Processing of (personal) data by the entity in charge of the online application process
I. General Information
The protection of your personal data is of utmost importance to the NFON Group. We act in accordance with applicable data protection regulations to safeguard the data collected during the application process. This privacy policy supplements our general privacy policy and informs you about how your data is handled during the application process.
II. Data Controller
The entity responsible for processing your data in connection with the application process is:
Zielstattstraße 36
81379 München
NFON AG
Germany,
represented by the Head of Human Resources, together with the company mentioned in the job posting. A list of all NFON Group companies and their respective local responsibilities can be found in Section VII.
If you apply to NFON AG, NFON AG alone is responsible for data processing.
You can contact our Data Protection Officer, Claudia Standke, either by mail at the address above (attn: Data Protection Officer) or by email at datenschutz@nfon.com.
III. Data Processing
1. Contacting us
You have the option to contact us through various means, such as email, phone, social media platforms, or mail. If you contact us, we will process the personal data you voluntarily provide for the sole purpose of responding to your inquiry and communicating with you.
The legal basis for processing your data as part of your specific application is the pre-contractual employment relationship in accordance with Art. 6 (1) b) GDPR.
For general inquiries that are not directly related to a contractual relationship, data processing is based on our legitimate interest in responding to your inquiry quickly and efficiently, as per Art. 6 (1) f) GDPR.
2. Application Process
When you apply to us—whether through our career page, email, This includes: mail, or a recruitment agency—we process the data necessary for registering and handling your application.
- First and last name
- Date of birth
- Email address
- Address
- Phone number
- Application-related documents, such as a cover letter, CV, diplomas, work certificates, details of previous employment history, and additional qualifications mentioned in your documents
- Optional application photo
- Salary expectations
- Availability information
- Any other details included in the documents you submit
The legal basis for this data processing is the execution of pre-contractual measures within the framework of the recruitment process, in accordance with Art. 6 (1) b) GDPR in conjunction with national data protection laws.
If your application documents contain special categories of personal data as defined in Art. 9 (1) GDPR (e.g., health data, disability status, ethnic background) or if you voluntarily disclose such information during the recruitment process, we process this data for the purpose of exercising rights or fulfilling obligations under labor law, social security, and social protection laws. The legal basis for this is Art. 6 (1) a) and c) GDPR in conjunction with Art. 9 (2) b) GDPR.
3. Conducting Interviews
For digital job interviews, we use the Zoom platform, operated by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA ("Zoom"), or conduct interviews via telephone.
For Zoom interviews, we provide you with a link in advance that allows you to join the video conference. Depending on the nature of the conversation, personal data may be processed, including your name, email address, technical connection data (e.g., IP address), and video/audio recordings if you activate your camera or microphone. Please note that Zoom acts as an independent data controller. You can find more information about how Zoom processes data in its Zoom privacy policy.
For telephone interviews, we process your contact details (e.g., phone number) to conduct the conversation.
The data you provide is used solely for the purpose of planning, conducting, and following up on the job interview and for the duration of the application process.
The legal basis for this data processing is Art. 6 (1) b) GDPR.
4. Use of the “JOIN” applicant management platform
We use the JOIN recruiting platform (Eichenstrasse 2, 8808 Pfäffikon SZ, Switzerland) to publish our job advertisements and to receive and initially process incoming applications. JOIN enables us to record and pre-sort applications in a structured manner. The documents submitted via JOIN are then manually transferred to our applicant management system Personio. The data is processed for the purpose of carrying out and managing application procedures via the JOIN platform on the basis of Art. 6 para. 1 lit. b) GDPR. In particular, personal master data (such as name, salutation, title, date of birth, telephone number and e-mail address), contents of the application documents (such as CV, cover letter, references and certificates), messages sent via JOIN as part of the application process and metadata-related information on the course of the application process (e.g. duration of the process or number of applications received) are processed. JOIN acts as a processor within the scope of this processing in accordance with Art. 28 GDPR. A corresponding contract for order processing has been concluded, which ensures data protection-compliant processing and compliance with suitable technical and organizational measures to protect your data.
Further information on data processing by JOIN can be found in JOIN's privacy policy.
5. Further Data Processing
If you receive a job offer, your data will be transferred to the regular personnel management process, where it will be stored and retained in accordance with legal requirements. If your application is unsuccessful, your data will generally be deleted 180 days after rejection, unless you consent to being included in our applicant pool under Art. 6 (1) a) GDPR. For unsolicited applications, your data will be stored for a maximum of six months. If no offer is made or no further activity occurs within this period, your data will be automatically deleted.
IV. Recipients of Your Data
We generally do not share your data with third parties unless required by law (e.g., in response to a request from law enforcement authorities) or necessary for carrying out the application process.
We use Personio SE & Co. KG, Seidlstraße 3, 80335 Munich ("Personio") to operate our career platform. Personio provides software for processing and managing application data and processes the data solely on our behalf.
Additional service providers (e.g., HR management tools) or members of the NFON Group may be involved in evaluating applications.
In principle, your personal data is not transferred to a third country. If such a transfer is necessary, it will only occur in compliance with the GDPR, for example, through EU Standard Contractual Clauses.
V. Data Retention and Deletion
Your application will be deleted from our applicant management system 180 days after a decision has been made. If we wish to store your application for a longer period, we will first obtain your consent via email.
VI. Your Rights
You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements. You also have the right to object to and withdraw your consent to data processing. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR).
If you wish to exercise one of these rights, please send an informal letter to the contact address listed below. If you wish to exercise your right of objection or withdrawal, the data processing carried out up to this point remains lawful and unaffected.
NFON-Group Companies:
|