The following Privacy Notice contains an overview regarding the data interpool Personal GmbH collects, how we use and share it, security measures interpool takes to protect your data and how you can exercise your privacy rights. Part 1 contains general information on data processing at interpool. Details on individual processing situations can be found in Part 2, namely information on the operation of our website in Part 2.1., on contacting us by e-mail and contact form in Part 2.2., on the operation of our applicant portal in Part 2.3 and on the social networks used in Part 2.4.
1. General Information
Name and contact information of the Data Controller and the Data Protection Officer
Please refer to our imprint for name and contact details of the Data Controller: https://www.interpool-hr.com/imprint/
You can reach the data protection officer at:
Phone: +49 (0) 40 609 44 190
General Information on Data Processing at our company
Compliance with the requirements of data protection law and the protection of your data are of particular concern to us. We only process personal data within the framework of data protection law and for the purposes specified in this framework. You can find these legal bases and purposes in the information on the individual processing situations.
Recipients of Personal Data
We process your personal data within the scope of the purposes stated here. For these purpose, we also use service providers as so-called data processors who, for example, provide IT systems. We select these service providers carefully with regard to their measures for the protection of personal data and regularly review these measures. We conclude data processing agreements with the service providers in order to impose obligations on the data processors to protect your data over and above statutory requirements. Where in individual cases we use service providers outside the EEA, we ensure that these service providers protect your personal data in such a way as is required under German and European law. For this purpose, we check whether there is an adequacy decision by the EU Commission that certifies adequate protection for the country in which the service provider is located; if this is not the case, we ensure adequate protection through contractual and technical measures. In particular, we use the so-called EU standard contractual clauses for this purpose.
We may also disclose your data to other data controllers, namely if you instruct us to do so, for example when applying for a job to the relevant employer or if we are legally obliged to do so.
Duration of Processing
We process your data as long as it is necessary for the purposes outlined here. Thereafter, we delete your personal data without delay. Insofar as there are retention obligations, for example for reasons of tax law, we await the relevant periods and then delete your personal data.
Your Rights as data subjects
Data protection law grants you a number of rights with regard to data relating to your person (so-called data subject rights). In general these are
- the right to obtain confirmation as to whether personal data relating to you is being processed by us and, if so, the right to access personal data we have stored about you (Art. 15 GDPR),
- the right to rectify inaccurate data (Art. 16 GDPR),
- the right to delete data that may no longer be stored (Art. 17 GDPR),
- the right to restrict the processing in certain cases (Art. 18 GDPR),
- the right to data portability, i.e. to transfer data they have provided in electronic form to you or to a third party (Art. 20 GDPR), and
- the right to revoke consent given, if applicable, with effect for the future (Art. 7 para. 3 GDPR). Please note that in the event of a revocation, we will continue to retain your consent. This is because even after revocation and deletion of your personal data, we must be able to prove consent. The legal basis for the (also continued) storage of consent is Art. 6 (1) (c) in conjunction with. Art. 5 (1) (a), (2), Art. 7 (1) GDPR and Art. 6 (1) (f) GDPR.
Furthermore, you can object to processing if it is based on legitimate interests (Art. 6 (1) (f) GDPR) or Art. 6 (1) (e) GDPR. You also have the right to lodge a complaint to a data protection authority. If you have any questions or complaints about data protection, we recommend, in the first instance, that you contact our data protection officer.
Please note there are legal requirements for the exercise of your rights which we must observe. Where this has an impact on exercising your rights, we will let you know.
Need to Provide Personal Data
You are under no obligation to provide us with personal data. However, if you decide not to do so, you may not be able to use our services, or you may only be able to use them to a limited extent. This applies, for example, to the use of the website or the mediation in application procedures.
We do not use your data for automated decision-making within the meaning of
Art. 22 (1) GDPR.
Amendments to the data protection declaration
2. Individual Processing Situations
2.1 Visiting the interpool website
When you use interpool’s online offering, interpool collects various personal data from you in order to enable you to visit the website and to provide its functionalities. When visiting interpool’s websites, you transmit personal data via your internet browser to our web server due to technical reasons. This is information including:
- Date and time of the request
- Name of the requested file
- Page from which the file was requested (Referrer URL)
- Access status (file transferred, file not found, etc.)
- Web browser, monitor resolution and operating system used, device type
- Complete IP address of the requesting computer
- Amount of data transferred
The justification for processing this data lies in our legitimate interests in presenting our company to the public and providing the technical functionalities of the website (Art. 6 (1) (f) GDPR). This also applies to the use of technically necessary cookies. Insofar as we use other cookies, this is only done with your express consent. In this case, the justification is based on your consent (Art. 6 (1) (a) GDPR).
2.2 Contact via e-mail or Contact Form
When you contact us by e-mail or via the contact form, we store your details (your name, e-mail address, telephone number if necessary) and process them in order to answer your questions and process your request. This information is used to specify your request and to improve the processing of your request. The provision of this information is expressly voluntary. The legal basis is either the fulfillment of a contractual obligation, measures to initiate a contract or our legitimate interest in providing a contact form (Art. 6 (1) (b) and (f) GDPR). You are under no obligation to contact us via the contact form or by e-mail or to provide any personal data. If you do not provide your personal data, we may not be able to process your request. Otherwise, there are no consequences for you.
2.3 Use of the applicant portal
When you use our applicant portal, interpool collects various data from you in order to consider you when filling vacancies. This concerns information that you provide in the applicant portal itself, such as
- Surname and first name
- E-mail address, telephone number and other contact details
- Application documents, such as certificates, CV, etc.
- If applicable, special categories of personal data, in particular health data
The justification for processing this data results from your consent or from the necessity to process your application and the obligation to you to do so.
Cookies are set on the applicant portal for pseudonymised measurement of reach. Cookies are small text files that are stored on your device. In particular, these are the following cookies:
|Storage of information about the source (e.g. LinkedIn) from which a candidate has accessed the applicant portal
|Until the end of the session
|Recording of consent to cookie use
|One year from the start of the session
These cookies are only installed if you agree and make this selection in our cookie banner. The justification is then your consent (art. 6 (1) (a) GDPR).
2.4. Joint controllers with social network operators
We maintain company pages on the social networks Xing and LinkedIn. As the operator of these pages, we are responsible for the collection (but not for the further processing) of the data of visitors to our company pages jointly with the respective operator of the social network within the meaning of the General Data Protection Regulation (GDPR)
- Xing: New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
- LinkedIn: LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Irland,
The data collected includes
- Information about the types of content visitors view or interact with, or the actions they take; and
- Information about the devices visitors use (e.g., IP addresses, operating system, browser type, language settings, cookie data).
- Social networks also collect and use information to provide analytics services, known as “page insights,” to page operators to provide them with insights into how people interact with their pages and with content associated with them.
We have concluded a special agreement with the respective operator of the social network:
Xing: Xing’s terms and conditions and the policies referenced therein, https://www.xing.com/terms/xing
LinkedIn: “Page Insights Joint Controller Addendum” legal.linkedin.com/pages-joint-controller-addendum.
In each case, these regulate in particular which security measures the operator must observe and in which the operator has agreed to fulfill the rights of data subject (i.e. users can, for example, address their right of access and their right to erasure directly to the operator of the social network).
The rights of users (in particular the right of access, erasure, restriction and right to lodge a complaint to the supervisory authority), are not restricted by the agreements with the respective operator. You can assert your rights (right to access, correction, erasure, restriction of processing, data portability, objection and right to lodge a complaint to the supervisory authority) both against us and against the respective operator of the social network.
- Legal basis: The legal basis for data processing is our legitimate interest in ensuring that our offer and our company are present on the internet as comprehensively as possible, as well as the possibility of communicating with you via social networks (Art. 6 (1) lit. f GDPR).
- Data subjects: Website visitors, visitors from our company pages on social networks.
In the case of Xing and LinkedIn, it is possible that some of the information collected may also be processed outside the European Union in the USA. We would like to point out that the USA is not a safe third country in the sense of EU data protection law (see also section “Recipients of Personal Data”). Data transfers take place in each case on the basis of standard contractual clauses. The operators of the social networks and their affiliated companies are therefore contractually obliged to process data in a GDPR compliant manner.