V2 (022024)
Magirus GmbH uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data by the onlyfy one service and by Magirus GmbH.
With regard to interaction within the company account of Magirus GmbH, Magirus GmbH and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.
onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social and jobs network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet.
With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with Magirus GmbH, detailed information is available in the XING Privacy Policy at https://privacy.xing.com/en/privacy-policy. You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.
When submitting an application, you enter into a user relationship with New Work SE for the purpose of processing applications. In addition, you will receive support and New Work SE can present you with other opportunities in support of your career. A public profile will not be automatically created for you on the XING social and jobs network. The legal basis for New Work SE processing your data is, in particular, Article 6 (1)(b) GDPR (processing necessary for the performance of a contract).
You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of Magirus GmbH in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to Magirus GmbH only.
The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.
If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: https://www.cronofy.com/gdpr/ and https://docs.cronofy.com/policies/privacy-notice/
If you use the apply using WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.
The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here: https://www.pitchyou.de/en/pitchyou-gdpr. Candidate data from apply via WhatsApp are transferred to onlyfy one via an interface. Immediately after this transfer, candidate data are deleted from the apply via WhatsApp infrastructure in PitchYou. Further processing then takes place exclusively in onlyfy one.
Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here: https://www.whatsapp.com/legal/privacy-policy-eea.
Subject to your consent, your application will be sent from WhatsApp via the PitchYou infrastructure to onlyfy one. You have the right to withdraw your consent to this at any time. Either way, your application data will be deleted from the PitchYou infrastructure once transferred to onlyfy one, meaning that PitchYou will not process your data any further.
The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.
We hereby inform you about the processing of your personal data by Magirus GmbH and your rights under data protection law.
This privacy policy applies to data processing by:
Magirus GmbH
Graf-Arco-Str. 30
89079 Ulm, Germany
datenschutz@magirusgroup.com
Represented by: Fatmir Veselaj
You can contact our data protection officer using the contact details above or at:
datenschutz@magirusgroup.com
This data is collected in order to
Data processing is carried out at your request and serves the purposes specified in Art. 6 (1) (b) of the General Data Protection Regulation (GDPR) in conjunction with Art. 88 GDPR in conjunction with § 26 of the Federal Data Protection Act (BDSG) and all other relevant laws, in particular the General Equal Treatment Act (AGG), Works Constitution Act (BetrVG), the appropriate processing of your application documents, and the initiation of a contract.
In addition, consent pursuant to Art. 6 (1) (a) GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 (2) BDSG may constitute a legal basis.
Insofar as we are legally obliged to process data that we have received as part of the application process, we carry out this data processing on the basis of Art. 6 (1) (c) GDPR.
In addition, pursuant to Art. 6 (1) (f) GDPR, we have a legitimate interest in identifying you as an applicant and using the information you have provided that goes beyond the mandatory information. We will immediately delete any data that is clearly irrelevant. The evaluation and management of your application is also based on our legitimate interest.
We process personal data used to exercise and defend our interests, rights, and claims on the basis of our legitimate interests pursuant to Art. 6 (1) (f) GDPR. We also have a legitimate interest pursuant to Art. 6 (1) (f) GDPR in demonstrating legally compliant behavior if claims are asserted against us arising from the application process.
In the case of the processing of special categories of personal data pursuant to Art. 9 GDPR, this serves to exercise rights or to fulfill legal obligations under labor law, social security law, or social protection law. The legal basis here is Art. 9 (2) lit. b GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 (3) BDSG. We process special categories of personal data on the basis of Art. 9 (2) lit. f GDPR in order to exercise or defend our legal claims.
Consent to the processing of special categories of personal data is possible on the basis of Art. 9 (2) (a), Art. 6 (1) (a), 7 GDPR in conjunction with Art. 88 GDPR in conjunction with § 26 (3), (2) BDSG.
Insofar as this is necessary for the processing of your application, your personal data will be passed on within our company to individuals and, where applicable, departments for review; this includes, in particular, the human resources department, the relevant department, the works council, if applicable, and the representative body for disabled employees, if applicable.
We have commissioned third parties to assist us in performing our tasks. These include, for example: IT service providers, banks, savings banks, and payment service providers, job portals, email providers, and shipping service providers. The data passed on may only be used by the third party for the agreed purposes. In the case of order processing, the contractors act on our behalf and according to our instructions.
No further data is passed on to third parties.
You have the right:
pursuant to Art. 7 (3) GDPR to revoke your consent at any time. As a result, we will no longer be permitted to continue processing data based on this consent in the future; If you wish to exercise your right of withdrawal, simply send an email to datenschutz@magirusgroup.com. In the event of withdrawal, we may no longer be able to provide the agreed services or may not be able to provide them to the desired extent;
If you wish to exercise your right to object, simply send an email to datenschutz@magirusgroup.com. In the event of an objection, we may no longer be able to provide the agreed services or may not be able to provide them to the desired extent.
If you believe that our processing of your personal data is unlawful or otherwise violates data protection law, you can lodge a complaint with a supervisory authority. You can contact a supervisory authority in the member state of your residence, your place of work, or the location of the alleged violation.
In individual cases, it may be necessary to store personal data until the respective claims can no longer be asserted or have become time-barred, as we defend ourselves against asserted claims.
If we transfer personal data to service providers or affiliated companies outside the European Economic Area (EEA), the transfer will only take place if the third country has been confirmed by the EU Commission as having an adequate level of data protection or if other appropriate data protection guarantees (e.g., EU standard contractual clauses) are in place.
However, if you send us your application, you are initially providing us with your data on a voluntary basis. As part of the application process, it is also necessary for you to provide us with your data so that the process can be carried out properly. Data processing for the purpose of initiating an employment relationship is regulated by law in Section 26 (1) sentence 1 BDSG in conjunction with Section 26 (8) sentence 2 BDSG. If you do not provide us with the data, we will unfortunately not be able to consider your application.
No automated individual decision-making or profiling measures are used to fulfill contractual obligations.
