Skip to main content

Processing of (personal) data by the entity in charge of the online application process


PRIVACY NOTICE FOR APPLICANTS AT FASTIC


We are pleased that you want to apply for a job with us. In the following we would like to explain how we process the personal data that you provide us with during the application process.

To read specific information on the use of our online application system, please go to section 11.

  1. Who is responsible for processing your personal data?

Fastic GmbH
Pappelallee 78/79
10437 Berlin
Germany
Email: legal@fastic.com

  1. Who is our data protection officer? 

If you have any questions about our data protection measures, the processing of your data or the protection of your data subject rights, please contact legal@fastic.com

If you wish to communicate directly with our external data protection officer (for example, because you have a particularly sensitive matter), please contact him by post, as communication by e-mail can always have security gaps. Please state in your request that your concern relates to the company Fastic.

ePrivacy GmbH
represented by Prof. Dr. Christoph Bauer
Große Bleichen 21
20354 Hamburg
Germany

  1. Who is our representative in the United Kingdom? 

Fastic Services Limited
7 Church Plain, 

Great Yarmouth, 

England, NR30 1PL
United Kingdom

  1. What personal data do we process and where do we get them from? 

We process a variety of personal information that comes from different sources. This includes information you provide us with in your application, such as your CV, references, and certificates, as well as information we collect through emails, meetings, security checks, and job interviews. We also gather information from publicly accessible sources and internally within our company.

Relevant personal data includes:

  • Master data (e.g. name, title, academic title, gender, date and place of birth, nationality, private contact data (address, telephone number, e-mail address), residence and work permits, copies of official identification, photos, language skills, next of kin and their contact data), 

  • Interview data (e.g. application and CV, references, results of security checks (where applicable), information from an interview, references for specific groups (e.g. vocational training, dual training), test results or assessment center information), 

  • Health data (e.g. occupational health checks, illnesses, illness-related aids, disabilities) if provided by you within the context of your application, 

  • Tax relevant information, including:

    • religious affiliation from which religious and philosophical persuasions may be inferred, where provided by you within the context of your application, 

    • marital status (marriage or civil partnership) from which sexual orientation may be inferred, where provided by you in the context of your application.

  1. The purpose of the processing 

The purpose of processing is to conduct the application process and select candidates. This includes assessing your application and determining your suitability for the job. It also includes complying with legal obligations. In some cases, it may also be necessary for the assessment of your fitness for work and the processing of other sensitive information such as your religious beliefs, political opinions, health data or sexual orientation. 

  1. On what legal basis do we process your data? 

In order to carry out the application process and to decide on the establishment of an employment relationship, we process personal data on the basis of Section 26 (1) (1) German Federal Data Protection Act (BDSG), where necessary, in order to assess your suitability for work on the basis of Section 22 (1) (1) (c) BDSG. 

Where applicable, we process other special categories of personal data to exercise rights or fulfil legal obligations arising from employment law (e.g. the employer's right to ask questions) pursuant to Section 26 (3) BDSG (i.e. information from which racial or ethnic origin, political opinions, religious or philosophical convictions, as well as health data or data from which sexual orientation can be deduced).

We will also process personal data to protect our legitimate interests if we become involved in a judicial or extrajudicial dispute with rejected applicants on the basis of Art. 6(1)(1)(f) of the General Data Protection Regulation (GDPR). Our legitimate interest is the establishment, exercise or defense of legal claims. If special categories of personal data have to be processed for this purpose, this will be done on the basis of Art. 9(2)(f) GDPR.

  1. Requirement or obligation to provide data: 

Unless expressly stated, the provision of your data is not required or obligatory.

  1. How long do we store your data?

The length of time your personal data is on file is dependent on the outcome of the application process. 

If an employment relationship is established, we will process and store your personal data for the duration of your employment, including the termination of your employment.  We will inform you separately about further processing in this case.

If we reject your application, the application documents will be automatically deleted no later than six months after notification of the rejection decision. 

This is to comply with the evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungs (AGG) or other legal disputes.

Should a legal dispute actually arise, we will store your personal data for at least the duration of the proceedings and thereafter in order to comply with various retention and documentation obligations arising from, among other things, the German Commercial Code (HGB) and the German Fiscal Code (AO). These stipulate retention and documentation periods of up to ten years.

If we store your personal data based on your consent, e.g. to inform you of open positions, we will process your data until you revoke your consent or we no longer consider their storage to be necessary. In the latter case, we will notify you about the erasure thereof.

Specific information for application in the United Kingdom or Spain

If you apply for a job listing in the United Kingdom or Spain, we will retain your data to in alignment with the corresponding UK / Spanish laws.

  1. To whom do we transfer your data? 

We employ service providers as processors, which may process your personal data on our behalf. The service providers used are the following categories of recipients:

  • HR management software provider

  • Task and project management provider

  • Documentation and wiki provider

  • Office Suite providers

  • Hosting service providers

  • IT service providers

  • Companies in the Fastic group the provide services.


In addition, we will share your personal data with the following recipients and/or categories of categories who act as data controllers within the meaning of data protection law:

  • Companies within the Fastic Group

  • External advisors to Fastic (e.g. lawyers, tax advisors and auditors)

  • Authorities within the scope of their responsibilities (e.g. tax office, police, public prosecutor)

  • Courts,

  • other third parties to whom you instruct us to disclose data or who have given us their consent to do so.

  1.  Is my personal data transferred to third countries?

Data is transferred to countries outside the European Economic Area (Third Countries), namely:

  • United Kingdom, based on the adequacy decision of the European Commission,

  • United States of America, based on Standard Contractual Clauses 

You can obtain from us a copy of the specific applicable or agreed provisions to ensure an adequate level of data protection. To do so, please use the information in the contact section.

Information for UK residents:

Data is transferred to countries outside the United Kingdom. 

We only transfer personal data to third countries where the Secretary of State has confirmed an adequate level of protection or where we can ensure the careful handling of personal data through contractual agreements or other suitable guarantees, such as certification or proven compliance with international security standards.

Data transfer to countries within the EEA is based on the adequacy regulations.

Data transfer to the USA is based on the ICO proposed changes to the Standard Contractual Clauses.

You can obtain from us a copy of the specific applicable or agreed provisions to ensure an adequate level of data protection. To do so, please use the information in the contact section.


  1. Specific Information for the use of online application

  1. Processing of additional categories of personal data

When you use or apply through our Recruiting page, we will in addition to the data specified above, process the personal data that your browser transmits: 

  • IP address

  • Date and time of the request

  • time zone difference to Greenwich Mean Time (GMT)

  • Content of the request (page visited)

  • Access status/HTTP status code

  • amount of data transferred

  • previously visited page

  • Browser

  • operating system

  • language and version of the browser software.


  1. Server logs

Every time this Recruiting page is accessed, general log data, so-called server logs, are automatically recorded.

The processing of the log data serves statistical purposes and the improvement of the quality of our website, in particular the stability and security of the connection (legal basis is Art. 6(1)(1)(f) GDPR).

  1. Recipients

In addition to the recipients specified above, we transfer personal data to the following processors:

  • Personio GmbH & Co. KG, Rundfunkplatz 4 80335 Munich, Germany and its subprocessors

  1. As a data subject, you have the following rights:

  • to request information on the processing of your data and to receive a copy of your personal data. You can request information on, among other things, the purposes of the processing, the categories of personal data processed, the recipients of the data (if a transfer is made), the duration of the storage or the criteria for determining the duration;

  • to receive the personal data concerning you in a structured, common and machine-readable format or to transmit it to another person in charge

  • to correct your data. If your personal data is incomplete, you have the right to complete the data, taking into account the purposes of the processing;

  • have your data deleted or blocked;

  • to have the processing restricted;

  • to object to the processing of your data;

  • to revoke your consent to the processing of your data for the future, and

  • complain to the competent supervisory authority about unauthorized data processing.


Status of the data protection declaration: 2023-02-01 

We will adjust the information if our processes change.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.