Privacy Policy of MegaPart GmbH

Legal Basis

Personal data will only be processed if

  • voluntary consent has been given (Art. 4 No. 11, Art. 5 I lit b), Art. 6 I 1 lit a), Art. 7 GDPR).
  • contractual or pre-contractual connections exist (Art. 6 I lit b) GDPR).
  • we are legally obliged to process it (Art. 6 I lit c) GDPR).
  • in a balancing of processing and non-processing, a legitimate interest in processing prevails (Art. 6 I 1 lit f), Art. 13 I lit d) GDPR).
  • the processing would be in the public interest or in the exercise of official authority (Art. 6 I 1 lit e) DSGVO).

Personal data

Your personal data will only be processed if there is a legally valid consent or another legitimate basis regulated by law (see "legal basis"). Attention is paid to the accuracy of the personal data being processed and the interests of the data subjects are taken into account.

In order to provide the best possible service in the area of our personnel services, the following data is collected as part of the registration process.

  • First and last name
  • Contact details (phone number, email, social media profile)
  • CV, practical experiences, projects and tasks
  • Language skills and level

These are processed by the following persons:

  • Contact person
  • Employees in the areas of Recruiting, Support, Account Management, Human Resources, IT

Data source

Your data may be collected directly or indirectly from you, for example by email, form, by uploading a CV or by using LinkedIn or XING (“individual application”). If we have not collected your data directly from you, we will inform you of the purpose and the data sources we use when we communicate with you in connection with our services (e.g. to make you aware of a job offer), but in any case within one month of the time we received your data indirectly. Exceptions to this are cases in which the disclosure of this information to you would involve a disproportionate effort. In this case, we will take alternative measures to protect your rights and freedoms.

Up-to-dateness of your data

We are obligated to work with current data and to always update our data sets. Therefore, we try to keep your data in our database up to date with the information available on portals like XING, LinkedIn, etc.

However, our most important source of data is you; so please do not hesitate to help us update your data and notify us of relevant changes.

Purpose of the data processing

According to Art. 6 I GDPR, personal data is subject to a purpose limitation. We process your personal data in order to find you the job or project that is exactly right for you. For this purpose, you determine which data we use and which data are available to us.

Hence, we use the data of our candidates for the purpose of fulfilling our duties as a personnel service provider. In no event will your data be passed to third parties outside of MegaPart or used for other purposes without your consent.

Data transmission to third parties

In order to find a suitable project for you, we will forward your profile or CV to third parties.

These third parties are our clients/your potential employers with whom we have concluded framework agreements and stay in touch all the time for all purposes.

Only in cases regulated by law are obliged to transmit personal data with authorities; this requires a written request by the authority requesting the information.

Deletion and blocking of personal data

Your personal data will be processed and stored until the purpose of the storage has been achieved or this has been provided for by law. If these purposes cease to apply, the personal data will be blocked and deleted by us in accordance with the statutory provisions.

If you are not considered for a specific project, you agree to continue to be considered for other positions or projects in our system for a period of up to three years.

As a user, you have the right to correct, block or delete your data at any time. After notification of your wish to delete the data by email, your data will be deleted immediately.

Provision of personal data

The provision of personal data may in part be required by law or result from the contract. For the conclusion of the contract, it may be necessary to provide us with personal data of the data subject. This may be the case when our company enters into a contract with the data subject.

Refusal to provide the data will result in the contract not being concluded.

Should the data subject provide personal data, a member of staff will be on hand to clarify individual case-related questions from the data subject.

Place of processing

Your data will be processed on IT systems within the EU or within the European Economic Area.

Technical and organizational measures (TOM)

In accordance with Art. 32 GDPR, we have taken a variety of technical and organizational measures as part of our privacy policy to ensure the security, availability, integrity and confidentiality of your data and to guarantee an appropriate level of protection. For more information, please contact us: datenschutz@megapart.de.

Impact assessment

As required by law in Art. 35 GDPR, risk criteria and levels for personal rights and freedoms are set against the protective measures. The data protection assessments made during this process are incorporated into the implementation of technical and organizational measures (TOM).

Changes to the privacy policy

In case of a legal or technical development, there may be changes to the privacy policy. In these objectively justified cases of change, your approval is still valid unless you explicitly object to the changes. Changes will be announced through publications on our website. In the event of significant changes, renewed consent to the amended privacy policy is required. Should your consent be omitted or revoked, we are entitled to terminate the existing contract with you without notice.

Validity of the privacy policy

As of the publication (25th of May 2018) of the privacy policy, it shall continue to apply indefinitely. With the publication of a successor privacy policy, the validity of this declaration is cancelled.

Rights of the data subjects

As a data subject whose data is processed by us, you have the following rights towards us:

  • Right to transparent information about the handling of your personal data processed by us (Art. 12 GDPR)
  • Right to request information about your personal data processed by us (Art. 13-15 GDPR)
  • Right to rectify and, if necessary, amend your personal data processed by us (Art. 16 GDPR)
  • Right to deletion and the right “to be forgotten” (Art. 17 GDPR)
  • Right to restrict processing (Art. 18 GDPR)
  • Right of confirmation (Art. 19 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to revoke consent already granted under data protection law with effect for the future (Art. 21 GDPR)

In accordance with the statutory comment period of four weeks (in exceptional cases an extension of four weeks), we make every effort to process your concerns in full. Please be aware that even after your request for deletion or “being forgotten”, personal data may still be stored due to legal storage periods.

Use of our website

a) Cookies / local storage

The websites sometimes use so-called cookies or similar technologies, in particular local storage technologies (also called "local data" and "local storage").

In the process, data is stored locally in the cache of your browser, which continues to exist and can be read out even after you close the browser window or exit the programme - unless you delete the cache.

Local storage makes it possible to search for vacancies and projects on our website and filter the results according to various criteria such as type of employment, area, project language and job title. The entries in the local storage are functionally necessary for the search and filtering of the jobs, in order to temporarily store the user's selection when the page is called up again or between page calls. This is necessary when the user switches between the results page and the detail pages. The entries in the local storage are only saved when you call up the search, i.e. click on the link to it, and thus request the service.

Third parties cannot access the data stored in the local storage. They are not passed on to third parties and are not used for advertising purposes.

The use of local storage techniques is necessary to enable the above-mentioned functionality of our offer. Therefore, we do not require any additional consent from you in accordance with Section 25 (2) No. 2 TTDSG. The subsequent processing of your personal data, which we have collected with the help of local storage, is based on our legitimate interests in accordance with Article 6 (1) (f) GDPR. We have an interest in the provision and functionality of our website, specifically to enable you to search for personnel and projects.

If you do not want our website to use cookies and local storage functions, you can control this in the settings of your browser. There you will also get an overview of your stored cookies. You can delete cookies at any time or block them from the start. You manage local storage content in the browser via the settings for "Chronicle" or "Local data", depending on which browser you are using. We would like to point out that this may result in functional restrictions.

b) Server log files

The provider of the pages automatically collects and stores information on so called server log files, which your browser automatically transmits to us. This information is:

  • Browser type and version, operating system used

  • Referrer URL

  • Hostname of the accessing computer

  • Time of the server request

This data cannot be assigned to specific persons. This data is not merged with other data sources. We reserve the right to examine this data retrospectively if we become aware of specific indications of unlawful use.

c) SSL encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as enquiries you send to us, the operator of this website. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

d) Contact form

Our homepage contains a contact form for fast electronic contact. When you send us your request via our contact form, your details from the enquiry form, including the personal data transmitted, are stored automatically in order to process the request and in case of follow-up question. This data will not be passed on to third parties without your consent.

Privacy policy on the application and use of social bookmarks

On our website you will find components of XING, LinkedIn, Facebook and Instagram which are embedded as links to the corresponding services. By clicking on the embedded graphic, you will be redirected to the respective provider and thus are subjected to their terms and conditions.

For information on the handling of personal data when using the websites, please refer to the respective privacy policy of the providers:

XING

Our website uses features of the XING network.
The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.
With every visit to our websites that have features of XING embedded, a connection to the serves of XING is established.
Based on our knowledge personal data is not stored. Particularly, IP addresses are not stored, and usage behaviour is not evaluated.

For more information about data security and the share button of XING please refer to the privacy policy of XING.

LinkedIn

Our website uses features of the network LinkedIn.
The provider is LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA 94089, USA.
Each time one of our pages containing LinkedIn functions is accessed, a connection to LinkedIn servers is established. LinkedIn is informed that you have visited our website with your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account, it is possible for LinkedIn to associate your visit to our website with you and your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

You can find more information on this in LinkedIn's privacy policy.

Data protection provisions about the use of third-party software

We are convinced that we can best support our candidates by using the power of modern technology, which is why we use a parsing application to process the profiles.

Textkernel

The provider of the parser is Textkernel BV, Asterweg 15D, 1031 HL Amsterdam, The Netherlands.
It is used exclusively for the purpose of promptly uploading applicant profiles to MegaPart's CI so that they can be sent to our clients for the purpose of placing candidates. We do not use this technology to make decisions on the basis of a fully automated process or to assess the performance of applicants.
As a European company, the provider Textkernel is subject to the corresponding requirements of the GDPR, and we have a DPA. Servers located exclusively in Europe were selected for the use. No data is processed outside of this process node. For more information about Textkernel, please visit the provider's website at https://www.textkernel.com/terms-agreements/data-processing-agreement.


If you have any further questions about data protection and our privacy policy, please feel free to contact us at any time using the email address mentioned above.

MegaPart GmbH / June 2024