DATA PROTECTION

1. NAME AND CONTACT DETAILS OF THE PERSON RESPONSIBLE FOR PROCESSING

This privacy information applies to data processing by:
Responsible party: VIAOPTIC GmbH, Am Leitz - Park 1, D - 35578 Wetzlar, Germany.
Email: info@viaoptic.de; phone: +49 (0) 6441-9011-0

1.2 CONTACT TO THE DATA PROTECTION OFFICER

You can reach the data protection officer at:

Mike Plasberg
Am Leitz-Park 1
35578 Wetzlar
Tel.: 06441 9011-59
E-Mail: plasberg@viaoptic.de

2. COLLECTION AND STORAGE OF PERSONAL DATA AND THE NATURE AND PURPOSE OF THEIR USE

When you visit our website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

• IP address of the requesting computer,
• Date and time of access,
• duration of the session
• Name and URL of the accessed file,
• website from which the access was made (referrer URL),
• browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The aforementioned data are processed by us for the following purposes:

• Ensuring a smooth connection setup of the website,
• Ensuring a comfortable use of our website,
• evaluation of system security and stability, and for other administrative purposes.

The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. f DSGVO. Our legitimate interest follows from the purposes for data collection listed above. In no case do we use the collected data for the purpose of drawing conclusions about your person.

3. TRANSFER OF DATA

We do not transfer your personal data to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:
you have given your express consent to do so in accordance with Art. 6 (1) p. 1 lit. a DSGVO,
the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6 para. 1 p. 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
in the event that there is a legal obligation for disclosure pursuant to Art. 6 (1) p. 1 lit. c DSGVO, as well as
this is legally permissible and necessary according to Art. 6 para. 1 p. 1 lit. b DSGVO for the processing of contractual relationships with you.

4. COOKIES

We use cookies on our site. These are small files that are automatically created by your browser and stored on your end device (laptop, tablet, smartphone or similar) when you visit our site. Cookies do not cause any damage to your end device, do not contain viruses, Trojans or other malware.
In the cookie, information is stored that arises in each case in connection with the specific end device used. This does not mean, however, that we gain direct knowledge of your identity.
The use of cookies serves on the one hand to make the use of our offer more pleasant for you. For example, we use so-called session cookies to recognize that you have already visited individual pages of our website. These are automatically deleted after you leave our site.
In addition, we also use temporary cookies to optimize user-friendliness, which are stored on your terminal device for a certain fixed period of time. If you visit our site again to use our services, it is automatically recognized that you have already been to our site and which entries and settings you have made so that you do not have to enter them again.
On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer for you (see section 5). These cookies enable us to automatically recognize that you have already been to our site when you visit it again. These cookies are automatically deleted after a defined period of time.
The data processed by cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) p. 1 lit. f DSGVO.
Most browsers accept cookies automatically. However, you can configure your browser so that no cookies are stored on your computer or a notice always appears before a new cookie is created. However, the complete deactivation of cookies may mean that you cannot use all the functions of our website.

In this context, the data will not be passed on to third parties. The data is processed exclusively within the scope of the named purpose - for sending an offer and contacting us by telephone. The legal basis for the processing of data transmitted in the course of sending an e-mail is the implementation of pre-contractual measures or a contract pursuant to Art. 6 para. 1 lit. b DSGVO or your consent given to us pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO. Your personal data will generally be deleted as soon as they are no longer required to achieve the purpose for which they were collected. The personal data collected for the purpose of obtaining an offer will be deleted as soon as the offer has been sent and a timely telephone contact with you has taken place or was unsuccessful. Continued processing only takes place if it is necessary in the context of a resulting initiation and execution of a contract or for the fulfillment of resulting contractual purposes.

5. MATOMO

Based on our legitimate interests, we use the service "Matomo" for the optimization and analysis of our online offer within the meaning of Art. 6 para. 1 lit. f. DSGVO the service "Matomo", which is offered by InnoCraft Ltd (150 Willis St, 6011 Wellington, New Zealand, NZBN 6106769).
We have set Matomo so that neither "cookies" are used and IP addresses are only processed in abbreviated form in order to limit direct personal reference. The collected information is only sent to our server in Germany and stored there, so that technically no third country transfer takes place. The collected data is used to evaluate the use of our online offer by individual users, e.g. to create reports about the activity on the website in order to improve our online offer.
For more information, please visit: matomo.org/matomo-cloud-privacy-policy

6.ONLYFY

VIAOPTIC GmbH uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data.
onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet. On or respectively via onlyfy one, companies can, for example, publish job ads, identify interesting talented individuals (where applicable including from the XING professional network), receive and manage applications, and enter into dialogue with talented individuals and applicants. New Work SE supports this coming together of talented individuals and companies on and via onlyfy one. This takes place through, for example, talented individuals being recommended and displayed in the business customer’s company account, as well as through the generation and provision of recruitment-relevant information and analysis based on data that New Work SE processes in onlyfy one and, where applicable, in other XING applications or outside them.

Shared responsibility
With regard to interaction within the company account of VIAOPTIC GmbH, VIAOPTIC GmbH and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.

Data processing by New Work SE
With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with [company name], detailed information is available in the Privacy Policy of onlyfy one (by XING) at https://privacy.xing.com/de/datenschutzerklaerung. You will also find contact details for New Work SE, as well as for the New Works SE data protection officer there.

Pausing your application
You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of VIAOPTIC GmbH in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to VIAOPTIC GmbH only.

Visibility of your data
The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.

Notes on the special functions of onlyfy one
Calendar function
If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: cronofy.com/gdpr and docs.cronofy.com/policies/privacy-notice.

7. ONLYFY - Data processing by VIAOPTIC GmbH

The following provides information from VIAOPTIC GmbH regarding data processing, for which VIAOPTIC GmbH is solely responsible or responsible within the scope of shared responsibility with New Work SE.
Transparency and reliable handling of your personal data is a key basis for good collaboration. We therefore tell you how we process your data, and how you can protect your rights to which you are entitled pursuant to the General Data Protection Regulation (GDPR). The following information will give you an overview of the collection and processing of your personal data in relation to execution of the application process. Please read this Privacy Policy carefully before applying to us.

7.1. Data protection contact

If there are any questions on data processing, please contact: Company e-mail address or Customer’s data protection officer e-mail address

7.2. What is personal data?

Pursuant to Article 4 (1) GDPR, personal data is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

7.3. Which data is processed?

The following data and data categories are processed to execute the application process:

Applicant master data (first name, last name, title, e-mail address, phone number, postal address, date of birth, nationality)
Qualification data (cover letter, motivation letter, CV, current work, specialist qualifications and skills)
Voluntary information, such as application photo, details of any disabilities or other information that you can provide or upload voluntarily in your application
Supplementary questions relating to the specific job ad (e.g. driving licence, nationality)
Communication between you and us, as well as comments and assessments made relating to you in the course of the application process
Other data/data categories, e.g. publicly accessible, job-related data such as a profile on professional social media networks like XING or LinkedIn (can be adapted by the Customer if necessary)
Special categories of personal data: If you provide information in your application documents which contains special categories of personal data pursuant to Article 9 (1) GDPR (e.g. information which reveals your sexual orientation; information on your health; information that reveals your ethnic origin or religion), we will also process this data within the legally permitted limits only.

7.4. For what purpose do we process your data and on what legal basis?

Data processing for the purposes of the employment relationship

Your personal data is processed for the purposes of selecting people to fill open positions, i.e. to initiate an employment contract. The necessity and scope of the data collection is assessed according to factors such as the position to be filled. More extensive data collection may be required if the position you are applying for involves performing particularly confidential work that carries considerable personal and financial responsibility, or is linked to certain physical and health requirements. Your data can also be used to remind you to complete your application. The legal basis is Section 26 (1) Federal Data Protection Act (Bundesdatenschutzgesetz, “BDSG”).

Consent – Article 6 (1)(a) and Article 9 (2)(a) GDPR, Section 26 (2) BDSG

If you have declared that you freely consent to the processing of specific personal data, then this consent shall form the legal basis for processing of this data.

In the following cases (may have to be adapted by the Customer) we process your personal data based on consent you have granted:

For a longer data storage period for our company, i.e. we store the application documents in our company account beyond the current application process for consultation during later application processes performed by our company.
To be completed by the company: if necessary, further processing based on consent (e.g. forwarding documents to other Group companies/Group-wide applicant pool,sending feedback surveys). The data that you have already provided in the application process is processed.
If we base data processing on your consent, you shall have the right to withdraw your consent at any time with effect for the future. The withdrawal should be sent by e-mail to info@viaoptic.de . The lawfulness of processing your data up to withdrawal of consent shall remain unaffected.

Data processing based on legitimate interest – Article 6 (1)(f) GDPR

In certain cases, we process your data to protect our legitimate interest or that of third parties. A legitimate interest shall exist, for example, if your data is required for the establishment, exercise or defence of legal claims as part of the application process (e.g. claims pursuant to the General Equal Treatment Act). In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.

Feedback surveys

To optimise our application processes and make improvements as an employer, we provide you with an option to submit your personal feedback. To facilitate this, we will send (with prior consent – to be adapted by the Customer) a feedback survey to the e-mail address you have supplied. If you participate in the survey, onlyfy one (see point 5 “To whom is your data disclosed?”) will record the feedback, job title, and location of the position, as well as the job category and, if necessary, the type of job for which you have applied. This information is then sent to kununu and any other verified assessment platforms, and published there without giving your name. However, please remember that others, for example your employer, may be able to identify you based on information you provide in the published feedback.

7.5. To whom is your data disclosed?

Your data is mainly processed by our HR department. However, internal and external offices are sometimes involved in processing your data.

Internal offices may include divisions, departments or the works council of our company.

We use New Work SE as an external service provider. New Work SE, Strandkai 1, 20457 Hamburg operates onlyfy one, the online platform on and through which we bring together talent and companies. More information on onlyfy one is set out above.

When you apply via onlyfy one, your personal data is recorded directly in onlyfy one. If you apply by post or e-mail, we may also transfer your data into onlyfy one.

7.6. How long will your data be kept in our onlyfy one company account?

We store your personal data for as long as we need it to make a decision regarding your application. Even if no employment contract is concluded between us, we may still retain data if it is required to defend against possible legal claims. Your data is normally erased within [six] months following the end of the application process for our company.

If no employment contract is concluded, but you have granted your consent to continued storage of your data (“applicant pool of [company name]”), we store your data until your consent is withdrawn, but for no longer than [three] further years. If specific circumstances demand it, we can also store your data for a longer period for the purposes of defending against possible legal claims.

If you withdraw your application before the end of the application process, i.e. erase your data and account, the stored data is made unavailable for the remainder of the current application process, and is erased at the end of [six] months following the end of the application process for our company.

Unless you make further changes to your candidate profile, such as completing a current application, starting a new application, or amending the data in an existing application, your data will be erased within [six] months following the end of the last active application process for our company.

If you are no longer using your candidate profile and have not granted consent to a longer data storage period in our applicant pool, the data will be erased within [six] months following the end of the application process for our company.

You can create an erasure request for your candidate profile and application documents at any time. After the erasure request has been created, you will be informed of the exact erasure date, and your data will be erased according to the set terms of this Privacy Policy. (may have to be adapted by the Customer)

7.7. Which rights are you entitled to in relation to the processing of your data?

You can demand information on whether we have stored your personal data. If you wish, we can tell you which data this concerns, for what purpose the data is processed, to whom this data is disclosed, for how long the data is stored, and the other rights that you are entitled to in relation to this data.

Furthermore, you also have the right to rectification or erasure of your data. You can also demand that we give you or a person or company of your choice access, in a structured, commonly used, machine-readable format, to all personal data that you have provided to us.

You also have the right not to be subject to decision-making based solely on automated processing, including profiling, which produces legal effects concerning you. We do not use solely automated processing to help make decisions during the application process.

You also have the right to object at any time on grounds relating to your particular situation, to processing of personal data concerning you on the basis of Article 6 (1)(e) GDPR (data processing in the public interest) or Article 6 (1)(f) GDPR (data processing to protect a legitimate interest); this shall also apply to profiling based on this provision. In the event that you object, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing is required for the establishment, exercise or defence of legal claims.

Furthermore, you have the right to lodge a complaint with a supervisory authority for data protection.

To exercise your rights, you can send an e-mail to [e-mail address of the company or Customer’s data protection officer]. We shall process your enquiries promptly and in accordance with legal requirements, and tell you which measures we have implemented or will implement.

7.8. Is there any obligation to provide your personal data?

The provision of personal data is neither legally nor contractually required, nor are you obliged to provide personal data. However, the provision of personal data is required for execution of the application process. This means that if you do not provide us with personal data in your application, we will not be able to perform the application process.

8. DATA SUBJECT RIGHTS

You have the right

• In accordance with Art. 15 DSGVO, to request information about your personal data processed by us. In particular, you can request information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, and the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details;
• pursuant to Art. 16 DSGVO, to request the correction of incorrect or incomplete personal data stored by us without undue delay;
• pursuant to Art. 17 DSGVO, to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
• pursuant to Art. 18 DSGVO, to request the restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you object to its erasure and we no longer require the data, but you need it for the assertion, exercise or defense of legal claims or you have objected to the processing pursuant to Art. 21 DSGVO;
• pursuant to Art. 20 DSGVO, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller;
• in accordance with Art. 7 (3) DSGVO, to revoke your consent once given to us at any time. This has the consequence that we may no longer continue the data processing, which was based on this consent, for the future; and
• complain to a supervisory authority in accordance with Art. 77 DSGVO. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose.

9. RIGHT OF OBJECTION

Insofar as your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) p. 1 lit. f DSGVO, you have the right to object to the processing of your personal data pursuant to Art. 21 DSGVO, insofar as there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
If you would like to make use of your right of revocation or objection, it is sufficient to send an e-mail to info@viaoptic.de

10. DATA SECURITY

Within the website visit, we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level supported by your browser. As a rule, this is a 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether an individual page of our website is encrypted by the closed key or lock symbol in the lower status bar of your browser.
We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

11. UPDATE AND AMENDMENT OF THIS PRIVACY POLICY.

This data protection declaration is currently valid and has the status July 2023.
Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy. The current data protection declaration can be accessed and printed out by you at any time on the website.