Data privacy statement

Contact information

website operator
pludoni GmbH
Pillnitzer Landstraße 73 b
01326 Dresden
info@pludoni.de

data security
0351/28792370
datenschutz@pludoni.de

Purpose of processing

Provision of the online offer, its functions and contents
Answering contact requests and communication with users
Application and access to application status
Security measures

Categories of affected persons

Users of the online offer (hereinafter we also refer to the data subjects collectively as "users" or "applicants").

The types of processed data

Meta and communications data (e.g. device information, IP addresses)
Usage data (e.g. logdata, access times)
Inventory data (e.g. names, addresses)
Contact data (e.g. e-mail)
Content data (e.g. entered texts, images)
Applicant data (e.g. name, address, documents)

Receipients of data

The recipients of the data can be divided into the following categories:

Internal systems of pludoni GmbH (website usage, log data analysis)
Employees of pludoni GmbH who advise on the use of the product (contact form)
Selected employees of pludoni GmbH (application)
Subcontractors of pludoni GmbH (hosting)

Determination of access data and log files

Each time you access our website, usage data is transmitted to us and our web host / IT service provider via your Internet browser and stored in log data (server log files). These stored data include, for example, the name of the page accessed, the date and time of access, the IP address, the amount of data transferred and the requesting provider. The processing is carried out on the basis of Art. 6 para. 1 lit. f DSGVO out of justified interest in ensuring the trouble-free operation of our website and to improve our services.

Security measures

In compliance with Art. 32 DSGVO, we take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in consideration of the state of technology, the implementation costs and the type, extent, circumstances and purposes of the processing as well as the different probability of occurrence and severity of the risk to the rights and freedoms of natural persons.

Such measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical access to, access to, inputting, disclosure, securing and separation of data. In addition, we have established procedures to ensure the exercise of data protection rights, deletion of data and response to data breaches. Furthermore, we take the protection of personal data into account as early as the development or selection of hardware, software and processes, in accordance with the principle of data protection through technology design and data protection-friendly default settings (Art. 25 DSGVO).

Cookies

"Cookies" are small files that are stored on users' computers. The primary purpose of a cookie is to store information about a user (or the device on which the cookie is stored) during or after his or her visit to an online offer. Temporary cookies, or "session cookies" or "transient cookies", are cookies that are deleted after a user leaves an online offer and closes his browser. Such a cookie may store, for example, the contents of a shopping cart in an online store or a login status. Cookies that remain stored even after the browser is closed are referred to as "permanent" or "persistent". For example, the login status can be stored if users revisit an online offering after several days. Likewise, the interests of users can be stored in such a cookie, which is used for range measurement or marketing purposes. Third-party cookies" are cookies that are offered by providers other than the responsible party that operates the online offering (otherwise, if they are only the responsible party's cookies, they are referred to as "first-party cookies").

In addition to the distinction between temporary and permanent, cookies can be divided into required and non-required. All cookies that are necessary to enable the technical operation of a website are considered necessary. Non-required cookies are used, for example, to enable analyses of the usage behavior of visitors to a website (profiling, tracking).

We use a required and temporary session cookie for the following purposes:

Security measures of the contact form (e.g. prevention of cross site scripting attacks).

We process these cookies according to Art. 6 para.1 lit. f DSGVO for the legitimate interest in the above purposes.

You have full control over the use of cookies. By selecting the appropriate technical settings in your internet browser, you can prevent the storage of cookies and transmission of the data they contain. Cookies that have already been stored can be deleted at any time. However, we would like to point out that you may then not be able to use all functions of the website to their full extent.

You can find out how to manage (including disabling) cookies on the main browsers by following the links below:

Chrome browser: https://support.google.com/accounts/answer/61416?hl=de
Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-erlauben-und-ablehnen
Safari: https://support.apple.com/de-de/guide/safari/manage-cookies-and-website-data-sfri11471/mac

Cooperation with subcontractors

Insofar as we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if a transfer of the data to third parties, such as payment service providers, is required pursuant to Art. 6 Para. 1 lit. b DSGVO for the performance of the contract), if you have consented to this, if a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

If we engage third parties to process data on the basis of a so-called "contract processing agreement", this is done on the basis of Art. 28 DSGVO.

Time of data storage

The duration of the storage of processed data depends on the purpose of the processing as well as legal obligations (warranty, tax or commercial law) and can therefore be different for each processing operation.

The following overview:

Anonymized access data (web server accesses and errors) - 90 days.
Memory of each individual function of the website - See procedure at the end of the statement.

Deletion of data

The data processed by us will be deleted or restricted in its processing in accordance with Articles 17 and 18 DSGVO. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

According to legal requirements in Germany, data is stored in particular for 10 years in accordance with §§ 147 para. 1 AO, 257 para. 1 nos. 1 and 4, para. 4 HGB (books, records, management reports, accounting vouchers, commercial books, documents relevant for taxation, etc.) and 6 years in accordance with § 257 para. 1 nos. 2 and 3, para. 4 HGB (commercial letters).

Your rights as data subject

As a data subject, you have the following rights:

Information: You have the right to request confirmation as to whether data concerning you is being processed and to information about this data as well as further information and a copy of the data in accordance with Art. 15 of the GDPR.
Accuracy: In accordance with Art. 16 of the GDPR, you have the right to request that the data concerning you be completed or that incorrect data concerning you be corrected.
Deletion: In accordance with Art. 17 DSGVO, you have the right to demand that data concerning you be deleted without delay, or alternatively, in accordance with Art. 18 DSGVO, to demand restriction of the processing of the data.
Transfer: You have the right to request that the data concerning you, which you have provided to us, be received in accordance with Art. 20 DSGVO and to request its transfer to other data controllers.
Complaint: you have the right to complain to the supervisory authority in accordance with Art. 77 DSGVO if you consider that the processing of your personal data is not lawful.
Withdrawal of consent: You have the right to revoke given consents pursuant to Art. 7 (3) DSGVO with effect for the future.
Objection: If the personal data processing listed here is based on our legitimate interest according to Art. 6 (1) lit. f DSGVO, you have the right to object to this processing with effect for the future at any time for reasons arising from your particular situation.

To exercise your rights under the GDPR, please send an email with your request to: datenschutz@pludoni.de.

Relevant legal bases

According to Art. 13 DSGVO we inform you about the legal basis of our data processing. If the legal basis is not mentioned in the privacy policy, the following is valid:

The legal basis for the obtaining of consents is Art. 6 para. 1 lit. a and Art. 7 DSGVO
The legal basis for the processing in order to fulfil our services and carry out contractual measures as well as answer inquiries is Art. 6 para. 1 lit. b DSGVO
The legal basis for the processing in order to fulfil our legal obligations is Art. 6 para. 1 lit. c DSGVO
The legal basis for the processing in order to preserve our legitimate interests is Art. 6 para. 1 lit. f DSGVO
In cases where essential interests of the affected person or another natural person make the processing of personal data necessary, Art. 6 para. 1 lit. d DSGVO serves as general legal basis.

Changes and Updates to the Privacy Policy

We ask you to inform yourself regularly about the content of our privacy policy. We will adapt the privacy policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

Analysis software used

To analyze the use of the website, we use only internal systems and no external software.

Contractual performances

We process the data of our users and our customers, cooperation partners and sponsors (uniformly referred to as "contractual partners") in accordance with Art. 6 para. 1 lit. b. DSGVO, in order to provide them with our contractual or pre-contractual services. The data processed in this context, the type, scope and purpose and the necessity of their processing, are determined by the underlying contractual relationship.

The processed data includes the master data of our contractual partners (e.g., names and addresses), contact data (e.g., e-mail addresses and telephone numbers) as well as contractual data (e.g., services used, contract contents, contractual communication, names of contact persons) and payment data (e.g., payment history).

We process data that is necessary for the justification and fulfillment of the contractual services and point out the necessity of their disclosure, if this is not evident to the contractual partners. Disclosure to external persons or companies is made only if it is necessary in the context of a contract. When processing the data provided to us as part of an order, we act in accordance with the instructions of the client as well as the legal requirements.

Amazon AWS application documents

To enable the highest possible security, availability and performance of the application attachments (PDF), we store them in the Amazon AWS cloud storage solution on servers in the Frankfurt region.

Amazon Web Services EMEA SARL,
38 Avenue John F.Kennedy,
1855 Luxembourg (hereinafter: AWS).

If you apply to a company that uses our application management system and upload file attachments in the process, these will be stored in an encrypted cloud storage by Amazon AWS.

Here, there is a minimal residual risk that personal data will be transferred to the parent company of AWS in the USA. The data transfer to the USA is based on the EU standard contractual clauses. Details can be found here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.

For more information, please see AWS's privacy policy: https://aws.amazon.com/de/privacy/?nc1=f_pr.

The use of AWS is based on Art. 6 (1) lit. f DSGVO. We have a legitimate interest in storing the application documents as reliably and securely as possible.

Transfers to third countries

We do not process data in countries outside the European Union (EU) or the European Economic Area (EEA).

Application documents are stored on Amazon AWS. For all information, see the section "Application Documents at Amazon AWS".

We use platforms and applications of other providers (hereinafter referred to as "third-party providers") for the purpose of conducting video and audio conferences, webinars and other types of video and audio meetings. When selecting the third-party providers and their services, we observe the legal requirements.
In this context, data of the communication participants are processed and stored on the servers of the third-party providers, insofar as these are part of communication processes with us. This data may include, in particular, registration and contact data, visual as well as vocal contributions and entries in chats and shared screen contents.
If users are referred to the third-party providers, or their software or platforms, in the course of communication, business or other relationships with us, the third-party providers may process usage data and metadata for security, service optimization or marketing purposes. We therefore ask you to observe the data protection notices of the respective third-party providers.

Microsoft Teams

We use the "Microsoft Teams" tool to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: "Online Meetings"). "Microsoft Teams" is a service of Microsoft Corporation. When using "Microsoft Teams", various types of data are processed. The scope of the data also depends on the data you provide before or during participation in an "online meeting".

Types of data processed: inventory data (e.g. names, addresses), contact data (e.g. e-mail, telephone numbers), content data (e.g. text input, photographs, videos), usage data (e.g. web pages visited, interest in content, access times), meta/communication data (e.g. device information, IP addresses).
Data subjects: Communication partners, users (e.g. website visitors, users of online services).
Purposes of processing: contractual performance and service, contact requests and communication, office and organizational procedures.
Legal basis: Consent (Art. 6 para. 1 p. 1 lit. a DSGVO), Contractual performance and pre-contractual inquiries (Art. 6 para. 1 p. 1 lit. b. DSGVO), Legitimate interests (Art. 6 para. 1 p. 1 lit. f. DSGVO).

You may have the option of using the chat function in an "online meeting". In this respect, the text entries you make will be processed in order to display them in the "online meeting". In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time through the "Microsoft Teams" applications.
If we want to record "online meetings", we will transparently inform you in advance and - if necessary - ask for consent.
If it is necessary for the purposes of logging the results of an online meeting, we will log the chat content. However, this will not usually be the case.

Automated decision-making within the meaning of Art. 22 DSGVO is not used.

Further links to Microsoft Teams:

Imprint: https://www.microsoft.com/de-de/rechtliche-hinweise/impressum
Privacy policy: https://privacy.microsoft.com/de-de/privacystatement, https://docs.microsoft.com/de-de/microsoftteams/teams-privacy

Prefill application form via XING API

Rechtsgrundlage

Consent according to Article 6, paragraph 1a DSGVO.

Purpose of collection

Users of the application form are free to have the form pre-filled with data from their own XING account.
This requires a one-time request to XING, where the person may have to log in. XING responds to this request with a summary of the stored information in JSON format.
The API endpoint https://dev.xing.com/docs/get/users/me is requested. The information contained in the response can also be found in this link.
The data provided by Xing is requested via an encrypted connection (HTTPS) and is not stored. The processing is carried out for the purpose of pre-filling the application form and is executed as soon as a user presses the button provided for this purpose.

Further information can be found in the XING privacy policy: https://privacy.xing.com/de/datenschutzerklaerung/wer-erhaelt-daten-zu-ihrer-person

Technical and organizational measures

An encrypted connection is used when sending your data (HTTPS).

Deletion of data

Data is not stored persistently and is retained for the period of processing (query from XING and pre-filling of the form).

Categories of affected people

User

Categories of personal data

Connection and Session data (IP, Browser, Meta Data)
Contact information (Name, e-mail, ...)

Categories of recipients of the data

Internal systems of pludoni GmbH

Job subscription

Rechtsgrundlage

Consent according to Article 6, paragraph 1a DSGVO.

Purpose of collection

In order to be informed when new, suitable job advertisements are available, users can use the job subscription function. To do this, they must enter their e-mail address and then, if different from the e-mail address with which they applied in advance (this is already verified), verify it by confirmation e-mail. Verified e-mail addresses will receive a maximum of one e-mail per day with new job advertisements. The use of this function can be terminated at any time. An unsubscribe link is included in each e-mail. The e-mail address is stored for the duration of use.

Technical and organizational measures

An encrypted connection is used when sending your data (HTTPS).

Deletion of data

Storage for the duration of use

Categories of affected people

User

Categories of personal data

Connection and Session data (IP, Browser, Meta Data)
Contact information (Name, e-mail, ...)

Categories of recipients of the data

Internal systems of pludoni GmbH

Rechtsgrundlage

Contractual basis according to Article 6, paragraph 1b DSGVO, respectively Art. 28 (commissioned data processing).

Purpose of collection

Our customers can use a job advertisement widget to automatically embed their deposited job advertisements on their own web page (e.g. career page) and enable applications for these jobs.
When the page on which the widget is embedded is called up, a one-time request is made to the BMS web server (https://bms.empfehlungsbund.de). For security purposes (troubleshooting), log files are created that contain information such as IP, user agent and metadata.

Technical and organizational measures

Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
Integrity (disclosure and input control)
Availability and resilience (daily backups, as well as verified backup concept)
Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
An encrypted connection is used when sending your data (HTTPS)

Deletion of data

Data is stored for a maximum of 3 months

Categories of affected people

User

Categories of personal data

Connection and Session data (IP, Browser, Meta Data)
Contact information (Name, e-mail, ...)
Job Application data (CV, Intro letter, company, job/position)

Categories of recipients of the data

Internal systems of pludoni GmbH
Receiving company

Processing of application data in the applicant management system

Rechtsgrundlage

Contractual basis according to Article 6, paragraph 1b DSGVO, respectively Art. 28 (commissioned data processing).

Purpose of collection

In the applicant management system (BMS), an applicant's application data is processed for authorized employees of a company for the purpose of decision-making.
A pseudonymous profile is created for each applicant (identification by ID number). Only authorized employees of a company are granted access to personal data of an applicant (name, address, application attachments).
Access authorizations can be configured by each company itself.

Technical and organizational measures

Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
Integrity (disclosure and input control)
Availability and resilience (daily backups, as well as verified backup concept)
Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
An encrypted connection is used when sending your data (HTTPS)
Application attachments are stored encrypted

Deletion of data

All application data and attachments will be anonymized after 6 months at the latest. This period is necessary in order to be able to comply with any legal claims based on the applicant (e.g. AGG - General Equal Treatment Act).

Categories of affected people

User

Categories of personal data

Connection and Session data (IP, Browser, Meta Data)
Contact information (Name, e-mail, ...)
Job Application data (CV, Intro letter, company, job/position)

Categories of recipients of the data

Internal systems of pludoni GmbH
Receiving company

Application form

Rechtsgrundlage

Contractual basis according to Article 6, paragraph 1b DSGVO, respectively Art. 28 (commissioned data processing).

Purpose of collection

Job seekers can apply for job advertisements using our application form. How the application is subsequently processed depends on whether the customer (the company) for which the application is intended uses our applicant management system (BMS) or not. If the company uses our BMS, the application will be processed in the BMS after the form has been submitted. The guidelines described in the procedure "Processing of application data in the applicant management system" apply to this processing.
In the event that the company does NOT use our BMS, the application will be sent directly to the company by e-mail. The following regulations apply to the processing.
All specified data and files you upload will be used to generate e-mails to send your application documents to the company you have selected. The data will not be stored by default. The exception is the function "Reserve application documents for 30 days". If this option is selected by the applicant, application data and file attachments will be stored for a maximum of 30 days to make it easier to reapply.
After the e-mail has been sent to the company concerned or after the 30 days have expired, the data is anonymized and attachments deleted. The anonymized application data record is used for internal purposes (e.g. statistics).

Technical and organizational measures

Confidentiality (access control, access control, data carrier control as well as separation control and pseudonymization of data)
Integrity (disclosure and input control)
Availability and resilience (daily backups, as well as verified backup concept)
Regular review, assessment and evaluation (control/ADV with hosting provider, data protection management, data protection-friendly default settings)
An encrypted connection is used when sending your data (HTTPS)
Application attachments are stored encrypted

Deletion of data

All application and contact information will be anonymized after the application is completed, or reserved for 30 days if requested.

Categories of affected people

User

Categories of personal data

Connection and Session data (IP, Browser, Meta Data)
Contact information (Name, e-mail, ...)
Job Application data (CV, Intro letter, company, job/position)

Categories of recipients of the data

Internal systems of pludoni GmbH
Receiving company