We are delighted by your interest in us, and that you would like to apply for a position in our company. Transparency, combined with the trustworthy handling of your personal data, serve as an important basis for good cooperation. We would, therefore like to provide you with information on the processing of your personal data in connection with your application.
We process the data that you have sent us in connection with your application in order to determine your suitability for the position in question (or any other open positions in our company), and to carry out the application process. Your data will therefore be used to process your application and to decide on the establishment of an employment relationship.
We use the software solutions of “d.vinci HR-Systems GmbH” (hereinafter referred to as d.vinci) for the purposes of applicant management. The software helps us to approach, search for, select and recruit suitable employees. This concerns the areas of applicant management, personnel marketing, personnel consulting and recruiting services.
The data controller within the meaning of data protection law is the respective company to which you have applied:
Frankfurt School of Finance & Management gGmbH
Adickesallee 32-34
60322 Frankfurt am Main
Represented by the President, Prof Dr Nils Stieglitz
efiport GmbH
Adickesallee 32-34
60322 Frankfurt am Main
Represented by the Managing Director, Prof Dr Nils Stieglitz
Frankfurt School Financial Services GmbH
Adickesallee 32-34
60322 Frankfurt am Main
Represented by the Managing Director, Martin Cremer
You will find additional information about our company, details of the authorised representatives and other contact options in the legal notice (“Impressum”) on our website:
https://www.frankfurt-school.de/home/imprint.html
We process your personal data, in particular, in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as well as all other pertinent laws.
The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 (1) Sentence 1 lit. b) GDPR. In accordance therewith, processing shall be considered lawful if it is necessary for the performance of pre-contractual measures. There is also a legitimate interest in data processing, due to the fact that this is necessary, in order to process your application and it is foreseeable in view of the circumstances that data processing can be carried out for this purpose (Art. 6 [1] Sentence 1 lit. f) GDPR). If information is processed on your end device during the application without your consent, the legal basis is Art. 6 (1) Sentence 1 lit. f) GDPR in conjunction with Section 25 (2) Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDDG).
If you have given your consent, we process your data on the basis of Art. 6 (1) Sentence 1 lit. a) GDPR, potentially in conjunction with Section 25 (1) Act on Data Protection and the Protection of Privacy in Telecommunications and Digital Services (TDDDG).
If data is stored after completion of the application process, data processing may take place on the basis of the requirements of Art. 6 GDPR, in particular, to safeguard legitimate interests in accordance with Art. 6 (1) lit. f) GDPR. Our interest then lies in the assertion of (or defence against) claims, in particular, a burden of proof.
Subject to your consent, we will include you in our applicant pool. The consent can be revoked at any time with effect for the future. For further information, please refer to section 1.7.
If there is an employment relationship between you and us, we may process the personal data already received from you for the purposes of the employment relationship in accordance with Art. 6 (1) Sentence 1 lit. b) GDPR if this is necessary for the performance or termination of the employment relationship.
Your application data will not be processed beyond the use described above.
We process your personal data insofar as this is necessary, in order to carry out the application process. This shall include the following data categories, in particular:
Standard information:
• Applicant master data (first name, last name, address, job position)
• Qualification data (cover letter, CV, previous activities, professional qualifications)
• References and certificates (references, performance data, assessment data, etc.)
Special information required for the position to be filled:
• Police clearance certificate (“Polizeiliches Führungszeugnis”)
Other information that you voluntarily provide us with in your application, for example
• Application photo
• Details of severe disability
• other information
Applicants data will be deleted after 6 months in the event of rejection (cf. Section 1.5 [2] for the legal basis). In the event that you have consented to the continued storage of your personal data, we will transfer your data to our applicant pool. The data will be deleted from there after two years. Should you have been accepted for a position as part of the application process, the data from the applicant data system shall be transferred to our personnel information system.
Insofar as the d.vinci software solution is used, data is processed exclusively in data centres in the Federal Republic of Germany. d.vinci is ISO 27001 certified (d.vinci as a company and the data centre) and is based in Hamburg, Germany.
Your data is stored exclusively on servers within the EU. A transfer to a third country is not intended.
Right of access (Art. 15 GDPR)
You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information regarding this personal data and to the information listed in detail in Art. 15 GDPR. In the case of a request for the disclosure of information that is not submitted in writing, we kindly ask for your understanding that we may first require proof from you that you are the person you claim to be.
Right to rectification (Art. 16 GDPR)
You have the right to obtain the immediate correction of incorrect personal data concerning you and, if necessary, the completion of incomplete data.
Right to erasure (Art. 17 GDPR)
You have the right to request that personal data concerning you be deleted if one of the reasons listed in Art. 17 GDPR applies.
Right to the restriction of processing (Art. 18 GDPR)
You shall have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the review by the data controller.
Right to data portability (Art. 20 GDPR)
In certain cases, which are stated in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.
Right of revocation (Art. 7 GDPR)
If the processing of data be based on your consent, you are entitled to w your consent to the use of your personal data at any time in accordance with Art. 7 (3) GDPR. Please note that any revocation takes effect for the future. Any processing that took place before the revocation is not affected.
Right to object (Art. 21 GDPR)
I data is processed on the basis of Art. 6 (1) Sentence 1 lit. f GDPR (data processing to safeguard legitimate interests), you have the right to object the processing at any time for reasons arising from your particular situation. We will then no longer process your personal data, unless there are demonstrable and compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)
In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, if you believe that the processing of data concerning you violates data protection regulations. Your right to lodge a complaint may be asserted, in particular, with a supervisory authority in the Member State of your habitual residence, or the place of the alleged infringement.
Assertion of your rights
Unless otherwise described above, please contact our data protection officer (Clause 1.11) to assert your rights as a data subject.
We have appointed a data protection officer in our company who can be contacted as follows:
Data Protection Officer of the Frankfurt School of Finance
c/o intersoft consulting services AG
Niedenau 13 - 19
60325 Frankfurt
Germany
or at: datenschutzbeauftragter@fs.de
If you use our website for information purposes only, i.e. if you do not register or otherwise provide us with information (e.g. via the contact form), we collect the following technical information (log file data):
• Information about the browser type and version used
• The user’s internet service provider
• The user’s IP address
• The user’s operating system and its interface
• Date and time of access
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status/HTTP status code
• Amount of data transferred in each case
• The previous website from which the user arrives at our website
• Language and version of the browser software
The collection of this data is deemed technically necessary, in order to display our website to you and to ensure stability and security. We (and our service provider) typically do not know who is behind an IP address. We do not merge the data listed above with other data.
Since the collection of data for the provision of the website and storage in log files is essential for the operation of the website and to protect against misuse, our legitimate interest in data processing prevails at this point.
You can apply to our company electronically, e.g. by e-mail or via the web form.
The provision of personal data is neither legally nor contractually required, nor are you obligated to provide the personal data. However, the provision of personal data is necessary, in order to carry out the application process. This means that should you do not provide us with any personal data when applying, we shall not be able to carry out the application process.
Your data will mainly be processed by our HR department and the department head who fillsyour position. In some cases, however, other internal and external bodies are also involved in the processing of your data.
The company d.vinci acts as a service provider for us, and may also obtain knowledge of your personal data in connection with the maintenance and care of the systems. We have concluded a so-called order processing contract with this provider, which ensures that the data processing is carried out in a permissible manner. Applicant data is viewed by the HR department after receipt of the application. Suitable applications are then be forwarded internally to the department managers responsible for the respective open position. The further procedure is then coordinated. Within the company, only those persons have access to your data who require it for the proper course of our application process (need-to-know principle).
In particular, the following internal departments receive your data:
• HR department
• Head of department
• Works Council
External service providers:
• REISSWOLF International AG for document destruction
• d.vinci
External service providers and partner companies will only receive your data if this is necessary. In these cases, however, the scope of the data transmitted is limited to the minimum amount required. To the extent that our service providers process your personal data on our behalf, we ensure that they comply with the provisions of data protection laws in the same way as part of order processing in accordance with Art. 28 GDPR. Please also note the data protection notices of the respective providers. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.
We have adopted extensive technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction or access by unauthorised persons. Our security procedures are regularly reviewed and adapted to technological progress.
The SSL (Secure Sockets Layer) encryption of our website ensures that data is exchanged between the visitor’s browser and our server via a secure connection. The secure connection can be recognised by the abbreviation HTTPS (Hypertext Transfer Protocol Secure).
Please note that unencrypted e-mails are not transmitted with access protection.
With your express consent, we will review your application for further employment opportunities in our company and – if necessary – forward your profile to other departments in our company, review it and contact you.
For this purpose, we store the personal data that we have received as part of the entire application process (e.g. in cover letters, CVs, references, applicant questionnaires, applicant interviews), even after the end of the specific application process. If you have provided “special categories of personal data” in your letter of application or other documents submitted during the application process, your consent also applies to this data.
The consent also applies to data from generally accessible data sources (in particular, professional social networks) that we have lawfully collected as part of the application process.
You can withdrawl your consent at any time and without giving reasons. In this case, your data will be deleted if no further claims are expected from the application process, or other retention obligations exist.
If you wish to revoke your consent, please contact the office named in Clause 1.11
We hereby reserve the right to change our security and data protection measures if this becomes necessary, e.g. due to technical developments. In such cases, we will also adapt our information on data protection accordingly. Please, therefore, note the current version of our data protection declaration. We naturally endeavour to check all links regularly for their correctness and legality.