulations, among these:

          • Right of access: right to obtain from the Controller a confirmation as to whether or not your 
            personal information is being processed, and, if so, to demand to gain access to your personal 
            data.

          • Right to rectification: right to obtain from the Controller the rectification of your personal data 
            that you may consider inaccurate and to have incomplete information being completed, 
            including by means of providing a supplementary statement.

          • Right to erasure: right to obtain from us the erasure of your personal data without undue 
            delay, where the request is made in accordance with the applicable laws and regulations.

          • Right to object to data processing: right to object at any time to the processing of your 
            personal data based on the legitimate interest of the Controller.

          • Right to limit the data processing: right to obtain from the Controller a limitation on the 
            processing activities when the accuracy and the precision of personal data is disputed, and 
            for the time necessary for the Controller to verify the accuracy of personal data.

          • Right to data portability: right to receive the personal data you provided to the Controller in a 
            structured, commonly used and machine-readable format. You also have the right to transmit 
            that data to another data controller without hindrance from the Controller, especially following 
            these conditions: the processing is based on consent or on a contract and the processing is 
            carried out by automated means.

          • Right to make a complaint: without prejudice to any other administrative or judicial dispute, if 
            you believe the data processing has been carried out illicitly or not compliant with applicable 
            laws and regulations, you have the right to raise a complaint with the Supervisory Authority 
            of the Member State in which you reside or work habitually, or of the State where any breach 
            has occurred.

You can exercise the above-mentioned rights by contacting us as follows:

     • Sending an email or a letter to Controller’s Data Protection Officer, when available (see Annex 
       A to this Privacy Notice for details)
     • Filling the online form you can find here: 
       www.ivecogroup.com/policies_and_guidelines/privacy_request_form
     • Writing an email to privacy-compliance@ivecogroup.com
     • Sending a letter to the Controller at the address indicated in Annex A of this Privacy Notice, 
       specifying “for the attention of Privacy Compliance”

Should you send us a request, we may need to obtain additional personal information from you to verify 
your identity and contact you, if necessary. This information, together with other Data we already withhold, 
will then be processed to meet your request, as required by applicable law. Where necessary, certain 
information may be transferred to other companies within or outside the Iveco Group that act as data 
processors of your Data, in order to meet your request. Your Data will be processed for the necessary 
amount of time to evaluate and handle your request, after which your Data will be archived for a suitable 
time period allowing us to demonstrate that the request has been handled correctly and timely.


9. UPDATES TO THIS PRIVACY NOTICE

This Privacy Notice was updated in January 2022. We reserve the right to amend or update the Privacy 
Notice from time to time to reflect changing legal requirements or our processing activities. We will make 
available and inform you about any substantial update.



Magirus GmbH
Graf-Arco-Straße 30
89079 Ulm - Germany


Datenschutzbeauftragter e-mail: 
dpo-germany@ivecogroup.com








Imprint | Privacy Policy