Data Privacy Notice

3.3. Purpose of the Processing

The data you provide, such as CV and certificates, are checked by us with regard to the vacancy you are interested in and sent to our clients with an assessment of suitability with regard to the respective job profile. The storage and updating of your personal data is necessary to carry out measures during the application process and the associated support of our clients.

3.4 Sensitive Personal Data

In principle, we do not process any sensitive personal data. We therefore ask you not to transmit any data to us that contains information such as data relating to race or ethnic origin, political opinions, religious or philosophical beliefs, genetic or biometric data, union memberships, sexual orientation or health-related data. If we determine that such data exists, we will delete it.

3.5 Storage Duration

Applicant data will be deleted after 6 months in the event of rejection. In the event that you have agreed to further storage of your personal data by joining our executive network so that we can continue to inform you about vacancies in the future, your consent will continue until you withdraw it. It may be necessary to retain certain data in order to document that we have fulfilled our obligations to our customers or that we continue to fulfill our obligations after we have completed an assignment for our customers in which you may have been a part. The data is stored on the basis of our legitimate interest.

3.6 International Data Transfer

In the context of applications for positions from our clients who are based outside of Europe or whose business activities require the involvement of decision-makers outside the EU/EEA area, you give your consent to data transfer to the respective country by our company.

We use a specialized cloud software provider for our personnel services. Data storage and data processing takes place in the European Union and the United Kingdom (UK).

We have concluded a so-called order processing contract with this provider, which ensures that data processing takes place in a legally permissible manner.

3.7 Confidentiality

We treat your personal data as strictly confidential and, as a matter of principle, do not pass on any personal data about you to third parties without informing you in advance and, if necessary, obtaining your consent separately. Unless we are subject to a legal obligation ourselves, e.g. in the context of criminal prosecution. Our employees and service providers are obliged to maintain confidentiality.

3.8 Referrer

If you are an individual providing a personal reference or feedback for a candidate, we may collect and process your contact information, certain professional details (such as title, occupation, qualifications and work history) and your connection to the candidate.

We assume that referrers to our candidates have given their consent in advance to the transfer of their data to our company for the purpose of carrying out a reference check. The data of the referrer is stored for the duration of the processing of the respective applicant data.

4. Customers / Suppliers

If you are a Masterpiece customer or supplier, we collect and use information about your company and people within your company to fulfill our obligations to you and to further our business relationship.

The data collected usually includes your contact details

• name,
• telephone
• number
• e-mail address
• job title) and
• business data (e.g. business letters and invoices)

The storage period of this data depends on the respective statutory retention periods.

5. Website Visitors

We process the following information about you when you visit our website:

• browser types and versions
• the operating system used
• the website from which an accessing system reaches our website (so- called referrer)
• the sub-websites, which are accessed via an accessing system on our website
• the date and time of access to the website
• the internet service provider of the accessing system and
• other similar data and information that serves to avert danger in the event of attacks on our information technology systems.

The web server necessarily also saves your IP address, which, under certain conditions, can possibly enable an assignment to your person. The access data is not merged with other data sources, and the data is not evaluated for marketing purposes.

The aforementioned access data is stored in so-called server log files on our web server and is required for technical reasons to provide a functional website and to ensure system security.

The corresponding legal basis is Art. 6 Para. 1 (f) GDPR. Beyond the above purposes, we use access data exclusively for the needs-based design and optimization of our website purely statistically and without any conclusions about your person.

The access data collected as part of the use of our website is only kept for the period for which this data is required to achieve the above purposes. Your IP address will be stored on our web server for a maximum of 30 days.

6. Cookies and Similar Technologies

We only use cookies on our website that are necessary to design the website offer in line with requirements. In principle, we do not carry out any content analysis.

Cookies are files that are stored on your hard drive or in the cache of your Internet browser when you visit our website. We also refer to „cookies“ as web beacons and other similar storage technologies used to track user activity. Web beacons are mostly transparent graphic/image elements, usually no larger than 1 x 1 pixel, that are embedded into the website and allow cookies to be recognized on your devices.

Session cookies are used by us to store session-relevant information within the website. These cookies expire at the end of the session/browser session (so-called transient cookies) and are not stored permanently.

Persistent cookies remain on your computer beyond the respective browser session and enable us to recognize your computer on your next visit (so- called persistent/permanent cookies). Persistent cookies are automatically deleted after a specified period, which can vary depending on the type of cookie.

You can disable the use of cookies on your computer by changing your browser settings for cookies. You can obtain the procedure for deactivating cookies regularly via the „Help“ function of your Internet browser. Please note, however, that these settings may affect the full availability and functionality of our website.

The storage of information on your terminal device (e.g. PC, smartphone) and, if necessary, the access to information stored in your terminal device takes place on the basis of § 25 Para. 2 No. 2 of the Telecommunications Telemedia Data Protection Act (TTDSG), insofar as the Processing of the information is absolutely necessary in order to enable the use of our website that you have expressly requested.

Any further storage of information on your end device is based on your consent in accordance with Section 25 (1) TTDSG.

Further data processing of the personal data obtained via cookies takes place either on the basis of your consent in accordance with Article 6 Paragraph 1 (a) GDPR (legal basis). In addition, Art. 6 Para. 1 (f) GDPR can be considered as the legal basis for further processing. Our legitimate interests consist in particular in being able to provide you with a technically optimized, user-friendly and needs-based website and in guaranteeing the security of our systems.

7. Contact Formular

If you contact us by e-mail, we will store the data you have provided. When you use the contact form on our website, we collect the data you enter in the input mask (including first name, surname, address, your individual message). If you use the contact form on our website, the date and time of sending your request and your IP address will also be saved.

If you contact us within the framework of an existing contractual relationship or contact us in advance for information about our range of goods or our other services, the data and information you provide will be used for the purpose of processing and answering your contact request in accordance with Art. 6 Para. 1 (b) GDPR processed. The storage of the technical access data recorded during the sending process takes place for the purpose of the technical provision of the contact options and to guarantee system security on the basis of Art. 6 Para. 1 (f) GDPR and serves to protect legitimate interests.

We store the personal data collected in connection with your contact for the purpose and for the duration of processing your request. The technical access data stored in this context is only kept for the period for which this data is required for technical reasons, in particular to provide the functional provision of contact options and to ensure system security. Your IP address will be stored on our web server for a maximum of 30 days.

8. Social Media Links

Links to social media services are integrated on our website. After clicking on the respective link or the integrated social media graphic, you will be redirected to the website of the respective provider. We would like to point out that we do not process your data in this context and that we are not responsible for the content of websites to which we link. In the event that you follow a link to the social media services, please consider the respective data protection notices of these providers.

9. Data Subject Rights

As the person concerned, you are entitled to the following rights in accordance with the legal requirements, which you can assert at any time in writing or electronically at the contact addresses provided. If you exercise one of your rights, we reserve the right to have your identity verified by you.

• Right to information: You have the right to obtain information about the information that we process about you.

• Right to rectification: You have the right to have inaccurate information about you rectified.

• Right to erasure (right to be forgotten): You have the right, in most cases, to have information about you erased before the time of our usual erasure.

• Right to restriction of processing: You have the right to have the processing of your personal data restricted.

• Right to object: in most cases you have the right to object to the processing of your personal data.

• Right of appeal to a supervisory authority: You have the right to contact the data protection supervisory authority responsible for us at any time in the event of complaints. That is the competent supervisory authority of the state of Bavaria: