Data privacy statement

Contact information

website operator
pludoni GmbH
Pillnitzer Landstraße 73 b
01326 Dresden
info@pludoni.de

data security
0351/28792370
datenschutz@pludoni.de 

Data protection principles

The protection of personal data is important, which is why the following data protection principles apply at pludoni GmbH:
  • Transparency at every step of the process - What do you want to know?
  • The “Do we really need this?” Principle - implemented data economy
  • Training of our employees and staff
  • Only technically necessary cookies
  • No third-party content (social media SDKs, click analyses, advertising)

Purpose of processing

We would like to make this website available to you with all its content and functions and guarantee trouble-free experience.

Categories of affected persons

Users of the online offer (hereinafter we also refer to the data subjects collectively as "users").

The types of processed data

The following data is always processed when you visit our website:
  • Meta and communications data (e.g. device information, IP addresses) 
  • Usage data (e.g. logdata, access times) 

Receipients of data

The recipients of the data can be divided into the following categories: 
  • pludoni GmbH
  • Subcontractors of pludoni GmbH (hosting)

Determination of access data and log files

Each time you access our website, usage data is transmitted to us and our web host / IT service provider via your Internet browser and stored in log data (server log files). These stored data include, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 para. 1 lit. f DSGVO out of justified interest in ensuring the trouble-free operation of our website and to improve our services. 

Security measures

In compliance with Art. 32 DSGVO, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in consideration of the state of technology, the implementation costs and the type, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons. 

Such measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure the exercise of data protection rights, deletion of data and response to data breaches. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 DSGVO). 

Cooperation with subcontractors

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is required pursuant to Art. 6 Para. 1 lit. b DSGVO for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.). 

If we engage third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 DSGVO. 

Cookies

In principle, we always use a technically necessary session cookie. If individual functions of the website deviate from this, you will find a detailed description of each function at the end of this statement.

Below you will find a detailed explanation of the cookie issue.

"Cookies" are small files that are stored on users' computers. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users revisit an online offering after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the responsible party that operates the online offering (otherwise, if they are only the responsible party's cookies, they are referred to as "first-party cookies").

In addition to the distinction between temporary and permanent, cookies can be divided into required and non-required. All cookies that are necessary to enable the technical operation of a website are considered necessary. Non-required cookies are used, for example, to enable analyses of the usage behavior of visitors to a website (profiling, tracking).

You have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can prevent the storage of cookies and transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of the website to their full extent.

You can find out how to manage (including disabling) cookies on the main browsers by following the links below:

Chrome browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Time of data storage

The duration of the storage of processed data depends on the purpose of the processing as well as legal obligations (warranty, tax or commercial law) and can therefore be different for each processing operation.

The following overview:

  • Anonymized access data (web server accesses and errors) - 90 days.
  • Memory of each individual function of the website - See procedure at the end of the statement.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law. 

According to legal requirements in Germany, data is stored in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

Your rights as data subject

As a data subject, you have the following rights:

  • Information: You have the right to request confirmation as to whether data concerning you is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 of the GDPR. 
  • Accuracy: In accordance with Art. 16 of the GDPR, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected. 
  • Deletion: In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data. 
  • Transfer: You have the right to request that the data concerning you, which you have provided to us, be received in accordance with Art. 20 DSGVO and to request its transfer to other data controllers. 
  • Complaint: you have the right to complain to the supervisory authority in accordance with Art. 77 DSGVO if you consider that the processing of your personal data is not lawful. 
  • Withdrawal of consent: You have the right to revoke given consents pursuant to Art. 7 (3) DSGVO with effect for the future.
  • Objection: If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) lit. f DSGVO, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation.

To exercise your rights under the GDPR, please send an email with your request to: datenschutz@pludoni.de.

Relevant legal bases

According to Art. 13 DSGVO we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following is valid: 
  • The legal basis for the obtaining of consents is Art. 6 para. 1 lit. a and Art. 7 DSGVO
  • The legal basis for the processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO
  • The legal basis for the processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO
  • The legal basis for the processing in order to preserve our legitimate interests is Art. 6 para. 1 lit. f DSGVO
  • In cases where essential interests of the affected person or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as general legal basis.

Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Analysis software used

To analyze the use of the website, we use only internal systems and no external software.

Contractual performances

We process the data of our users and our customers, cooperation partners and sponsors (uniformly referred to as "contractual partners") in accordance with Art. 6 para. 1 lit. b. DSGVO, in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship. 

The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers) as well as contractual data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., payment history). 

We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure, if this is not evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client as well as the legal requirements.

Transfers to third countries

We do not process data in countries outside the European Union (EU) or the European Economic Area (EEA).

Right to appeal to the competent supervisory authority

Pursuant to Art. 77 DSGVO, you have the right to complain to the supervisory authority if you are convinced that the processing of your personal data is illegal.

Prefill application form via XING API

Legal basis

Consent according to Article 6, paragraph 1a DSGVO.

Purpose of collection

Users of the application form are free to have the form pre-filled with data from their own XING account.
This requires a one-time request to XING, where the person may have to log in. XING responds to this request with a summary of the stored information in JSON format. 
The API endpoint https://dev.xing.com/docs/get/users/me is requested. The information contained in the response can also be found in this link.
The data provided by Xing is requested via an encrypted connection (HTTPS) and is not stored. The processing is carried out for the purpose of pre-filling the application form and is executed as soon as a user presses the button provided for this purpose.

Further information can be found in the XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person

Technical and organizational measures

An encrypted connection is used when sending your data (HTTPS).

Deletion of data

Data is not stored persistently and is retained for the period of processing (query from XING and pre-filling of the form).

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
Categories of recipients of the data
  • Internal systems of pludoni GmbH

Job widget

Legal basis

Contractual basis according to Article 6, paragraph 1b DSGVO, respectively Art. 28 (commissioned data processing).

Purpose of collection

Our customers can use a job advertisement widget to automatically embed their deposited job advertisements on their own web page (e.g. career page) and enable applications for these jobs.
When the page on which the widget is embedded is called up, a one-time request is made to the BMS web server (https://bms.empfehlungsbund.de). For security purposes (troubleshooting), log files are created that contain information such as IP, user agent and metadata.

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)

Deletion of data

Data is stored for a maximum of 3 months

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
  • Job Application data (CV, Intro letter, company, job/position)
Categories of recipients of the data
  • Internal systems of pludoni GmbH
  • Receiving company

Processing of application data in the applicant management system

Legal basis

Contractual basis according to Article 6, paragraph 1b DSGVO, respectively Art. 28 (commissioned data processing).

Purpose of collection

In the applicant management system (BMS), an applicant's application data is processed for authorized employees of a company for the purpose of decision-making.
A pseudonymous profile is created for each applicant (identification by ID number). Only authorized employees of a company are granted access to personal data of an applicant (name, address, application attachments).
Access authorizations can be configured by each company itself.

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)
  • Application attachments are stored encrypted

Deletion of data

All application data and attachments will be anonymized after 6 months at the latest. This period is necessary in order to be able to comply with any legal claims based on the applicant (e.g. AGG - General Equal Treatment Act).

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
  • Job Application data (CV, Intro letter, company, job/position)
Categories of recipients of the data
  • Internal systems of pludoni GmbH
  • Receiving company

Application form

Legal basis

Contractual basis according to Article 6, paragraph 1b DSGVO, respectively Art. 28 (commissioned data processing).

Purpose of collection

Job seekers can apply for job advertisements using our application form. How the application is subsequently processed depends on whether the customer (the company) for which the application is intended uses our applicant management system (BMS) or not. If the company uses our BMS, the application will be processed in the BMS after the form has been submitted. The guidelines described in the procedure "Processing of application data in the applicant management system" apply to this processing. 
In the event that the company does NOT use our BMS, the application will be sent directly to the company by e-mail. The following regulations apply to the processing. 
All specified data and files you upload will be used to generate e-mails to send your application documents to the company you have selected. The data will not be stored by default. The exception is the function "Reserve application documents for 30 days". If this option is selected by the applicant, application data and file attachments will be stored for a maximum of 30 days to make it easier to reapply. 
After the e-mail has been sent to the company concerned or after the 30 days have expired, the data is anonymized and attachments deleted. The anonymized application data record is used for internal purposes (e.g. statistics).

Technical and organizational measures

  • Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
  • Integrity (disclosure and input control)
  • Availability and resilience (daily backups, as well as verified backup concept)
  • Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
  • An encrypted connection is used when sending your data (HTTPS)
  • Application attachments are stored encrypted

Deletion of data

All application and contact information will be anonymized after the application is completed, or reserved for 30 days if requested.

Categories of affected people
  • User
Categories of personal data
  • Connection and Session data (IP, Browser, Meta Data)
  • Contact information (Name, e-mail, ...)
  • Job Application data (CV, Intro letter, company, job/position)
Categories of recipients of the data
  • Internal systems of pludoni GmbH
  • Receiving company