1. Privacy notices in the context of Executive Search in accordance with article 13 GDPR, 14 GDPR
the protection of your personal data is a very important concern for us. Below we would like to inform you for what purpose HEADS! GmbH & Co. KG processes your personal data. You can also download the following informations (PDF).
Responsible
Heads! GmbH & Co. KG
Prinz-Ludwig-Palais
Türkenstr. 7
80333 München
Germany
Phone: +49-89-51 55 59-0
Fax: +49-89-5155 59-22
Website: www.headsinternational.com
Data protection officer
Herr Rechtsanwalt Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Köln
Germany
Phone: +49 (0)221 – 222 183 – 0
E-mail: mail(at)kinast.eu
Website: www.kinast.eu
We process the following sources/data categories
Sources:
XING, LinkedIn, other publicly available sources
Data categories:
- Applicant data (contact details, CV, cover letter)
- photo
- testimonials
- references
- salary information
Purpose and legal basis for data processing
To the extent that you have given us consent to the processing of your personal data for one or more specific purposes (e.g. information about other/further positions), the legal basis for the processing of your data is Article 6 (1) lit. (a) GDPR.
If the processing of personal data is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to ente- ring into a contract , Article 6 (1) lit. (b) GDPR serves as a legal basis.
The processing of personal data is necessary for compliance with a legal obligation to which controller is subject (e.g. commercial law, tax laws, etc.) results on the basis of Article 6 (1) lit. (c) GDPR.
If the processing is necessary in order to protect the vital interests of data subject or of another natural person, Article 6 (1) lit. (d) serves as a legal basis.
Article 6 (1) lit. (e) serves as a legal basis, if the processing of your personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Article 6 (1) lit. (f) serves as a legal basis if processing is necessary for the purposes of the legi- timate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
Need to provide personal data
The personal data collected is required for processing as part of the Executive Search.
Duration of processing
The processing of personal data ends with filling the position or after the completion of the man- date. After filling the job, the personal data will be deleted after 6 months. We will only process your personal data beyond this period if you have given your consent or if prolonged storage is required due to litigation. After the period of purpose or revocation of your consent, the relevant data will be routinely blocked and deleted in accordance with legal requirements.
Transmission to third parties
Data is passed on to third parties only on the basis of legal permits and within the scope of legal requirements.
Within our company, on the basis of your consent or due to the legitimate interest, only persons and bodies receive your personal data, which they receive for the purpose of placement or execu- tion of the contract with our clients, for fulfilment of administrative tasks, obtain legal obligations or business interests.
Outside of our company, we transmit your data to our clients who have instructed us to look for a suitable candidate based on our contractual obligation. If we use third-party services, we shall, for example, take appropriate legal precautions by entering into an order processing contract, as well as appropriate technical and organisational measures to protect the personal Data.
Transmission to third countries
The prerequisite for the transfer of personal data is that the third country ensures an appropriate level of data protection. This requires a separate decision from the European Commission. So far, the European Commission has only set this for individual countries (e.g. Canada, Switzerland, Argentina) and has made such findings. For all other countries, it is necessary to check on a case-by-case basis whether an adequa- te level of protection can be adopted. We will not transfer your personal data to a third country.
Affected rights
Article 13 (2) of the GDPR provides you with the following rights:
- The right to information (Article 15 GDPR)
- The right to rectify (Article 16 GDPR)
- The right to delete (Article 17 GDPR)
- The right to restrict processing (Article 18 GDPR)
- Right to revoke in the event of given consent (Article 7 GDPR)
- The right to data portability (Article 20 GDPR)
- Right to revoke in the event of automated individual decision-making, including profiling (Article 22 GDPR)
- The right to complain to a supervisory authority (Article 77 GDPR)
You have the right, for reasons arising from their particular situation, at any time against the processing of the personal data concerning you, which is due to Article 6 (1). F GDPR is made to appeal; This also applies to profiling based on these provisions. The person responsible will no longer process the personal data relating to you, unless he can prove compelling grounds for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves the purpose of Assertion, exercise or defence of legal claims.
Possibility of appeal:
You have the option to contact the aforementioned Data Protection Supervisor or a data protection regulator with a complaint. The data protection regulator responsible for us is:
State Office for Data Protection Supervision (BayLDA))
91522 Ansbach
Phone: +49 (0) 981 53 1300
E-mail: poststelle(at)lda.bayern.de
2. Data protection at a glance
The following information tells you everything you need to know about what happens to your personal data when you visit our website. Personal data is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our Privacy Policy found below.
The operator of this website takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with data protection legislation and this Privacy Policy. Whenever you use this website, we collect various personal data. We explain in this Privacy Policy, which data we collect and what they are used for. It also clarifies how and for what purpose this is done.
We draw your attention to the fact that data transmission over the Internet (e.g. when communicating by e-mail) may involve security gaps. It is not possible to protect such data completely against access by third parties.
Data collection on our website
Who is responsible for collecting data on this website?
The data collected on this website are processed by the website operator. The operator’s contact details can be found in the legal notice.
How do we collect your data?
On the one hand, we collect data that you provide us with. This could, for example, be data you enter on a contact form.
Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What is the legal basis for processing personal data?
The legal basis for processing personal data as described above is Art. 6 (1) (f) of the EU General Data Protection Regulation (GDPR). Processing this data is necessary to provide the website and serves to uphold the legitimate interest of our company.
Insofar as you have completed the contact form, the legal basis is Art. 6(1) (b) GDPR. The reason for this is that your personal data are necessary to fulfill a contract. This also applies to processing operations required for measures preliminary to a contract.
Where processing of personal data is required to meet a legal obligation to which our company is subject, the legal basis is Art. 6(1) (c) GDPR.
Where the processing of personal data is necessary to protect the vital interests of the affected person or that of another natural person, the legal basis is Art. 6(1) (d) GDPR.
Insofar as we have your consent for processing personal data, the legal basis is Art. 6(1) (a) GDPR.
Deletion and retention period
As soon as the data used to display the website are no longer required, they are deleted. The collection of data to provide a website and the storage of data in log files is essential for the operation of the website. Users do not have any option for objecting to this. The data may also be stored in individual cases where this is specified by law. Data may also be blocked or deleted once a legally defined storage period has expired, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.
3. General and compulsory information
Information on the Controller
The Controller responsible for processing data on this website is:
Heads! GmbH & Co. KG
Prinz-Ludwig-Palais
Türkenstr. 7
D-80333 Munich
Phone: +49-89-51 55 59-0
Fax: +49-89-5155 59-22
Website: www.headsinternational.com
Managing Partners:
Gil Alon, Adrian Fischer, Armin Gerneth, Barbara Hartmann, Dr. Wilhelm-Christian Helkenberg, Matthias Herkner, Dr. Claudia Kunkel, Dr. Christoph Netta, Christoph Zeiss, Alexander Zimmermann
What are your general rights regarding your data?
You have the right to obtain information at any time free of charge about the origin, recipients and purpose of your stored personal data. You also have the right to demand that your data be corrected, blocked or deleted. In addition, you have the right to restrict the processing of your personal data, the right of portability of your data and the right to notification.
Furthermore, you have the right to object to the processing of personal data relating to you at any time on grounds relating to your particular situation based on Art. 6(1) (e) or (f) GDPR; this also applies to profiling based on these provisions.
Moreover, we would like to point out the following:
Withdrawal of your consent to the processing of data
Many data processing operations are only possible with your express consent. You may at any time withdraw consent you have already given by sending us an informal notification by e-mail to the following address: datenschutz(at)headsinternational.com. Please note that this will not affect the processing of personal data obtained prior to the withdrawal of your consent.
Right to lodge a complaint with the responsible supervisory authorities
If there has been a breach of data protection legislation, you may lodge a complaint with the responsible regulatory authorities. The responsible supervisory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact data can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Right to data portability
You have the right to have data which we process based on your consent or automatically in fulfillment of a contract delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as orders or inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Information, blocking, deletion
As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.
Objections to promotional e-mails
We hereby expressly prohibit the use of contact data published in the context of website legal notice requirements for the purpose of sending promotional and informational materials not expressly requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is received.
4. Data protection officer
Legally prescribed data protection officer
The data protection officer designated by our company is:
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
Hohenzollernring 54
D-50672 Cologne
Phone: +49-221-222 183-0
Email: mail(at)kinast-partner.de
5. Data collection on our website
Analytics and third-party tools
When visiting our website, statistical analyses may be made of your surfing behavior. This is done primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.
You can object to this analysis. We will inform you below about how to exercise your options in this regard.
Cookies
Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called “session cookies.” They are automatically deleted after your visit. Other cookies remain in your device’s memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.
You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.
Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use (such as the shopping cart) are stored pursuant to Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy
Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files”. These are:
- Browser type and version
- Operating system used
- Referrer URL
- Host name of accessing computer
- Time of server request
- IP address
These data are not combined with other data sources.
The legal basis for data processing is Art. 6(1) (f) GDPR, which allows the processing of data to fulfill a contract or for measures preliminary to a contract.
6. Analysics and advertising
Google Analytics
This website uses functions of Google Analytics, a web analytics service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of this website is generally transmitted to a server in the United States by Google and stored there.
Google Analytics cookies are stored on the basis of Art. 6(1) (f)GDPR. The website operator has a legitimate interest in analyzing user behavior to optimize both its website and its advertising.
IP anonymization
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states that are party to the Agreement on the European Economic Area before being transmitted to the United States. In exceptional cases only, the full IP address will transmitted to a Google server in the United States and abbreviated there. Google will use this information on behalf of the website operator to analyze your use of the website, compile reports on website activities and provide additional services to the website operator in connection with use of the website and Internet usage. The IP address that is transmitted by Google Analytics will not be combined with other data held by Google.
Browser plug-ins
You can prevent these cookies from being stored by enabling the relevant setting in your browser software. Please note, however, that this may prevent you from using all the functions available on this website. In addition, you can prevent the information about your use of the website that is generated by the cookie (including your IP address) being passed on to Google and from being processed by Google by downloading and installing the browser plug-in available at https://tools.google.com/dlpage/gaoptout?hl=de.
Objection to data collection
You can prevent your data from being tracked by Google Analytics by clicking on the following link. An opt-out cookie is placed, which will prevent your data from being collected during future visits to this website: Disable Google Analytics.
More information on how user data is handled by Google Analytics is available in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=de.
Contract data processing
We have signed a agreement with Google to process contract data and fully implement the strict provisions of the German data protection authorities relating to the use of Google Analytics.
7. Plug-ins and tools
Google Web fonts
This website uses so-called web fonts provided by Google for the uniform representation of fonts. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.
For this purpose your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. Google Web fonts are used in the interest of presenting our website in a uniform and attractive way. This constitutes a justified interest pursuant to Art. 6(1) (f) GDPR.
If your browser does not support Google Fonts or prevents access, the content is displayed in a standard font.
Further information on Google Web fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy at https://www.google.com/policies/privacy/.
WPML
Our website uses the language plugin WPML from OnTheGoSystems Limited, 22/F 3 Lockhart Road, Wanchai, Hong Kong, to provide a German and an English language version of the website. WPML cookies – these are used by the WPML plugin to identify the preferred user’s language as our site is multilingual. WPML stores only those cookies that are important for it to function properly. You can find detailed information about the browser cookies stored by WPML at https://wpml.org/documentation/support/browser-cookies-stored-wpml.
