DATA PROTECTION

Data protection information according to Art. 13, 14 DSGVO

Status: May 2023

We, Talentscoutry TM GmbH, (hereinafter: “the company“, “we” or “us“) would like to take this opportunity to inform you about data protection in our company.

As part of our responsibility under data protection law, additional obligations have been imposed on us by the entry into force of the EU General Data Protection Regulation (Regulation (EU) 2016/679; hereinafter: “GDPR”) in order to ensure the protection of personal data of the person affected by processing (we also refer to you as the data subject as “customer”, “user”, “you”, “you” or “data subjectbelow*).

*For reasons of better readability, the simultaneous use of the language forms male, female and diverse (m/f/d) is dispensed with. All personal designations apply equally to all genders.

Insofar as we decide either alone or jointly with others on the purposes and means of data processing, this includes above all the obligation to inform you transparently about the type, scope, purpose, duration and legal basis of the processing (cf. Art. 13 and 14 GDPR). With this declaration (hereinafter: “data protection information” or “data protection information“), we inform you about the way in which your personal data is processed by us.

Our data protection information has a modular structure. They consist of a general section for any processing of personal data and processing situations by us and special sections, the content of which relates only to the processing situation specified there with the designation of the respective offer or product.

In order to find the parts relevant to you, please refer to the following overview of the subdivision of the data protection information:

A. General

1. Definitions

Following the example of Art. 4 GDPR, this data protection information is based in particular on the following definitions:

  • “Personal data” (Art. 4 No. 1 GDPR) means any information relating to an identified or identifiable natural person (“data subject”). A person is identifiable if they can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, an online identifier, location data or information relating to their physical, physiological, genetic, mental, economic, cultural or social identity. The identifiability can also be provided by linking such information or other additional knowledge. The origin, form or embodiment of the information is irrelevant (photos, video or audio recordings can also contain personal data).
  • “Processing” (Art. 4 No. 2 GDPR) means any operation which is performed on personal data, whether or not by automated means (i.e. using technical specifications). This includes, in particular, the collection (i.e. acquisition), recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data, or alteration of the purposes for which they were originally processed.
  • “Controller” (Art. 4 No. 7 GDPR) means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  • “Third party” (Art. 4 No. 10 GDPR) means any natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data; this also includes other legal entities belonging to the group.
  • “Processor” (Art. 4 No. 8 GDPR) is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller, in particular in accordance with the controller’s instructions (e.g. IT service provider). In terms of data protection law, a processor is in particular not a third party.
  • “Consent” (Art. 4 No. 11 GDPR) of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

II. Responsible person

The data controller within the meaning of Art. 4 No. 7 GDPR for the processing of personal data on www.talentscoutry.de (the “website” for short) is us, i.e. the

Talentscoutry TM GmbH
Steindlstrasse 3b
80935 Munich
Telefon: +49 89 58 80 44 3-0
E-Mail: info@talentscoutry.de

For further information about our company, please refer to the imprint details on our website.

III Legal basis for data processing

In principle, any processing of personal data is prohibited by law and is only permitted if the data processing falls under one of the following justifications:

  • 6 para. 1 a) GDPR (“consent”): Where the data subject has voluntarily, in an informed and unambiguous manner, indicated by a statement or other unambiguous affirmative act that he or she consents to the processing of personal data relating to him or her for one or more specific purposes;
  • 6 para. 1 b) GDPR: If the processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • 6 para. 1 c) GDPR: If processing is necessary for compliance with a legal obligation to which the controller is subject (e.g. a legal obligation to retain data);
  • 6 para. 1 d) GDPR: If processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • 6 para. 1 e) GDPR: If processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
  • 6 para. 1 f) GDPR (“Legitimate interests”): Where processing is necessary for the purposes of the legitimate (in particular legal or economic) interests pursued by the controller or by a third party, except where such interests are overridden by the interests or rights of the data subject which require protection of personal data (in particular where the data subject is a minor).

For the processing operations we carry out, we indicate the applicable legal basis in each case below. Processing can also be based on several legal bases.

IV. Data erasure and storage duration

For the processing operations carried out by us, we indicate below how long the data will be stored by us and when it will be deleted or blocked. Unless an explicit storage period is specified below, your personal data will be deleted or blocked as soon as the purpose or legal basis for storage no longer applies, unless you have given us your consent for further storage (e.g. for a regular customer file for service optimization).

It should be noted that our business relationships with our customers are also based on continuing obligations, which are designed for an indefinite period of time.

However, data may be stored beyond the specified period in the event of an (impending) legal dispute with you in order to preserve evidence within the framework of the statute of limitations (according to §§ 195 ff. of the German Civil Code (BGB), these limitation periods can be up to 30 years, whereby the regular limitation period is three years) or other legal proceedings or if storage is provided for by statutory provisions to which we are subject as the controller (e.g. § 257 HGB, § 147 AO).

If the storage period prescribed by the statutory provisions expires, the personal data will be blocked, anonymized or deleted, unless further storage by us is necessary and there is a legal basis for this.

Data security

We use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties, taking into account the state of the art, the implementation costs and the nature, scope, context and purpose of the processing as well as the existing risks of a data breach (including its probability and impact) for the data subject. Our security measures are continuously improved in line with technological developments.

When you visit our website, we use the TLS (Transport Layer Security) method in conjunction with the highest level of encryption supported by your browser. As a rule, this is 128-bit encryption. You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.

Unfortunately, the transmission of information via the Internet is not completely secure, which is why we cannot guarantee the security of data transmitted to our website via the Internet.

VI. Cooperation with processors and other service providers

As with any large company, we also use external domestic and foreign service providers to process our business transactions (e.g. for IT, logistics, telecommunications, sales and marketing). These service providers only act in accordance with our instructions and are contractually obliged to comply with data protection regulations in accordance with Art. 28 GDPR, unless these service providers are themselves controllers within the meaning of Art. 4 No. 7 GDPR.

VII. Transfer of personal data to third countries

As part of our business relationships, your personal data may be passed on or disclosed to service providers and other recipients who may also be located outside the European Economic Area (EEA), i.e. in third countries. We will inform you about the respective details of the transfer at the relevant points below.

The European Commission certifies that some third countries have data protection standards comparable to the EEA standard by means of so-called adequacy decisions (a list of these countries and a copy of the adequacy decisions can be found here: http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.html).

However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible, for example, through binding company regulations, standard data protection clauses of the European Commission for the protection of personal data, certificates or recognized codes of conduct.

We therefore only transfer data to third countries,

  • insofar as this is necessary to process your request and fulfill your order,
  • if this takes place within the framework of order processing (Art. 28 GDPR),
  • otherwise only if you have given us your consent to do so or if this is necessary to fulfill our legal or contractual obligations or to protect our legitimate interests or those of third parties.

If, under the aforementioned conditions, data is transferred to a third country (country outside the EU/EEA) and this third country guarantees an adequate level of data protection in the opinion of the European Commission (Art. 45 GDPR), your personal data may be transferred on this basis.

In the case of transfers to third countries for which no such adequacy decision exists, the protection of your personal data is ensured as far as possible by suitable guarantees within the meaning of Art. 46 GDPR, in particular by the standard data protection clauses issued by the EU Commission pursuant to Art. 46 para. 2 b) GDPR and any additional guarantees. Please note, however, that in the case of data processing in the USA, an adequate level of data protection cannot currently be guaranteed across the board because the level of data protection in the USA does not correspond to that of the EU, as there is a risk that your data could be processed by US authorities for control and monitoring purposes without you always having sufficient legal remedies against this.

Otherwise, we will only transfer your data to a third country if the data transfer can be based on Art. 49 GDPR, in particular if

  • you have expressly consented to the proposed data transfer after you have been informed of the potential risks of such data transfers for you,
  • the transfer is necessary for the performance of a contract between you and us or for the implementation of pre-contractual measures at your request,
  • the transfer is necessary for the conclusion or performance of a contract concluded in your interest by us with another natural or legal person,
  • the transfer is necessary for the establishment, exercise or defense of legal claims.

VIII. On automated decision making (including profiling)

In principle, we do not intend to use personal data collected from you for automated decision-making (including profiling) within the meaning of Art. 22 GDPR.

We would draw your attention to any exceptions to this principle at the appropriate point in the following information.

IX. On the obligation to provide personal data

We do not make the conclusion of contracts with us dependent on you providing us with personal data beforehand. You are also under no legal or contractual obligation to provide us with your personal data.

However, we may only be able to provide certain services to a limited extent or not at all if you do not provide the necessary data:

It should be noted that Talentscoutry TM GmbH operates as a management and personnel consultancy, personnel and executive developer, recruitment agency and relocation service provider. Among other things, we recruit, qualify and place specialists and talents on a national and international level, in particular qualified healthcare and nursing staff for the purpose of permanent work-related migration to Germany. We provide comprehensive support for the placed applicants (“participants”), from career planning to interview training, support during the application process, participation in specialist further training and language qualifications, fulfillment of the (official) requirements for relocation and its implementation through to taking up employment in hospitals or other inpatient or outpatient (medical) care facilities.

As a (potential) customer, you must therefore provide with the personal data that is necessary for the establishment, execution and termination of a business relationship and the fulfillment of the associated contractual or other obligations under the law of obligations or that we are legally obliged to collect . To enable us to fulfill our obligations, you must provide us with the necessary information and documents and notify us immediately of any changes that arise in the course of the business relationship.

If you do not provide us with the necessary information, we or your other contractual partners may not be able to fulfill the obligations resulting from the business relationship. Without this data, we or your other contractual partners will therefore generally have to refuse to conclude a contract or execute another order or will no longer be able to perform an existing contract.

X.Legal obligation to transmit certain data

We may be subject to a specific legal or statutory obligation to provide the lawfully processed personal data to third parties, in particular public authorities (Art. 6 (1) (c) GDPR).

XI. Your rights

You can assert your rights as a data subject with regard to your processed personal data against us at any time. As the data subject, you have the right under the legal requirements:

  • to request information about your data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the processing purposes, the category of data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making including profiling and, if applicable, meaningful information about its details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect data or the completion of your data stored by us;
  • in accordance with Art. 17 GDPR, to demand the deletion of your data stored by us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • in accordance with Art. 18 GDPR, to demand the restriction of the processing of your data if the accuracy of the data is disputed by you or the processing is unlawful;
  • in accordance with Art. 20 GDPR, to receive your data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transferred to another controller (“data portability”);
  • pursuant to Art. 21 GDPR to object to the processing if the processing is based on Art. 6 (1) e) or f) GDPR. This is particularly the case if the processing is not necessary for the performance of a contract with you. If it is not an objection to direct advertising, we ask you to explain the reasons why we should not process your data as we have done when exercising such an objection. In the event of your justified objection, we will examine the situation and either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing;
  • in accordance with Art. 7 para. 3 GDPR, to withdraw your consent once given (even before the GDPR came into force, i.e. before May 25, 2018) – i.e. your voluntary, informed and unequivocal declaration or other unambiguous confirmatory act that you consent to the processing of the personal data concerned for one or more specific purposes – at any time, if you have given such consent. The consequence of this is that we may no longer continue the data processing based on this consent in the future. You can therefore revoke your consent at any time without any formal requirements with effect for the future, e.g. by sending an email to info@talentscoutry.de or by sending a message to any of the offices named in A.II.
  • in accordance with Art. 77 GDPR, to complain to a data protection supervisory authority about the processing of your personal data in our company, e.g. to the supervisory authority responsible for us: Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach.

XII. Changes to the data protection information

As part of the further development of data protection law and technological or organizational changes, our data protection information is regularly reviewed to determine whether it needs to be adapted or supplemented. We reserve the right to amend these data protection provisions at any time with effect for the future.

You will be informed of any changes in particular on our website at https://talentscoutry.de/datenschutz/.

B. Website

I. Explanation of the function of the website

Information about our company and the services we offer can be found in particular at https://talentscoutry.de/ together with the associated subpages (hereinafter jointly referred to as the “Website”).

When you visit our website, your personal data may be processed:

II. Personal data processed

When you use the website for information purposes, we collect, store and process the following categories of personal data:

1. Protocol Data

When you visit our website, a so-called log data record (so-called server log files) is stored temporarily and anonymously on our web server. This may consist of the following data:

  • Website/application from which the website was requested (so-called referrer URL)
  • Name and URL of the requested page
  • Date and time of your access to the website
  • Description of the type, language and version of the web browser used
  • IP address of your requesting internet-enabled device
  • Your Internet service provider
  • files downloaded from our website (e.g. PDF or Word documents)
  • Amount of data transferred
  • Operating system of your requesting internet-enabled device
  • Message as to whether the call was successful (access status/Http status code)
  • GMT time zone difference

2. Inquiry, contact, application form; other inquiries

When using our inquiry, contact and application forms, the “form data” (e.g. first name, surname, email address, address, telephone number, your message, time of transmission) that you enter or “attach” to your message as shown in the respective form will be processed.

If you contact us by e-mail, telephone or fax, the personal data you provide (e.g. name, telephone number) will be processed.

III. Purpose and legal basis of the data processing

We process the personal data specified above in accordance with the provisions of the GDPR, the other relevant data protection regulations and only to the extent necessary. Insofar as the processing of personal data is based on Art. 6 para. 1 f) GDPR, the aforementioned purposes also represent our legitimate interests.

1. Protocol Data

The processing of “form data” is carried out to process inquiries from interested parties and customers. The legal basis is Art. 6 (1) a), b) and/or f) GDPR. The same applies to data processing for other inquiries by email, telephone and/or fax.

2. Form data; requests by e-mail, telephone, fax

The processing of “form data” is carried out for the processing of inquiries from interested parties and customers. The legal basis is Art. 6 (1) a), b) and/or f) DS-GVO. The same applies to the processing of data for other enquiries by e-mail, telephone and/or fax.

IV. Duration of the data processing

Your data will only be processed for as long as is necessary to achieve the above-mentioned processing purposes; the legal bases specified in the context of the processing purposes apply accordingly.

The log data is deleted after 14 days at the latest. If technically possible and reasonable, the IP addresses are anonymized after 24 hours.

With regard to the use and storage duration of cookies, please refer to point B.VI.

Third parties engaged by us will store your data on their system for as long as is necessary in connection with the provision of the services for us in accordance with the respective order.

You can find more details on the storage period under A.IV.

V. Further (categories of) recipient(s) and transfer to third countries

The following other (categories of) recipients, who are usually processors (see A.VI.), may receive access to your personal data:

  • Service providers for the operation of our website and the processing of data stored or transmitted by the IT systems (e.g. for data center services, customer care, IT security). The legal basis for the transfer is Art. 6 para. 1 a), b) and/or f) GDPR (possibly in conjunction with Art. 49 para. 1 a), b), c), e) GDPR), insofar as these are not already processors;
  • Translators, (company) doctors, education and training providers, (potential) employers. The legal basis for the disclosure is § 26 BDSG, Art. 6 para. 1 a), b) and/or f) GDPR (if applicable in conjunction with Art. 49 para. 1 a), b), c), e) GDPR), unless we are already a processor;
  • Public bodies and institutions such as recognition/financial/foreigner/registration authorities, embassies, social insurance agencies, employment agency. The legal basis for the disclosure is § 26 BDSG, Art. 6 para. 1 b), c) GDPR;
  • other government bodies/authorities, insofar as this is necessary to fulfill a contractual and/or legal obligation. The legal basis for the transfer is Art. 6 para. 1 b), c) GDPR;
  • persons employed to carry out our business operations (e.g. auditors, banks, insurance companies, legal advisors). The legal basis for the disclosure is Art. 6 para. 1 b) or f) GDPR.
  • our respective cooperation partners in the areas of sourcing and recruitment, personnel consulting/development/placement and relocation. The legal basis for the disclosure is § 26 BDSG, Art. 6 para. 1 a), b) and/or f) GDPR (if applicable in conjunction with Art. 49 para. 1 a), b), c), e) GDPR), insofar as these are not already processors;
  • our partner company Start Medicare GmbH. The legal basis for the transfer is Art. 6 para. 1 a), b) GDPR.

For the guarantees of an appropriate level of data protection when transferring data to third countries, see A.VII.

In addition, we will only pass on your personal data to third parties if you have given your express consent to this in accordance with Art. 6 para. 1 a) GDPR (possibly in conjunction with Art. 49 para. 1 a) GDPR).

The following should also be noted:

1. Data transfer to processors and other service providers

We have carefully selected the service providers who process data on our behalf as processors and are therefore recipients of personal data, offer sufficient guarantees for suitable technical and organizational measures and are contractually obliged by us in accordance with Art. 28 GDPR.

We regularly transfer your personal data to the following processors and other service providers:

Type of processing activity Processor/Service provider Registeres office; server location Further data protection information

Website,

Host

 dogado GmbH D; D https://www.dogado.de/faq/artikel/fragen-zum-datenschutz-und-dsgvo/
https://www.dogado.de/server/colocation
Mailprovider, Microsoft Office 365 Microsoft Corporation USA; D https://privacy.microsoft.com/de-de/privacystatement
Cloud, Autotask Workplace Datto Inc USA; DK https://www.datto.com/de/datto-brexit-statement

2. Data transmission to third-party providers

We also present and broker services from third-party providers on our website.

If you wish to order or make use of these products and services from third-party providers, it is necessary for the possible conclusion of a contract with the respective third-party provider that you provide your personal data, which we require to process your request or order.

We process the data you provide to process your request or order. In particular, we transmit to the respective third-party provider the data required for the possible establishment of the contractual relationship with the respective third-party provider and the processing of this contractual relationship. The legal basis for this is Art. 6 para. 1 b) GDPR.

Under these conditions, for example, the following companies in particular may be considered as providers of services brokered by us or non-binding services presented by us from third-party providers and thus as recipients of your personal data:

  • Deutsche Fachkräfteagentur für Gesundheits- und Pflegeberufe (DeFa), Bismarckstraße 128, 66121 Saarbrücken, e-mail: info@defa-agentur.de; information on data protection in the footer at https://www.defa-agentur.de/de

VI. Use of cookies, plugins and other services on our website

1. Cookies

We use cookies on our website. Cookies are data records that are assigned and stored on your data carrier to the browser you are using by means of a characteristic character string and through which certain information flows to the body that sets the cookie. A cookie usually contains the name of the domain from which the cookie data was sent as well as information about the age of the cookie and an alphanumeric identifier.

Cookies cannot execute programs or transfer viruses to your computer and therefore cannot cause any damage. They are used to recognize the user’s device, to make any default settings immediately available and to make our website more user-friendly and effective overall, i.e. more pleasant for you, by enabling us to offer you a better service tailored to your needs. They enable us to recognize your device when you return to our website.

Cookies can therefore contain data that makes it possible to recognize the device used. In some cases, however, cookies only contain information on certain settings that are not personally identifiable. However, cookies cannot directly identify a user.

A distinction is made between session cookies, which are deleted as soon as you close your browser, and permanent cookies, which are stored beyond the individual session.

The cookies we use only store the data explained above about your use of the website. This is not done by assigning it to you personally, but by assigning an identification number to the cookie (“cookie ID”). The cookie ID is not merged with your name, IP address or similar data that would allow the cookie to be assigned to you.

If you do not wish to use browser cookies, you can set your browser so that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website to a limited extent or not at all. If you only wish to accept our own cookies, but not the cookies of our service providers and partners, you can select the “Block third-party cookies” setting in your browser.

Any use of cookies that is not absolutely technically necessary constitutes data processing that is only permitted with your consent – which can be revoked at any time with effect for the future – in accordance with Art. 6 Para. 1 a) GDPR.

In addition, we will only pass on your personal data processed by cookies to third parties if you have given your consent in accordance with Art. 6 para. 1 a) GDPR (possibly in conjunction with Art. 49 para. 1 a) GDPR).

We currently only use session cookies that implement the language selection of visitors to our website, i.e. that are technically necessary for the website to be displayed in the selected language as requested by the website visitor.

The following list provides more information on how to disable or manage your cookie settings in the browser you are using:

Google Chrome: https://support.google.com/chrome/answer/95647?hl
Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
Internet Explorer: http://windows.microsoft.com/en-GB/windows-vista/Block-or-allow-cookies
Microsoft Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
Safari: http://help.apple.com/safari/mac/8.0/#/sfri11471

3. Social media

We do not use any social media plugins on our website. If our web pages contain symbols from social media providers (e.g. from “Facebook”), we only use these to passively link to the pages of the respective providers.

Our website contains the following links to websites that are operated jointly with or by third parties: https://www.facebook.com/talentscoutry/

This data protection declaration applies to the processing of personal data by such third-party providers in addition to the data protection declarations of these third-party providers. Please note that we cannot assume any responsibility for the content of third-party websites or for their compliance with data protection requirements.

We give you the opportunity to communicate directly with Facebook via the link and to interact with other users so that we can improve our offer and make it more interesting for you as a user.

The legal basis for the link and the resulting processing of your data is Art. 6 (1) f) GDPR.

We would like to point out that Facebook may also transfer personal data to third countries with (possibly) inadequate levels of data protection and process it there, in particular in the USA, where the US security authorities have far-reaching access to (personal) data of data subjects that is not limited to the necessary extent and against which there are no effective legal protection options.

Only if you click on the link and thus give your consent will Facebook receive the information that you have accessed the corresponding website of our online offer. The log data is also transmitted. By activating the link, your personal data is therefore transmitted to Facebook and stored there (in the case of US providers in the USA). As these third-party providers collect data via cookies in particular, we recommend that you delete all cookies via your browser’s security settings before clicking on one of the links mentioned, unless you wish to consent to the transfer of data anyway.

Further information on the purpose and scope of data collection and its processing by these third-party providers can be found below in the information on our social media presences (C.) and in their privacy policies. There you will also find further information on your rights and setting options to protect your privacy.

4. Data protection and third-party websites

Our website may contain hyperlinks to and from third party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you transmit personal data to these websites.

5. Fonts, graphics

We use a font from Google Fonts on our website. We have downloaded this font and stored it on our web server, i.e. integrated it locally. When loading and displaying the font, there is therefore no data exchange with “Google” (Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, and, for services aimed at consumers in the European Economic Area (EEA), Google Ireland Limited, Gordon House, Barrow Street, Dublin4, Ireland).

C. Social media

1. General

We maintain a publicly accessible profile on the social network “Facebook” (https://www.facebook.com/talentscoutry/).

Your visit to this profile triggers a number of data processing operations. Below we provide you with an overview of which of your personal data is collected, used and stored by us when you visit our profile.

You are not obliged to provide us with your personal data. However, this may be necessary for individual functionalities of our profile on Facebook. These functionalities will not be available to you, or only to a limited extent, if you do not provide us with your personal data.

When you visit our profile, your personal data is collected, used and stored not only by us, but also by the operator of the social network. This happens even if you do not have a profile on the social network yourself. The individual data processing operations and their scope are not necessarily comprehensible to us.

We would like to point out that Facebook or now Meta (Facebook Ireland Limited has changed its name to Meta Platforms Ireland Limited) may also transfer personal data to third countries with (possibly) inadequate levels of data protection and process it there, in particular in the USA, where the US security authorities have far-reaching access to (personal) data of data subjects that is not limited to the necessary extent and against which there are no effective legal protection options.

When you visit our website, Facebook/Meta places cookies on your device with the third-party provider, which remain effective for up to two years unless they are deleted beforehand. The purpose of these cookies is to store information in the web browser. Facebook/Meta processes the information stored in the cookies, stores the data collected about you as a user profile and uses it for the purposes of advertising, market research and/or needs-based design of the website. Such an evaluation is carried out in particular (even for users who are not logged in) to display needs-based advertising and to inform other users of the social network about your activities on our website.

You have the right to object to the creation of these user profiles, whereby you must contact Facebook to exercise this right.

Data is passed on regardless of whether you have an account with Facebook and are logged in there. If you are logged in with this provider, your data collected by us will be assigned directly to your existing account with this provider. We recommend that you log out regularly after using a social network.

If you use our profile on the social network to contact us (e.g. by creating your own posts, responding to one of our posts or sending us private messages), the data you provide us with will be processed by us exclusively for the purpose of contacting you. The legal basis for data collection is therefore Section 6 (1) a) and b) GDPR.

We delete stored data as soon as its storage is no longer required or you request us to delete it; in the case of statutory retention obligations, we restrict the processing of the stored data accordingly.

Otherwise, we have no influence on the data collected and data processing operations, nor are we aware of the full extent of data collection, the purposes of processing and the storage periods. We also have no binding information on the deletion of the data collected by Facebook.

II. Information on the collection of personal data

As the operator of a Facebook fan page, we can only view the information stored in your public Facebook profile, and only if you have such a profile and are logged into it when you visit our fan page.

Furthermore, Facebook/Meta automatically provides us with anonymized statistics of visitors to our Facebook fan page based on visits to our Facebook fan page according to parameters defined by us (so-called page insights, see https://www.facebook.com/legal/terms/information_about_page_insights_data), which we can use for the purposes of advertising, market research and/or demand-oriented design of our website. We do not have access to the usage data that Facebook collects to compile these statistics.

Facebook/Meta has undertaken to us to assume primary responsibility under the GDPR for the processing of this data, to fulfill all obligations under the GDPR with regard to this data and to make the essentials of this obligation available to those affected. As the operator of the Talentscoutry Fanpage, we do not make any decisions regarding the processing of Insights data and all other information resulting from Art. 13 GDPR, including the legal basis, identity of the controller and storage duration of cookies on user end devices.

This data processing serves our (and your) legitimate interest in improving the user experience when visiting our fan page in line with the target group. The legal basis for data processing is therefore Art. 6 para. 1 f) GDPR.

Meta Platforms Ireland Limited (formerly Facebook Ireland Ltd.) processes (personal) data when you use Meta products (formerly Facebook products) and thus also when you visit our Facebook page, even if you are not registered with any of the Meta/Facebook services. Meta/Facebook describes what (personal) data this is in detail, how, for what purposes and on what legal basis it is processed in its data policy (https://de-de.facebook.com/policy.php), which applies to all Meta/Facebook products. There you will also find information on how to contact Meta/Facebook and on the settings options for advertisements, cookies, etc.

Meta/Facebook also processes your data in the USA or other third countries, uses the standard contractual clauses approved by the EU Commission in accordance with the information at https://de-de.facebook.com/policy.php under “How do we process and transfer data as part of our global services?” and relies on the adequacy decisions issued by the EU Commission for certain countries.

Meta/Facebook provides more information about the cookies that Meta/Facebook sets when a Facebook account exists, Meta/Facebook products (including the website and apps) are used or other websites and apps that use the Meta/Facebook products are visited in the cookie policy (https://www.facebook.com/policies/cookies/).

You can also find information on how to manage information about you under this link: https://www.facebook.com/policies/cookies/

Further information on the purpose and scope of data collection and its processing by Meta/Facebook can be found in the privacy policy. There you will also find further information on your rights and setting options to protect your privacy:

Meta Platfoms Inc: 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; further information on data processing by Facebook: http://www.facebook.com/help/186325668085084, and http://www.facebook.com/about/privacy/your-info#everyoneinfo.

You can view the privacy policy for the social network Facebook, which is operated by Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, commercial register number 462932, at https://www.facebook.com/about/privacy/update?ref=old_policy, and the Facebook Page Insights supplement at https://www.facebook.com/legal/terms/page_controller_addendum.

 

D. Data protection information for (former/potential) applicants (“participants”)

The following information applies in addition to the “Data protection information for (potential) applicants and participants”, which is provided to the addressees. In the event of inconsistencies, the latter information shall take precedence.

I. General information on the processing of data of (potential) participants

Talentscoutry TM GmbH is a management and personnel consultancy, personnel and management developer, recruitment agency and relocation service provider. Among other things, we recruit, qualify and place specialists and talents on a national and international level, in particular qualified healthcare and nursing staff for the purpose of permanent work-related migration to Germany.

(Potential) participants are therefore all those interested in an employment relationship and applicants as well as (former) participants in Talentscoutry’s personnel recruitment, training and placement services, in particular (potential) employees, trainees, interns and other employees of our contractual partners

Under the following link we offer potential participants the opportunity to submit a speculative application via a form, and you can also apply to us by e-mail or post.

We provide the applicants (“participants”) with comprehensive support, from career planning to interview training, support during the application process, participation in specialist further training and language qualifications, fulfillment of the (official) requirements for relocation and its implementation, through to taking up employment in hospitals or other inpatient or outpatient (medical) care facilities.

For this purpose, we also process personal data in order to fulfill our legal and contractual or other obligations under the law of obligations, including towards our customers (the applicants/participants), the (potential) employers, our service providers, our other contractual partners, public authorities and other third parties.

II. Sources of data; data (categories)

In the case of an application and as part of the applicant selection process, such personal data is collected that is necessary in particular to identify you as an applicant, to correspond with you, to make a decision on the possible establishment of an employment relationship, and which is necessary for us to fulfill legal obligations.

We process personal data that we receive from interested parties, applicants and our (former) participants themselves. We also process personal data that we receive from third parties in a permissible manner, e.g. from our service providers and cooperation partners as well as from public bodies such as the Federal Employment Agency, tax offices, registration authorities, embassies and the relevant immigration authorities. We also process personal data that we are permitted to obtain and process from publicly accessible sources.

In particular, this may involve the following personal data:

  • Personal details, e.g. name, date/place of birth, nationality, address, religious denomination, disability;
  • Driving license data, certificate of good conduct, health data;
  • Data on education/further training and professional career;
  • Employment data (e.g. company, start/end date);
  • Emergency contacts (telephone number, name);
  • Financial data, e.g. remuneration, social benefits, bank details, tax number;
  • Social security data such as insurance numbers, statutory health insurance, sick leave;
  • IT usage data.

III. Purposes and legal bases of data processing

We process your personal data in accordance with the provisions of the GDPR, the Federal Data Protection Act (BDSG) and the other relevant laws on the basis of your consent, Art. 6 para. 1 a) GDPR, for pre-contractual measures and to fulfill (pre-)contractual obligations, Art. 6 para. 1 b) GDPR, to fulfill legal obligations, Art. 6 para. 1 c) GDPR and in the context of the balancing of interests, Art. 6 para. 1 f) GDPR, to protect our legitimate interests or those of third parties.

The collection and processing of data for the application process is (also) based on Section 26 BDSG, Art. 88 GDPR, Art. 6 para. 1 b) and Art. 9 para. 2 b) GDPR.

The processing of special categories of personal data, Art. 9 para. 2 GDPR, (e.g. health data) is based on your express consent or legal permission, see Art. 9 para. 2 GDPR.

The collection and processing of data is based for the application procedure (in addition) on § 26 BDSG, Art. 88 DS-GVO, Art. 6 para. 1 b) and Art. 9 para. 2 b) DSGVO.

The processing of special categories of personal data, Art. 9 (2) DS-GVO, (e.g. health data) is carried out on the basis of your explicit consent or a legal permission, cf. Art. 9 (2) DS-GVO.

IV. Other (categories of) recipients

We only pass on your personal data to third parties if the requirements of one of the aforementioned legal bases are met. Under this condition, the following recipients of your personal data, for example, come into question for the establishment and execution of the business relationship with you:

  • Processors and other service providers, e.g. translators, service providers for IT, telephone, payment transactions;
  • (Company) doctors;
  • Education and training providers;
  • Public bodies and institutions such as recognition/financial/foreigner/registration authorities, embassies, social insurance agencies, employment agency;
  • Your (potential) employers;
  • Our respective cooperation partners in the areas of sourcing and recruitment, personnel consulting/development/placement and relocation;
  • Our partner company Start Medicare GmbH

V. On the transfer of data to a third country

Your personal data may also be processed outside the EEA in third countries, namely the data transferred to the companies Microsoft Corporation (mail provider Microsoft Office 365), Datto, Inc (cloud) and Evenly Odd, Inc (“Knack”, platform for applicant data).

Please note that when data is processed in third countries with possibly inadequate levels of data protection, there is a risk that your data may be processed by government agencies in the third country for control and monitoring purposes without you always having adequate legal remedies against this.

VI. Storage period

We process your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations or to protect our legitimate interests or those of third parties. If the data is no longer required for the aforementioned purposes, it is regularly deleted unless you have given us your consent for further storage.

If we are unable to make you an offer, you reject an offer from us or a potential employer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 f) GDPR) for up to three months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed.

The retention serves in particular to provide evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 3-month period (e.g. due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies.

Longer storage may also take place if you have given your consent (Art. 6 (1) a) GDPR) or if statutory retention obligations prevent deletion.

VII Are you obliged to provide us with your data?

As an interested party, applicant and (potential) participant, you must provide such personal data as is required for the fulfilment of our legal and contractual or other obligations under the law of obligations and notify us without delay of any changes arising in the course of the business relationship.

If you do not provide us with the necessary data, we may not be able to fulfil our obligations resulting from the business relationship. Without this data, we will therefore usually have to refuse to conclude a contract with you or will no longer be able to perform an existing contract.

VIII Online meetings/trainings

Your data may also be processed during audio/video conferences, webinars, online meetings and online training courses such as language courses (online meetings for short, in each case closed groups without recordings). We use the following services for this purpose:

  • “BigBlueButton lern.link-Conference”, a program for web conferences from our processor lern.link GmbH, Kirchstr. 4, 82211 Herrsching, Germany, which is based on “BigBlueButton”, an open source software tool;
  • “Moodle lern.link-LMS”, a learning management system of our processor lern.link GmbH, Kirchstr. 4, 82211 Herrsching, Germany, which is based on the open source learning platform “Moodle”;
  • possibly another service requested by you; in this case, you are the data controller for data processing in the online meeting.

When using BigBlueButton for online meetings, various data are processed, also depending on the information you provide before and during participation in an online meeting. As a rule, the following personal data is processed, whereby optional information is marked accordingly in the application:

  • User details: first name, surname, nickname (pseudonym) if applicable, user ID, e-mail address, password, profile picture if applicable;
  • Sound and image of the user;
  • Meeting/device data: Topic, description, the lesson attended; participant IP addresses, hardware/software information;
  • Meeting content data: Audio, video and, if applicable, text data of any statements you make during an online meeting.

The purpose of processing your personal data is to be able to provide you with BigBlueButton as a tool for conducting online meetings and to be able to conduct the aforementioned meetings using BigBlueButton.

The legal basis for data processing when conducting online meetings is Art. 6 para. 1 a) GDPR (your consent), Art. 6 para. 1 b) GDPR, insofar as the online meetings are held to establish or conduct contractual relationships, otherwise Art. 6 para. 1 f) GDPR, because we have a legitimate interest in the effective conduct of online meetings.

Personal data that is processed during an online meeting is generally not passed on to third parties unless it is intended to be passed on. Please note that content from online meetings as well as face-to-face meetings is often used to communicate information with customers, interested parties or third parties and is therefore intended to be passed on.

IX. Applicant database

If we are unable to make you an offer, it may be possible to add you to our applicant database. If you are accepted, all documents and details from your application will be transferred to the applicant database so that you can be contacted in the event of suitable vacancies.

Inclusion in the applicant database takes place exclusively on the basis of your consent (Art. 6 para. 1 a) GDPR). Giving your consent is voluntary and is not related to the current application process.

You can revoke your consent at any time with effect for the future. In this case, the data will be irrevocably deleted from the applicant database, provided there are no legal grounds for retention.

The data from the applicant database will be irrevocably deleted no later than two years after consent has been granted.

Please contact us if you have any questions or queries.

Your team from Talentscoutry TM GmbH