Privacy Policy

Status: 11/08/2025
Version number: v1.0

The following notes provide a simple overview of what happens to your personal data when you visit this website. Personal data is any data with which you can be personally identified. Detailed information on the topic of data protection can be found in our privacy policy listed below this text.

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Notice regarding the controller” in this privacy policy.

Your data is collected, on the one hand, by you providing it to us. This can be data that you enter into a contact form, for example. Other data is collected automatically or after your consent when you visit the website by our IT systems. This mainly includes technical data (e.g. internet browser, operating system or the time of the page view). This data is collected automatically as soon as you enter this website.

Part of the data is collected to ensure the error-free provision of the website. Other data can be used to analyze your user behavior. If contracts can be concluded or initiated via the website, the transmitted data is also processed for contract offers, orders or other order-related inquiries.

You have the right at any time to obtain free information about the origin, recipients and purpose of your stored personal data. You also have the right to request the rectification or deletion of this data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. Furthermore, you have the right, under certain circumstances, to request the restriction of the processing of your personal data.

You also have the right to lodge a complaint with the competent supervisory authority.

You can contact us at any time regarding this and other questions on the subject of data protection.

When you visit this website, your browsing behavior can be statistically evaluated. This is done primarily with so-called analytics programs.

Detailed information on these analytics programs can be found in the following privacy policy.

We host the content of our website with the following provider:

The provider is IONOS SE, Elgendorfer Str. 57, 56410 Montabaur (hereinafter IONOS). For this purpose, we operate our own dedicated server in an IONOS data center in Germany. When you visit our website, IONOS records various log files including your IP addresses. For details, please refer to IONOS’s privacy policy:

https://www.ionos.de/terms-gtc/terms-privacy.

The use of IONOS is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the most reliable possible presentation of our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned services. This is a contract required by data protection law which ensures that the latter processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

We additionally use IONOS Cloud Backup for data backup (Art. 6 (1) lit. f GDPR). Further information:

https://www.cloud.ionos.de/datensicherheit

Purpose: Creation and storage of backup copies of server-side data (e.g. website, shop, applicant and log data) for recovery in the event of a malfunction.
Data categories: Contents of the backed-up systems/instances according to the selected backup scope (including databases, files, configurations).
Storage location: IONOS data centers within the EU and in the United Kingdom (UK). Transfers to the UK are based on the adequacy decision of the European Commission (currently extended until 27/12/2025); if changes occur, we will adjust the legal bases accordingly.

We have concluded a data processing agreement (DPA) for the use of the above-mentioned services. This is a contract required by data protection law which ensures that the latter processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations as well as this privacy policy.

When you use this website, various personal data are collected. Personal data are data with which you can be personally identified. This privacy policy explains which data we collect and what we use them for. It also explains how and for what purpose this is done.

We point out that data transmission on the internet (e.g. when communicating by email) can have security gaps. Complete protection of the data from access by third parties is not possible.

The controller responsible for data processing on this website is:

Job Join UG (haftungsbeschränkt)
Steinerne Furt 72
86167 Augsburg, Germany
Phone: +49 / 821 / 20 83 82 21
Email: service@job-join.de

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of the processing of personal data (e.g. names, email addresses or similar).

Unless a more specific storage period has been specified within this privacy policy, your personal data will remain with us until the purpose for data processing ceases to apply. If you assert a legitimate request for deletion or revoke consent to data processing, your data will be deleted, provided that we have no other legally permissible reasons for storing your personal data (e.g. retention periods under tax or commercial law); in the latter case, deletion takes place after these reasons cease to apply.

If you have consented to data processing, we process your personal data on the basis of Art. 6 (1) lit. a GDPR and, if special categories of data pursuant to Art. 9 (1) GDPR are processed, on the basis of Art. 9 (2) lit. a GDPR. In the case of express consent to the transfer of personal data to third countries, data processing is also based on Art. 49 (1) lit. a GDPR. If you have consented to the storage of cookies or to access to information on your device (e.g. via device fingerprinting), data processing is additionally based on § 25 (1) TDDDG. Consent can be revoked at any time. If your data is required for the performance of a contract or for pre-contractual measures, we process your data on the basis of Art. 6 (1) lit. b GDPR. Furthermore, we process your data if this is necessary for the fulfillment of a legal obligation on the basis of Art. 6 (1) lit. c GDPR. Data processing may also be based on our legitimate interest pursuant to Art. 6 (1) lit. f GDPR. The specific legal bases applicable in individual cases are indicated in the following paragraphs of this privacy policy.

We use, among other things, tools from companies based in third countries that are not secure under data protection law, as well as US tools whose providers are not certified under the EU-US Data Privacy Framework (DPF). If these tools are active, your personal data may be transferred to these countries and processed there. We point out that in third countries that are not secure under data protection law, a level of data protection comparable to that in the EU cannot be guaranteed.

We point out that the USA, as a secure third country, generally has a level of data protection comparable to that of the EU. A data transfer to the USA is therefore permissible if the recipient has a certification under the “EU-US Data Privacy Framework” (DPF) or has suitable additional safeguards. Information on transfers to third countries, including the data recipients, can be found in this privacy policy.

In the course of our business activities, we work with various external parties. In some cases, the transfer of personal data to these external parties is also necessary. We only pass on personal data to external parties if this is necessary for the fulfillment of a contract, if we are legally obliged to do so (e.g. transfer of data to tax authorities), if we have a legitimate interest pursuant to Art. 6 (1) lit. f GDPR in the transfer, or if another legal basis permits the data transfer. When using processors, we only pass on personal data of our customers on the basis of a valid data processing agreement. In the case of joint processing, a joint controllership agreement is concluded.

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. The lawfulness of the data processing carried out until the revocation remains unaffected by the revocation.

IF DATA PROCESSING IS CARRIED OUT ON THE BASIS OF ART. 6 (1) LIT. E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION, TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH PROCESSING IS BASED CAN BE FOUND IN THIS PRIVACY POLICY. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR AFFECTED PERSONAL DATA UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES THE ESTABLISHMENT, EXERCISE OR DEFENCE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21 (1) GDPR).

IF YOUR PERSONAL DATA ARE PROCESSED FOR THE PURPOSE OF DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS CONNECTED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL SUBSEQUENTLY NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 (2) GDPR).

In the event of violations of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged violation. The right to lodge a complaint exists without prejudice to other administrative or judicial remedies.

You have the right to have data which we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a commonly used, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Within the framework of the applicable statutory provisions, you have the right at any time to obtain free information about your stored personal data, their origin and recipients and the purpose of the data processing and, if applicable, a right to rectification or erasure of this data. You can contact us at any time regarding this and other questions on the subject of personal data.

You have the right to request the restriction of the processing of your personal data. You can contact us at any time for this purpose. The right to restriction of processing exists in the following cases:

• If you dispute the accuracy of your personal data stored by us, we usually need time to verify this. For the duration of the verification, you have the right to request the restriction of the processing of your personal data.

• If the processing of your personal data was/is unlawful, you can request the restriction of data processing instead of deletion.

• If we no longer need your personal data, but you need it for the exercise, defense or assertion of legal claims, you have the right to request the restriction of the processing of your personal data instead of deletion.

• If you have lodged an objection pursuant to Art. 21 (1) GDPR, a balance must be struck between your interests and ours. As long as it has not yet been determined whose interests prevail, you have the right to request the restriction of the processing of your personal data.

If you have restricted the processing of your personal data, these data—apart from their storage—may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or a Member State.

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator, this page uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data that you transmit to us cannot be read by third parties.

If, after concluding a contract subject to a charge, there is an obligation to transmit your payment data to us (e.g. account number for direct debit authorization), this data is required for payment processing.

Payment transactions via the common means of payment (Visa/MasterCard, direct debit) are carried out exclusively via an encrypted SSL or TLS connection. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.
With encrypted communication, your payment data that you transmit to us cannot be read by third parties.

We hereby object to the use of contact data published within the scope of the imprint obligation for the purpose of sending unsolicited advertising and information material. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam emails.

Our websites use so-called “cookies.” Cookies are small data packets and do not cause any damage to your end device. They are either stored temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted after the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or an automatic deletion is carried out by your web browser.

Cookies can come from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have different functions. Numerous cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to analyze user behavior or for advertising purposes.

Cookies that are required to carry out the electronic communication process, to provide certain functions you desire (e.g. for the shopping cart function) or to optimize the website (e.g. cookies to measure web audience) (necessary cookies) are stored on the basis of Art. 6 (1) lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG); consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or generally, as well as activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be limited.

Which cookies and services are used on this website can be found in this privacy policy.

Our website uses the consent technology of Real Cookie Banner to obtain your consent to the storage of certain cookies on your end device or to the use of certain technologies and to document this in compliance with data protection. The provider of this technology is devowl.io GmbH, Tannet 12, 94539 Grafling, Germany (hereinafter “Real Cookie Banner”).

Real Cookie Banner is installed locally on our servers, so no connection is made to the servers of the provider of Real Cookie Banner. Real Cookie Banner stores a cookie in your browser in order to be able to assign the consents you have given or their revocation to you. The data collected in this way is stored until you ask us to delete it, delete the Real Cookie Banner cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

The use of Real Cookie Banner is carried out in order to obtain the legally required consents for the use of cookies. The legal basis for this is Art. 6 (1) lit. c GDPR.

If you contact us by email, telephone or fax, your inquiry including all resulting personal data (name, inquiry) will be stored and processed by us for the purpose of handling your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6 (1) lit. b GDPR, insofar as your inquiry is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of inquiries addressed to us (Art. 6 (1) lit. f GDPR) or on your consent (Art. 6 (1) lit. a GDPR) if this has been requested; consent can be revoked at any time.

The data you send to us via contact inquiries will remain with us until you request deletion, revoke your consent to storage, or the purpose for data storage no longer applies (e.g. after your request has been processed). Mandatory statutory provisions—especially statutory retention periods—remain unaffected.

You can register on this website in order to use additional functions on the site. We use the data entered for this purpose only for the use of the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will reject the registration.

For important changes, for example to the scope of the offer or for technically necessary changes, we use the email address provided during registration to inform you in this way.

The processing of the data entered during registration is carried out for the purpose of performing the user relationship established by the registration and, if applicable, for initiating further contracts (Art. 6 (1) lit. b GDPR).

The data collected during registration will be stored by us as long as you are registered on this website and will be deleted thereafter. Statutory retention periods remain unaffected.

We use Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Tag Manager is a tool that allows us to integrate tracking or statistics tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not carry out independent analyses. It is used solely for the management and delivery of the tools integrated via it. However, Google Tag Manager records your IP address, which can also be transferred to Google’s parent company in the United States.

The use of Google Tag Manager is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link:

https://www.dataprivacyframework.gov/participant/5780.

This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyze the behavior of website visitors. In this process, the website operator receives various usage data, such as page views, time spent, operating systems used, and the user’s origin. These data are assigned to the respective end device of the user. An assignment to a user ID does not take place.

Furthermore, with Google Analytics we can record, among other things, your mouse and scroll movements and clicks. Google Analytics also uses various modeling approaches to supplement the collected data sets and employs machine learning technologies in data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent pursuant to Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. You can find details here:
https://business.safety.google/adscontrollerterms/sccs/.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

Google Analytics IP anonymization is enabled. As a result, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before transmission to the USA. Only in exceptional cases is the full IP address transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activities and to provide the website operator with other services related to website use and internet use. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.

More information on how Google Analytics handles user data can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.

We have concluded a data processing agreement with Google and fully comply with the strict requirements of the German data protection authorities when using Google Analytics.

If you would like to receive the newsletter offered on the website, we require an email address from you as well as information that allows us to verify that you are the owner of the specified email address and agree to receive the newsletter. No further data is collected or only on a voluntary basis. We use this data exclusively for sending the requested information and do not pass it on to third parties.

The processing of the data entered in the newsletter registration form is carried out exclusively on the basis of your consent (Art. 6 (1) lit. a GDPR). You can revoke the consent given for the storage of the data, the email address and its use for sending the newsletter at any time, for example via the “unsubscribe” link in the newsletter. The lawfulness of the data processing operations already carried out remains unaffected by the revocation.

The data you have stored with us for the purpose of subscribing to the newsletter will be stored by us and/or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe or after the purpose no longer applies. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest pursuant to Art. 6 (1) lit. f GDPR.

Data that has been stored by us for other purposes remains unaffected.

After you unsubscribe from the newsletter distribution list, your email address may be stored by us and/or the newsletter service provider in a blacklist if this is necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f GDPR). Storage in the blacklist is not time-limited. You can object to the storage if your interests outweigh our legitimate interest.

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.

For this purpose, the browser you use must connect to Google’s servers. This enables Google to become aware that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

If your browser does not support Google Fonts, a standard font from your computer will be used.

Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=de.

The company is certified under the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. You can obtain further information from the provider at the following link: https://www.dataprivacyframework.gov/participant/5780

This site uses Font Awesome for the uniform display of fonts and icons. The provider is Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, Massachusetts, USA.

When you call up a page, your browser loads the required fonts into its browser cache to display texts, fonts and icons correctly. For this purpose, the browser you use must connect to the servers of Font Awesome. This enables Font Awesome to become aware that this website has been accessed via your IP address. The use of Font Awesome is based on Art. 6 (1) lit. f GDPR. We have a legitimate interest in the uniform presentation of the typeface on our website. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

If your browser does not support Font Awesome, a standard font from your computer will be used.

Further information on Font Awesome can be found in Font Awesome’s privacy policy at: https://fontawesome.com/privacy.

We have integrated Wordfence on this website. The provider is Defiant Inc., Defiant, Inc., 800 5th Ave Ste 4100, Seattle, WA 98104, USA (hereinafter “Wordfence”).

Wordfence serves to protect our website from unwanted access or malicious cyberattacks. For this purpose, our website establishes a permanent connection to Wordfence’s servers so that Wordfence can compare its databases with the accesses made on our website and block them if necessary.

The use of Wordfence is based on Art. 6 (1) lit. f GDPR. The website operator has a legitimate interest in the most effective possible protection of his website against cyberattacks. If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent covers the storage of cookies or access to information on the user’s device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. You can find details here:
https://www.wordfence.com/help/general-data-protection-regulation/

The provider of this shop system is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA (hereinafter “WooCommerce/Automattic”).

Processing of customer account, order, payment and shipping data; use of technically necessary cookies (e.g. shopping cart, checkout).
Further information/privacy: https://automattic.com/privacy/ Cookies: https://woocommerce.com/document/woocommerce-cookies/.

The provider is vendidero GmbH, Schillerstraße 36, 12207 Berlin, Germany.

Legal adjustments in the checkout/legal texts; no independent transfer to third parties.
Further information/privacy: https://vendidero.com/privacy-policy Imprint: https://vendidero.de/impressum.

The provider is Job Join UG, Steinerne Furt 72, 86167 Augsburg, Germany.

Purpose: Conducting the aptitude test and managing applicant profiles
Legal bases: Art. 6 (1) lit. b GDPR (contract/registration), Art. 6 (1) lit. f GDPR (legitimate interest in efficient matching/quality review), where applicable Art. 6 (1) lit. a GDPR (consent for additional storage).

Storage of answers and the test result and technically required cookies for a maximum of 48 hours. Legal basis: Art. 6 (1) lit. f GDPR.

Storage of answers and the test result, email address, voluntary information for 12 months.
Legal basis: Art. 6 (1) lit. b GDPR.

Storage of answers and the test result, contact and contract data as well as uploaded proof (professional qualifications, educational degrees, job offers) for the duration of the membership.

3 months after the end of the contract for contact by employers/employment agents in ongoing processes. Only with consent (checkbox at purchase).
Legal basis: Art. 6 (1) lit. a GDPR.

Revocation possible at any time with effect for the future, e.g. by email to service@job-join.de . After revocation, we end the additional storage and delete/anonymize the data stored for this purpose; statutory retention obligations remain unaffected.

Recipients: Employers and employment agents registered with Job Join (in the case of job offers/contact); subcontractors (e.g. employment agents, visa agents). Subcontractors only with a data processing agreement pursuant to Art. 28 GDPR.

Access to applicant data/profiles is granted exclusively to employers and employment agents registered with Job Join UG. This can take place via a protected login area. Electronic search and filter functions are available there; only the information required for a job offer and contact is visible (such as name, uploaded qualifications, answers to the test, email address, telephone number).

Disclosure to registered employers/employment agents: As part of membership in the Workforce Pool, we transmit profile and matching-relevant data to employers/employment agents registered with Job Join UG for the initiation of suitable job contacts (possibly also by email). Legal basis: Art. 6 (1) lit. b GDPR.

Public authorities and consulates/embassies may also be recipients where necessary to obtain work or residence permits, the recognition of educational/professional qualifications, or visas.

A transfer to third countries only takes place if this is necessary for the performance of a contract (e.g. to subcontractors such as visa agents in a visa application process) and in compliance with Art. 44 et seq. GDPR (e.g. EU Standard Contractual Clauses). Subcontractors only with a data processing agreement pursuant to Art. 28 GDPR.

The provider is DEVPUPS SRL, Str. Constantin Brâncuși 12, Bl. AN33, Ap. 24, 410347 Oradea, Bihor, Romania.

Uses first-party cookies to assign referrals; storage duration see cookie banner.
Privacy: https://slicewp.com/privacy-policy/.

The provider (EU/UK) is OANDA Europe Limited, Dashwood House, 69 Old Broad Street, London EC2M 1QS, United Kingdom.

Retrieval of external scripts/API; transmission of the IP address to the provider; where applicable, transfer to third countries to the UK (adequacy decision) or further third countries pursuant to Art. 44 et seq. GDPR.
Privacy: https://legal.oanda.com/?code=privacy_policy_oel&language=en.

The provider is Web Agile Sas di Fietta Roberto, Via Trieste 8, 36065 Mussolente (VI), Italy.

Dispatch/management of newsletters; double opt-in; unsubscribe possible at any time.
Privacy: https://www.thenewsletterplugin.com/legal/privacy Terms/provider information: https://www.thenewsletterplugin.com/legal/terms

Provider is MaxMind, Inc., 51 Pleasant Street, #1020, Malden, MA 02148, USA.

Used by WooCommerce for IP geolocation (e.g., country determination for pricing/taxes). In this context, the IP address (and technically necessary request data) is transmitted to MaxMind and processed for geolocation.
Legal basis: Art. 6 (1) lit. f GDPR (legitimate interest in a functional, user-friendly shop); where necessary for contract performance (e.g., tax determination), Art. 6 (1) lit. b GDPR.
International transfers: USA (based on MaxMind’s safeguards, e.g., Standard Contractual Clauses/DPF, see privacy docs).
Privacy & DPA: https://www.maxmind.com/en/privacy-policy and https://www.maxmind.com/data-processing-addendum.pdf

We collect, process and use personal customer and contract data to establish, structure in terms of content and amend our contractual relationships. We collect, process and use personal data about the use of this website (usage data) only to the extent necessary to enable the user to use the service or to bill for it. The legal basis for this is Art. 6 (1) lit. b GDPR.

The customer data collected will be deleted after completion of the order or termination of the business relationship and expiry of any statutory retention periods that may exist. Statutory retention periods remain unaffected.

We only transfer personal data to third parties if this is necessary in the context of contract processing, for example to the credit institution or payment service provider commissioned with payment processing. Further recipients of the data may—where required for contract performance or the respective purpose—be employers and employment agents (in the case of job offers/contact) as well as subcontractors (e.g. employment agents, visa agents); subcontractors are used exclusively on the basis of a data processing agreement pursuant to Art. 28 GDPR.

No further transfer of the data takes place or only if you have expressly consented to the transfer. Your data will not be passed on to third parties without your express consent, for example for advertising purposes.

The legal basis for data processing is Art. 6 (1) lit. b GDPR, which permits the processing of data for the performance of a contract or pre-contractual measures.

We integrate payment services from third-party companies on our website. If you make a purchase from us, your payment data (e.g. name, payment amount, account details, credit card number) will be processed by the payment service provider for the purpose of payment processing. The respective contractual and privacy provisions of the respective providers apply to these transactions. The use of payment service providers is based on Art. 6 (1) lit. b GDPR (contract processing) as well as in the interest of the most smooth, convenient and secure payment process possible (Art. 6 (1) lit. f GDPR). Insofar as your consent is requested for certain actions, Art. 6 (1) lit. a GDPR is the legal basis for data processing; consent can be revoked at any time with effect for the future.

The following payment services / payment service providers are used by us on this website:

The provider of this payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”).

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. You can find details here: https://www.paypal.com/de/webapps/mpp/ua/pocpsa-full.

Details can be found in PayPal’s privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

The provider of the payment service is Apple Inc., Infinite Loop, Cupertino, CA 95014, USA.

You can find Apple’s privacy policy at: https://www.apple.com/legal/privacy/de-ww/.

The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

You can find Google’s privacy policy here: https://policies.google.com/privacy.

The provider for customers within the EU is Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (hereinafter “Stripe”).

Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. You can find details here:
https://stripe.com/de/privacy and

https://stripe.com/de/guides/general-data-protection-regulation.

You can read details on this in Stripe’s privacy policy at the following link:
https://stripe.com/de/privacy.

The provider is Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, USA, as well as Aut O’Mattic A8C Ireland Ltd., Grand Canal Dock, 25 Herbert Place, Dublin D02 AY86, Ireland (hereinafter “WooPayments/Automattic”).

WooPayments is operated in partnership with Stripe; payment processing is carried out via Stripe Payments Europe, Limited, 1 Grand Canal Street Lower, Grand Canal Dock, Dublin D02 H210, Ireland (hereinafter “Stripe”).

Further information/privacy: https://automattic.com/privacy/ • https://stripe.com/de/privacy.
(Legal basis: Art. 6 (1) lit. b GDPR; otherwise as above. Where applicable, transfers to third countries using appropriate safeguards in accordance with Art. 44 et seq. GDPR.)

The provider of this payment service is American Express Europe S.A., Theodor-Heuss-Allee 112, 60486 Frankfurt am Main, Germany (hereinafter “American Express”).

American Express may transfer data to its parent company in the USA. Data transfer to the USA is based on Binding Corporate Rules. You can find details here:

https://www.americanexpress.com/en-cz/company/legal/privacy-centre/binding-corporate-rules/.

Further information can be found in the privacy policy of American Express: https://www.americanexpress.com/de-de/firma/legal/datenschutz-center/online-datenschutzerklarung/.

The provider of this payment service is Mastercard Europe SA, Chaussée de Tervuren 198A, B-1410 Waterloo, Belgium (hereinafter “Mastercard”).

Mastercard may transfer data to its parent company in the USA. Data transfer to the USA is based on Mastercard’s Binding Corporate Rules. You can find details here:

https://www.mastercard.de/de-de/datenschutz.html and

https://www.mastercard.us/content/dam/mccom/global/documents/mastercard-bcrs.pdf.

The provider of this payment service is Visa Europe Services Inc., London Branch, 1 Sheldon Square, London W2 6TT, United Kingdom (hereinafter “VISA”).

The United Kingdom is considered a third country that is secure under data protection law. This means that the United Kingdom has a level of data protection equivalent to that of the European Union.

VISA may transfer data to its parent company in the USA. Data transfer to the USA is based on the Standard Contractual Clauses of the EU Commission. You can find details here:

https://www.visa.de/nutzungsbedingungen/visa-globale-datenschutzmitteilung/mitteilung-zuzustandigkeitsfragen-fur-den-ewr.html.

Further information can be found in VISA’s privacy policy:
https://www.visa.de/nutzungsbedingungen/visa-privacy-center.html.

With all subcontractors who process personal data on our behalf for the purpose of obtaining, for example, work and residence permits, recognition of educational/professional qualifications or the obtaining of visas, a data processing agreement is concluded in accordance with Art. 28 GDPR, including technical and organizational measures (TOMs).

The provision of personal data is required in order to use our platform and services. Without this data, use is not possible.

Automated decision-making within the meaning of Art. 22 GDPR does not take place. Automated processes, such as the matching of applicants and job offers within our applicant pool, serve exclusively as technical support. The final decision on contacting or concluding a contract is always made by a human and not based solely on automated processing.

Further recipients of the data may be:

Employers and employment agents registered with Job Join UG (in the case of job offers or contact), subcontractors (employment agents, visa agents – only with DPA pursuant to Art. 28 GDPR)

Public authorities and consulates/embassies may also be recipients where necessary to obtain work or residence permits, the recognition of educational/professional qualifications, or visas.

Scholl + Partner Partnerschaftsgesellschaft mbB Steuerberater Rechtsanwalt
Schlossstraße 2b, 86405 Meitingen, Germany

Tax consulting and financial accounting (independent controller).
The tax advisor regularly uses DATEV eG, Paumgartnerstr. 6–14, 90429 Nuremberg, Germany, as a processor for the processing.

To provide and secure our systems, we use IT service providers (e.g. for administration, maintenance, error analysis). In individual cases, it may be necessary for these service providers to have insight into personal data (e.g. in the context of remote support). The legal bases are Art. 6 (1) lit. f GDPR (legitimate interest in the secure and efficient operation of our systems) and—where contractual services are concerned—Art. 6 (1) lit. b GDPR.

We have concluded data processing agreements with all IT service providers in accordance with Art. 28 GDPR and ensure appropriate technical and organizational measures. The service providers are used under strict instructions. Recipient category: IT service providers (maintenance/support). No transfer to third countries takes place; should this exceptionally be necessary, it will only be carried out using the safeguards provided for in the GDPR (e.g. EU Standard Contractual Clauses).