Privacy policy of the STF Group

Data protection information of the STF Group

We, the STF Group, take protection of the personal data provided to us very seriously. Special attention to privacy when processing this data is an important concern for us.

The EU GDPR and the new German Federal Data Protection Act (BDSG) impose several sensible obligations on us to ensure the protection of your data during processing. We are happy to fulfill these obligations.

Below we explain which of your data we process, for what purposes and what rights you have in this regard.

The website operator, whose contact details can be found in the website’s legal notice, is responsible for data collection on this website.

 

Notes on the use of our homepage

Use of this website by children: This website is not intended for persons under the age of 18. If you are under the age of 18, you may not register on this website or use this website.

 

What data is collected when you visit our website?

We collect the data you provide to us, e.g. by sending us your data via the contact form.

We also collect your data through our IT systems when you visit our website. This is primarily technical data, such as your internet browser, operating system or the time the page was accessed.)

 

What do we use your data for?

Some of the data is collected to ensure that the website is provided without errors. Other data may be sent to analyze your user behavior.

 

What rights do you have regarding your personal data?

You have the right to receive information free of charge at any time about the origin, recipient and purpose of your stored data. You also have the right to request the correction, blocking or deletion of this data. Please contact datenschutz@stf-gruppe.de for this purpose. You also have the right to lodge a complaint with the competent supervisory authority for data protection.

 

Rights of data subjects

You can obtain information from STF at any time about which personal data STF processes about you (in accordance with Article 15 GDPR) and request the correction (in accordance with Article 16 GDPR) or deletion (in accordance with Article 17 GDPR) of this personal data. The restrictions under § 34 and § 35 Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) apply to the right of access and the right to erasure. Please note, however, that STF can only delete your personal data if there is no legal obligation to retain it or if STF has no overriding right to retain it.

If STF uses your personal data based on your consent or for the performance of a contract with you, you may also request from STF a copy of the personal data that you have provided to STF. Please send your request to the e-mail address below, specifying the information or processing activities to which your request relates, the format in which you would like this information, and whether the personal data should be sent to you or to another recipient. STF will carefully study your request and clarify with you how it can best be fulfilled.

Furthermore, you may request that STF restricts the further processing of your personal data in the following cases:

• If you claim that the personal data STF holds about you is incorrect (but only for as long as STF needs to verify the accuracy of the personal data in question),
• If there is no legal basis for the processing of your personal data by STF and you request stopping the processing of personal data by STF,
• If STF no longer needs your personal data but you assert that STF must continue to store this data so that you can assert or exercise legal claims or defend against third-party claims, or
• If you object to the processing of your personal data by STF (based on STF’s legitimate interest as described in Section B below), for as long as the verification of STF’s overriding interest in processing your personal data or a legal retention obligation requires.

Please direct all inquiries under this section to Datenschutz@stf-gruppe.de.

 

Right to lodge a complaint (pursuant to Article 77 GDPR in conjunction with § 19 BDSG)

If you believe that STF is not processing your personal data in accordance with the requirements described herein or with the data protection laws applicable in the EEA, you can lodge a complaint at any time with the data protection authority in your country of residence or with the data protection authority of the country or federal state in which STF has its registered office. You can find a list of supervisory authorities here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

 

Name and contact details of the controller

The controller pursuant to Art. 4 No. 7 of the General Data Protection Regulation (hereinafter: “GDPR”) is:

STF Gruppe GmbH, Wierlings Esch 14, 48249 Dülmen (“STF”) represented by the management. The person responsible for the STF Group is available at info@stf-gruppe.de

 

Data protection officer

Dennis Esser

Wierlings Esch 14

48249 Dülmen

The above-mentioned entity is responsible for data protection.

The data protection officer for the STF Group is available at datenschutz@stf-gruppe.de.

 

Use of cookies (basis: needs-based design of the website in accordance with Art. 6 (1) (f) GDPR)

We use cookies – small files with configuration information. They help to determine user-specific settings and implement special user functions. We do not collect any personal data via cookies. You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

Further information on the use of cookies can also be found here: https://www.stf-gruppe.de/cookie-richtlinie-eu/

 

Server log files (basis: processing of data for the performance of a contract or pre-contractual measures pursuant to Article 6(1)(b) GDPR)

The provider of the pages automatically collects and stores data in so-called server log files, which your browser automatically transmits to us. These are

• Browser type and browser version
• Operating system used
• Host name of the accessing computer and time of the request
• IP address
• Referrer URL

 

Contact form (legal basis: consent in accordance with Article 6(1)(a) GDPR)

If you send us your personal data (contact details) via our contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry. We will not pass on this data without your consent. You can revoke your consent at any time. All you need to do is send an informal email to datenschutz@stf-gruppe.de . The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.

 

Conversion measurement with Facebook’s visitor action pixel (basis: needs-based design of the website in accordance with Art. 6 (1)(f) GDPR)

Our website uses the visitor action pixel of Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA to measure conversions. This allows the behavior of site visitors to be tracked after they have been redirected to the provider’s website by clicking on a Facebook ad. This allows the effectiveness of Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimized. The data collected is anonymous to us as the operator of this website; we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with the Facebook Data Usage Policy. This enables Facebook to place advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator. You can find further information on protecting your privacy in Facebook’s privacy policy: https://www.facebook.com/about/privacy/. If you are a Facebook member, you can also use the “Custom Audiences” remarketing function in the Ads Settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screendeaktivieren. If you do not have a Facebook account, you can deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

Leadinfo usage

We use the lead generation service of Leadinfo B.V., Rotterdam, Netherlands. This recognizes visits from companies to our website based on IP addresses and shows us publicly available information, such as company names or addresses. In addition, Leadinfo sets two first-party cookies to evaluate user behavior on our website and processes domains from form entries (e.g. “leadinfo.com”) in order to correlate IP addresses with companies and improve the services. Further information can be found at www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. If you opt out, your data will no longer be collected by Leadinfo.”

 

Google Looker Studio usage

Description and purpose

Our website uses Google Locker Studio. The provider is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Looker Studio is an online tool that collects information, visualizes it and summarizes it in reports/dashboards. This simplifies the analysis and presentation of online activities and allows us to evaluate and visualize larger amounts of data.

We use the service for marketing and optimization purposes. The comprehensive analysis enables us to improve our products and our website.

Legal basis

The legal basis for the processing of your personal data is Art. 6 para. 1 lit. a) GDPR.

Recipient

The recipient of your personal data is Google LLC. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA) and Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

Transfer to third countries

The personal data can be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) has been in place for the USA since July 10, 2023. Google LLC is certified in accordance with the EU-US Data Privacy Framework.

Duration of data storage

The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation

You have the right to withdraw your consent at any time, see Art. 7 (3) sentence 1 GDPR. This can be done informally and without giving reasons and is effective for the future. Withdrawal of consent does not affect the lawfulness of the processing carried out prior to withdrawal. Further information on this can be found above in our privacy policy under “Rights of data subjects”.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://policies.google.com/privacy?hl=de

Further information on the Google Looker Studio can be found here: https://support.google.com/looker-studio?sjid=5415458536943298194-EU#topic=6267740

 

Hubspot

Description and purpose

We use HubSpot (HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland) for our online marketing activities. This is an integrated software solution that we use to cover various aspects of our online marketing. These include, among other things:

Email marketing (newsletters and automated mailings, e.g. to provide downloads), social media publishing & reporting, reporting (e.g. traffic sources, access, etc.), contact management (e.g. user segmentation and CRM), landing pages and contact forms.

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information, as well as the content of our website, is stored on servers of our software partner HubSpot. We may use this information to contact visitors to our website and to determine which of our company’s services are of interest to them. All information collected by us is subject to this privacy policy. We use all the information collected solely to optimize our marketing efforts.

Legal basis

The legal basis for the processing of your personal data is Art. 6 (1)(a) (consent for live chat, newsletter and other performance measurements) and lit. f) GDPR. Our legitimate interest in using this service is to optimize our customer service and manage our contact data.

Recipient

The recipient of your personal data is HubSpot (2nd Floor 30 North Wall Quay, Dublin 1, Ireland).

Transfer to third countries

At present, we cannot rule out the possibility that personal data may be transferred to the United States of America. An adequacy decision (EU-US Data Privacy Framework) has been in place for the USA since July 10, 2023. The parent company Hubspot Inc. has a corresponding certification according to the EU-US Data Privacy Framework, which is why an adequacy decision exists for third-country transfers to the USA to HubSpot Inc.

Duration of data storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected. In addition, the data will be deleted if you assert your right to deletion within the meaning of Art. 17 (1) GDPR.

Revocation and objection

In the case of processing on the basis of Art. 6 (1) (a) GDPR, you have the right to withdraw your consent at any time, see Art. 7 (3) (1) GDPR. This can be done informally and without giving reasons and will take effect in the future. The withdrawal of consent shall not affect the lawfulness of the processing carried out until the withdrawal. Further information on this can be found above in our data protection declaration under “Rights of the persons concerned”.

In the case of processing on the basis of Art. 6 (1) (f) DSGVO, you have the right to object to the processing of your personal data at any time in accordance with Art. 21 (1) DSGVO. If you exercise your right, processing for this purpose will no longer take place. For more information, please refer to the section of our data protection declaration entitled “Rights of data subjects” above.

Contractual and legal obligation

There is no contractual or legal obligation to provide the data.

Further data protection information

Further information on the processing of your personal data can be found here: https://legal.hubspot.com/privacy-policy

 

XING plugin

Our website uses functions of XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Every time you access one of our pages that contains XING functions, a connection to the XING servers is established. To the best of our knowledge, personal data is not stored in the process. In particular, no IP addresses are stored and user behavior is not evaluated.
Further information on data protection and the XING Share button can be found in XING’s privacy policy at: https://www.xing.com/app/share?op=data_protection.

 

Google Analytics (Basis: demand-oriented design of the website according to Art. 6 (1) (f) DSGVO)

Google Analytics

This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files that are stored on your computer and that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transferred to a Google server in the USA and stored there.

IP anonymization

We have activated the IP anonymization feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser Plugin

You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You can also prevent the data generated by cookies about your use of the website (incl. your IP address) from being passed to Google, and the processing of these data by Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. Third-party information: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, email: support-deutschland@google.com.

Terms of service: www.google.com/analytics/terms/de.html, and privacy policy: www.google.de/intl/de/policies/privacy.

Demographic characteristics in Google Analytics

This website uses the “demographic features” function of Google Analytics. This allows reports to be created that contain information about the age, gender and interests of the site visitors. This data comes from interest-based advertising from Google and from visitor data from third-party providers. This data cannot be assigned to a specific person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section “Refusal of data collection”.

 

Google Web Fonts (Basis: needs-based design of the website, legitimate interest according to Art. 6 (1)(f) DSGVO)

Our website uses so-called web fonts, which are provided by Google, to ensure that fonts used on our website are uniform. When you access a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. To do this, the browser you use must connect to Google’s servers. This enables Google to know that our website has been accessed via your IP address. We use Google Web Fonts to present our online services in a uniform and attractive manner. If your browser does not support web fonts, a standard font installed on your computer will be used.

For more information about Google Web Fonts, please go to https://developers.google.com/fonts/faq and read Google’s privacy policy: https://www.google.com/policies/privacy/.

Links to other websites

This website may contain links to other websites (i.e. websites of companies that do not belong to the STF group). STF is not responsible for the data protection measures or the content of websites outside of the STF group. For this reason, we recommend that you carefully read the data protection declarations of these external websites.

SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as an enquiry that you send to us as the site operator using the contact form. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Security advice

We are committed to taking all technical and organizational measures to store your personal data in such a way that it is not accessible to third parties. We cannot guarantee complete data security when communicating by email, so we recommend that you send confidential information by post.

 

Information obligations according to Articles 13 and 14 GDPR

General information

The responsible body for www.stf-gruppe.de is: STF Gruppe GmbH, Wierlings Esch 14, 48249 Dülmen (“STF”) represented by the management. The data protection officer for the STF group is available at datenschutz@stf-gruppe.de.

 

What does STF do with my personal data?

STF processes the personal data covered by this data protection declaration exclusively as described herein. Further information can be found below in sections B and C. Insofar as the processing of your personal data is based on a statutory permission, section B below contains information on which personal data STF processes or uses for which purposes. Insofar as your consent is required for the processing of your personal data, you will find further information in section C below.

How long does STF process personal data?

Insofar as STF processes and uses your personal data on the basis of a statutory permission (see section B below) or within the scope of your consent (see section C below), STF will only store your personal data for as long as the purposes set out below require it (in the case of permanent employment, the data transmitted will be deleted if your application is rejected or if you receive a negative response, but no earlier than 7 months after the application process has ended. This does not apply if legal provisions prevent the deletion or if further storage is necessary for the purpose of providing evidence or if you have agreed to longer storage) or until you object to the use of your personal data by STF (insofar as STF has a legitimate interest in the use of your personal data) or until you revoke your consent (insofar as you have consented to the use of your personal data by STF). However, if a longer storage of your personal data by STF is mandatory by law or STF requires your personal data for the assertion of legal claims or defense against legal claims, STF stores your personal data until the expiry of the corresponding retention period or until the settlement of the claims.

If your application results in the conclusion of a contract, your data may be stored and used for the purpose of the usual organizational and administrative process, in compliance with the relevant legal provisions. Of course, you have the right to withdraw your application at any time.

 

Why do I have to provide personal data?

In principle, the granting of consent or the provision of personal data is completely voluntary. If you do not grant consent or provide personal data, this will generally not have any adverse effects on you. However, there are situations in which STF cannot take action without certain personal data, for example because this personal data is required to fulfill your request to contact us via our contact form. In such cases, STF will unfortunately not be able to provide you with what you want without the relevant personal data.

 

Where will my personal data be processed?

The STF Group processes data within the affiliated companies of the group and external service providers both within and outside the European Economic Area (“EEA”). Consequently, whenever you use or otherwise process your personal data for the purposes described in this privacy policy, STF may transfer your personal data to countries outside the EEA, including to countries where the level of data protection is not comparable to the level of data protection within the EEA. Such transfer is then subject to standard contractual clauses in accordance with EU Commission Decision 2010/87/EU or a subsequent version, in order to ensure protection of your personal data by a level of protection applicable in the EEA by way of a contract.

Rights of data subjects:

You can request information from STF at any time about which of your personal data STF processes, and request the correction or deletion of such personal data. Please note, however, that STF can only delete your personal data if there is no legal obligation to store it or if STF has no overriding right to store it.

If STF uses your personal data on the basis of your consent or for the performance of a contract with you, you can also request a copy of the personal data that you have provided to STF. Please send your request to the email address below, stating which information or processing activities your request relates to, in which format you would like to receive this information, and whether the personal data should be sent to you or to another recipient. STF will carefully review your request and discuss with you how it can best be fulfilled.

Furthermore, you can request that STF restrict the further processing of your personal data in the following cases:

• If you claim that the personal data STF holds about you is incorrect (but only for as long as STF needs to verify the accuracy of the personal data in question),

• If there is no legal basis for STF’s processing of your personal data and you request that STF no longer processes your personal data,

• If STF no longer needs your personal data, but you claim that STF must continue to store the data so that you can establish or exercise legal claims or defend against the claims of third parties, or

• If you object to STF’s processing of your personal data (based on STF’s legitimate interest as described in Section B below), for as long as is necessary to verify any overriding interest of STF in processing your personal data or to comply with any legal obligation to retain such data.

Please address all requests under this section to Datenschutz@stf-gruppe.de.

Right of appeal (pursuant to Article 77 GDPR in conjunction with § 19 BDSG):

If you believe that STF is not processing your personal data in accordance with the provisions described herein or with the data protection laws applicable in the EEA, you can file a complaint at any time with the data protection authority in your country of residence or with the data protection authority of the country or federal state in which STF has its registered office. A list of the supervisory authorities can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

Where does STF use my personal data on the basis of a legal permission (basis: performance of a contract in accordance with Article 6 (1) (b) GDPR)?

In the following cases, STF is permitted to process your personal data in accordance with the applicable data protection laws.

 

Initiation of a business relationship

Here: employment in a company of the STF Group – including the application process. By activating the check box, you explicitly consent to STF Placement GmbH collecting, processing and using the data you have transmitted to us for the purpose of processing your application. Your data will only be transmitted if you have confirmed your consent by activating the check box. The processing and storage of data may be necessary, for example, to establish, modify and process business relationships with customers. We then use this data to the extent necessary to enable us to fulfill our rights and obligations arising from the business relationship.

 

Forwarding your personal data to other companies within the STF Group:

STF may transfer your personal data to other companies in the STF Group. You can find a current list of the companies in the STF Group in Section A under Controller. In the event of a transfer, these companies will use your personal data for the same purposes and under the same conditions as described in Sections B and C.

 

Creation of statistics (basis: legitimate interest in accordance with Art. 6 (1) (f) GDPR):

In addition, we would like to point out that the data you provide may be used to create statistics about the (online) application process. These statistics are created exclusively for our own purposes and are never personalized, but in anonymized form.

Note on special categories of personal data:

We expressly point out that applications, in particular CVs, certificates and other data you provide us with, may contain special categories of personal data such as mental and physical health, racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of a trade union or political party or sex life. If you provide us with such information in your online application, you expressly consent to STF Placement GmbH collecting, processing and using this data for the purpose of processing your application. This data is processed in accordance with this data protection declaration and other relevant legal provisions.

This may include taking the necessary steps prior to entering into a contract, answering your related questions and any queries our employees may have.

STF may use your email address to inform you about changes in the application process and to send legally required messages and other announcements. As a rule, users cannot object to receiving such information, which is not marketing-related but only necessary for the respective business relationship. With regard to marketing-related types of communication (i.e. e-mails and telephone calls), STF will (i) only send you such information if you have given your consent, and (ii) give you the opportunity to object to the sending of further marketing-related types of communication. You can object at any time and free of charge at datenschutz@stf-gruppe.de.

Right to object (based on Article 21 GDPR):

You can object to the use of your personal data for the purposes described above at datenschutz@stf-gruppe.de. In this case, STF will cease to use your personal data for the purposes listed above (i.e. on the basis of a legitimate interest, as described above) and remove it from its systems, unless STF is permitted to use that personal information for another purpose set forth in this Privacy Policy or STF has an overriding legitimate interest in continuing to process your personal information and can demonstrate that interest.

 

Where does STF use my personal data on the basis of my consent (basis consent pursuant to Art. 6 (1) (a) GDPR?

In the following cases, STF will only use your personal data as described below if you have given your prior consent to the processing operations in question.

 

Forwarding your personal data to other companies within the STF Group:

STF may transfer your personal data to other companies in the STF Group. You can find a current list of the companies in the STF Group in Section A under Controllers. In the event of forwarding, these companies will use your personal data for the same purposes and under the same conditions as described in sections B and C.

Inclusion in a pool of applicants or freelancers: After you have given your consent, your data will be stored in a pool. The storage will be for a period of 2 years from the date of receipt of your declaration of consent. After this period has expired, your data will be deleted in accordance with data protection laws.

 

Revocation of consent given:

You can revoke your consent to the processing of personal data at any time and free of charge at: datenschutz@stf-gruppe.de. This also applies to the revocation of declarations of consent that were given to us before the EU Data Protection Basic Regulation came into force, i.e. before May 25, 2018. In the event of revocation, STF will no longer process the personal data to which the consent applied, unless STF is legally obliged to do so. Should STF be legally obliged to store your personal data, further processing of your personal data will be restricted accordingly and the data will only be stored for the legally prescribed retention period. However, the revocation has no effect on the past processing of personal data by STF up to the time of revocation. We would like to point out that even if consent is revoked, we may be able to continue data processing, possibly to a limited extent, on the basis of a statutory permission.

 

Privacy policy for the Softgarden careers page

The protection and confidentiality of your personal data is of particular importance to us. To ensure the protection of your personal data, we have taken technical and organizational measures to comply with data protection regulations. This privacy policy is to inform you about how we collect personal data as part of your application process and for what purpose the data is processed. Your data will be processed in accordance with this privacy policy and the applicable data protection regulations.

This data protection declaration applies to the career portal and the applicant management system of the STF group of companies – STF Gruppe GmbH

This data protection declaration also applies to the following companies:

STF Tele Consult GmbH

STF Placement GmbH

STF ENERGY GmbH

STF ITech GmbH

STF Verwaltung GmbH

STF Nexus GmbH & Co.KG

STF Swiss AG

Field.fx GmbH

STF Austria GmbH

STF Immobilien GmbH & Co.KG

Name and contact details of the controller

The controller pursuant to Article 4 (7) of the General Data Protection Regulation (hereinafter: “GDPR”) is:

STF Gruppe GmbH, Wierlings Esch 14, 48249 Dülmen (“STF”) represented by the management. The controller for the STF group is available at info@stf-gruppe.de.

 

Data Protection Officer

Dennis Esser

Wierlings Esch 14

48249 Dülmen

The above-named office is responsible for data protection.

The data protection officer for the STF group is available at datenschutz@stf-gruppe.de.

 

Contract processing

To ensure that our application process is carried out efficiently, we use an applicant management system provided by softgarden e-Recruiting GmbH, Tauentzienstr. 14, 10789 Berlin (contact: datenschutz@softgarden.de), which operates the applicant management system as a processor within the meaning of Art. 4 No. 8 GDPR. We have concluded a data processing agreement with the provider in accordance with Article 28 of the GDPR, which ensures compliance with data protection regulations.

We remain your first point of contact for exercising your rights as a data subject and for handling the application process. You can contact us directly using the details of the controller provided above or, if provided, you can contact the data protection officer in confidence.

 

Subject of data protection

The subject of data protection is the processing of personal data, in this case in the context of applicant management. According to Art. 4 No. 1 GDPR, this includes all information relating to an identified or identifiable natural person (hereinafter “data subject”) that is required for the application process and the initiation of an employment relationship, § 26 BDSG.

In addition, when using the applicant management system, data that is associated with the use of the system, known as usage data, is also collected. Usage data is data that is necessary to operate our websites, such as information about the start, end and extent of use of our website, including, for example, login data. This processing is carried out in accordance with data protection and telemedia regulations.

In the context of the application process and/or use of the system, processing activities may also take place that are carried out either on the basis of a legitimate interest in accordance with Art. 6 (1) (f) GDPR or on the basis of your consent in accordance with Art. 6 (1) (a) GDPR. Processing activities that are carried out in order to comply with a legal obligation or for reasons of public interest may also be considered, Art. 6 (1) (c) and (e) GDPR, such as in the context of criminal prosecution or investigations by government agencies. You can determine and control the extent of the processing yourself by means of individual settings in your web browser, the configuration of the corresponding cookie settings and your user behavior.

 

Collection and use of your data

Visiting the website

For operational and maintenance purposes, as well as in accordance with the provisions of telemedia law, interactions are recorded (“system logs”) that are necessary for the operation of the website or processed for the purposes of system security, for example to analyze attack patterns or illegal usage behavior (“evidence function”).

Your internet browser automatically transmits the following data when accessing the careers portal:

• Date and time of access,
• browser type and version,
• operating system used,
• amount of data sent.
• IP address of access

These data are not used for direct assignment in the context of applicant management and are deleted in a timely manner in accordance with the legitimate retention periods, unless longer retention is required for legal or factual reasons, such as for evidence purposes. In individual cases, storage for the stated purposes may be considered. The legal basis is Art. 6 (1) (f) GDPR and telemedia law.

 

Session cookies

We store so-called “cookies” to offer you a wide range of functions and to make using our websites more convenient. “Cookies” are small files that are stored on your computer with the help of your internet browser. If you do not want ‘cookies’ to be used, you can prevent them from being stored on your computer by adjusting the settings of your internet browser accordingly. Please note that this may limit the functionality and range of functions of our offer.

We use the JSESSIONID cookie on the careers page as a technically necessary session cookie. This stores a so-called session ID, which can be used to assign various requests from your browser to the shared session. This enables your computer to be recognized when you return to our website. This session cookie is deleted when you log out or close your browser.

 

Data entered by the user (Application process)

As part of the application process, you can set up and manage an account in the careers portal after configuring your username and password. In addition to the individual application, you can use further options in the softgarden applicant management system and make your individual settings (e.g. inclusion in a talent pool).

To ensure that your application is efficient and promising, you can provide us with the following information as part of your application:

• Contact details (address, telephone number)
• Curriculum vitae data, e.g.
  • school education
  • vocational training
  • professional experience
  • language skills
• profiles in social networks (e.g. XING, LinkedIn, Facebook)
• documents related to applications (application photos, cover letters, certificates, references, work samples, etc.)

The legal basis for processing for the purposes of conducting the application procedure and initiating an employment relationship is § 26 (1) BDSG. In addition, the use of the applicant management system by the controller is in the legitimate interest in accordance with Art. 6 (1) (f) GDPR. If consent is required for a specific processing activity within the meaning of Article 6(1)(a), this will be obtained separately and transparently from you by the controller, unless it is clear from your conclusive and voluntary behavior, such as voluntary participation in a video interview.

 

Disclosure of data

Your data will not be passed on to unauthorized third parties as part of the application management process and will be processed for the purposes stated in this data protection declaration. For example, internal departments and line managers of the data controller may inspect the data in the legitimate interest, provided that knowledge of the information from the application process is necessary and permissible for the selection of applicants or for internal administrative purposes of the company. For this purpose, your information may be forwarded by e-mail or within the management system to third parties within the company. The legal basis for this may be § 26 para. 1 BDSG, Art. 6 para. 1 lit. f) and a) GDPR.

As part of the application process, personal data (surname, first name, country of residence) may also be passed on to the operators of the website https://www.opensanctions.org/ by entering the above personal data in the search mask on the website https://www.opensanctions.org/. The legal basis for the transfer is Art. 6 para. 1 lit. f) GDPR. Our legitimate interest lies in checking whether there are any security-related sanctions against applicants, e.g. due to criminal prosecution. This is necessary for us to ensure safety in the company and thus to fulfill our contractual obligations to our customers.

Disclosure to third parties also takes place in the context of order processing in accordance with Art. 28 GDPR, and thus in the context of processing activities in which the controller has a legitimate interest in outsourcing processing activities that it would otherwise be entitled to carry out itself. For this purpose, the controller shall take measures to ensure compliance with data protection provisions.

Disclosure to external third parties may also be made in defense of legal claims based on legitimate interest or in the course of investigation or disclosure to government agencies, to the extent required by law or where there is an obligation to disclose. The information obligations towards data subjects within the meaning of Art. 13, 14 GDPR are ensured in advance of the disclosure in question, insofar as these are to be fulfilled separately.

 

Feedback module

setting to ask for your feedback. We will send you an invitation link that will take you to the rating system for submitting your feedback. The purpose of the processing is to further develop and optimize our recruiting and application processes as well as our corporate image.

For this purpose, the following data is automatically processed:

• Contact details (name, email)
• Job title of the position for which you applied
• Location of the position
• Job category
• Applicant ID

The feedback itself is stored anonymously in the database. No personal reference is made. In addition to a star rating of individual questions, you have the opportunity to leave comments here. We expressly ask you not to leave any personal data in the comment. The information collected in this way may be displayed on our rating page together with your feedback or transmitted to external partners such as kununu.

Participation is purely voluntary and only takes place with your consent, without which it is not possible to submit feedback. The legal basis is Art. 6 (1) sentence 1 lit. a) GDPR.

 

Job subscription

To be informed about new job offers, you can subscribe to the job newsletter or have suitable positions at our company displayed on the career board (RSS feed). You can further customize your subscription by specifying the desired job and location.

To subscribe, you must also provide your email address. The legal basis for this is your consent to receive the newsletter in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent to receive the newsletter at any time via the unsubscribe link in the newsletter (opt-out).

No personal data is processed via the RSS feed itself to provide information about new job ads.

 

Softgarden Network

To make it easier and more efficient to manage your applications, softgarden offers you the opportunity to register for the softgarden network and create an account for this purpose. The softgarden network is a cross-client talent pool from softgarden.

You can configure your network account individually and also view the status of your applications. You can store the following information:

• Title, surname, first name, date of birth
• Profile picture
• Contact details (including email address and telephone number)
• Application documents (e.g. CV, education, professional experience, language skills)
• job-related interests (job category, career level and preferred location)

The legal basis for creating the softgarden network account is your consent, Art. 6 para. 1 lit. a) GDPR. Further information about the softgarden network can be found here: https://softgarden.de/unternehmen/datenschutz-network/.

Referral Manager

The Referral Manager tool allows recruiters and employees to share job vacancies in our company with friends and acquaintances on social networks or by email in order to address potential applicants or make direct recommendations.

If you decide to apply for a job that has been directly or indirectly suggested, your personal data will be processed in the same way as in a regular application process. Your data will be regularly displayed to the responsible users and processed in the applicant management system. However, before you submit your application, you will be given the opportunity to view your application anonymously in the Referral Manager. This means that the person making the recommendation can only see that a person has applied on the basis of a recommendation. Otherwise, the name, position and application photo can also be viewed by the person making the recommendation in the Referral Manager.

The legal basis for processing your data for the purposes of recommendation and application is Art. 6 (1) (f) GDPR and § 26 para. 1 BDSG. The data is processed and deleted in the same way as in the regular application process.

 

Salary statistics module

softgarden will give you the opportunity to provide feedback on your salary expectations and the salaries offered to you at various stages of the application process. The information transmitted in this way is anonymized and processed without being linked to your name and contact details. softgarden processes this data anonymously for its own purposes (statistics, analysis, studies) and is the controller for this processing within the meaning of Article 4(7) GDPR.

The processing only takes place with your consent through participation and on a purely voluntary basis. The legal basis is Art. 6 (1) sentence 1 lit. a) GDPR.

 

Social Share Buttons

There is an option to share job ads on various social networks. Different buttons are offered for each network. After clicking on one of these buttons, you will be referred to the respective network and taken to the login page. These buttons are not plug-ins and do not transfer any personal data directly to the social network operators.

Currently, job ads can be shared on the following social networks:

• Facebook (https://de-de.facebook.com/privacy/explanation)
• Twitter (https://twitter.com/de/privacy)
• LinkedIn (https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy)
• Xing (https://privacy.xing.com/de/datenschutzerklaerung)

The legal basis for the statistical analysis and reach measurement of job ads is Art. 6 para. 1 lit. f) GDPR. A personal reference is not established.

You can also find out how the social networks mentioned process your personal data via the links provided. We have no influence on how the social networks process your personal data.

 

Online surveys

At the end of the application process, softgarden may send you an invitation to a survey via a link. The survey is conducted by easyfeedback GmbH to find out about the application experience. softgarden is the controller within the meaning of Article 4(7) GDPR and processes the collected data anonymously for its own purposes (statistics, analysis, studies) and to further develop softgarden products.

The collection of survey data is secured by default using the SSL encryption method and softgarden does not establish any personal reference during processing. The survey can be canceled at any time. The data processed up to the time of cancellation can be used for the purposes mentioned.

Your participation in the survey is purely voluntary and by participating you declare your consent, without which your participation is not possible, Art. 6 para. 1 lit. a) GDPR. The processing of the data is anonymized. Anonymized data are not subject to the material scope of the GDPR.

For more information about easyfeedback’s privacy practices, please see the following information: https://easy-feedback.de/privacy/datenschutzerklaerung.

 

Talent pool

As part of your application or by clicking the “Get in touch” button, you have the opportunity to recommend yourself for our talent pool. The processing is necessary in order to be considered for other job postings, including similar or otherwise suitable positions, in an automated manner.

When you register for the talent pool by clicking the “Get in touch” button, you will be asked to provide the following information:

• Form of address, academic title (optional)
• First name, last name, email address
• Job fields of interest
• Current career level
• Preferred location(s)
• XING profile or resume

Admission to the talent pool is purely voluntary and requires your consent and the use of an opt-in link. The legal basis is Art. 6 (1) lit. a) GDPR. Furthermore, we will write to you after 24 months to ask whether you still wish to be part of the talent pool.

 

Appointment scheduling/calendar integration “Cronofy”

We use an integrated service provided by Cronofy Limited, 9a Beck Street, Nottingham, NG1 1EQ, UK for the purpose of scheduling and inviting appointments.

If we invite you to an interview using this function, you will receive an appointment invitation created via Cronofy by email. This will include your email address as well as the title of the appointment, a description and a location where the appointment is to take place. No other personal data about you will be transmitted to Cronofy.

The legal basis for the processing is Art. 6 (1) (f) GDPR, in order to integrate appointment scheduling into our applicant management system and to plan and manage job interviews and other appointments more efficiently.

The data processing takes place encrypted in an isolated environment on a server in Germany. A data transfer to third countries (USA) cannot be excluded. Adequate security standards for data processing have been agreed with the provider and verified by the provider. Further information can also be found at the following link: Scheduling Platform for Business | Cronofy the scheduling experts

If you do not wish your data to be processed by Cronofy or would like more information, please let us know before you schedule your appointment.

 

Sanscreen

We use your data (first name, last name and, if applicable, address) to check against so-called sanctions lists. Sanctions lists are centrally created and maintained lists of persons, associations or companies against whom state economic or legal restrictions have been issued. Various regulations require us to check our business partners, suppliers and also our (potential) employees against these lists.

We use the “SANSCREEN” service provided by BEX Components AG, Gartenstraße 97, 73430 Aalen, Germany, to compare the sanctions lists. The first name, last name and (if available) address of each applicant are automatically transmitted to BEX Components AG. Our service provider for the applicant portal, softgarden e-recruiting GmbH, then receives the information in connection with a protocol ID as to whether there was a match on the sanctions lists, and integrates this into the respective applicant folder. Both service providers act as processors, are subject to our instructions and are obliged by the necessary contracts to ensure the confidentiality of the data.

The legal basis for this processing is (legitimate interest). We use the data only to ensure that you are not on any sanctions lists. We need this information to fulfill our legal obligations and to avert possible sanctions. This is also our overriding legitimate interest.

If you do not want your data to be used for a sanctions list comparison, unfortunately it is not possible to apply through this portal/to us.

Deletion and use of data

Your data will be stored for the duration of the application process and in accordance with the legitimate retention periods after the application process has ended. In doing so, data will be stored for 6 months after a rejection has been issued and for 6 months after hiring. After the retention period has expired, the data will be completely anonymized. The processing of anonymized data records is not subject to the material scope of the data protection provisions, so that anonymized data may be processed for statistical and analytical purposes, for the preparation of market studies or for product development.

 

Your rights as a data subject

Rights of data subjects

Data subjects are entitled at any time to know whether their personal data has been stored and may assert a right of access to stored data (right of access), check its correctness (right to rectification), request its supplementation and updating, request its deletion (right to be forgotten), request the restriction of its processing (right to restriction) and port the data in a common, machine-readable format or have it ported (data portability). These rights apply unless there are compelling and/or legitimate reasons on the part of the controller that prevent them. To do so, please contact datenschutz@stf-gruppe.de or write to us at the address given above.

In cases where we process data based on your consent (Art. 6 (1) (a) GDPR), you have the right at any time to revoke your consent without giving reasons and with effect for the future. The corresponding data processing will then no longer take place in the future, but this will not affect the lawfulness of the processing carried out up to the time of revocation. In addition, you have the right to object to processing, for example if the data is or was processed erroneously, or if other reasons in the interest of the data subject preclude (further) processing. Data subjects also have the right to complain to the supervisory authority responsible for data processing.
Please note that in the event of an objection and/or revocation, certain services/processing activities will not take place or cannot be used if processing is necessary for these purposes.

 

Automated decision-making

Automated decision-making does not take place. If necessary, we will ask for a transparent consent in advance of processing at the appropriate point.

 

Amendments to this privacy policy

We reserve the right to amend or supplement this data protection declaration at any time in view of the continuously changing legal, technical and organizational requirements for the processing of personal data. This also applies to any translation errors and differences with regard to national data protection requirements.

 

Version

Document ID: D404

Valid from: 13.12.2023

Rev. 5.0

As of: April 2025