Skip to main content

Processing of (personal) data by the entity in charge of the online application process

1. General
This Privacy Policy explains how we, GEMA International AG, Neuhofstrasse 5A, 6340 Baar, Switzerland (hereinafter referred to as “we”, “us” or the like) collect and process personal data in connection with the operation and use of our website and its associated applications.The responsible and legally compliant handling of data is important to us. We comply at all times with applicable law, in particular Swiss data protection law and any applicable foreign data protection law, such as the EU European General Data Protection Regulation (EU-GDPR), according to whose standard this Privacy Policy is based.If you are acting on behalf of a company, we may assume that you are authorized to act on behalf of such company in connection with the acceptance of this Privacy Policy (apparent authority), regardless of the internal regulations and/or circumstances of that company and entries in the corresponding company/commercial register and without further verification of such authorization. When we refer to “you”, “your” or the like in this Privacy Policy, this always also refers to the company on behalf of which you are acting and the employees of such company.

2. Collection and processing of personal data
Personal data means any information relating to an identified or identifiable person. A data subject is a person whose personal data is processed. Processing includes any handling of personal data, in particular its collection, storage, archiving, use, modification, disclosure, and deletion.We primarily process personal data that we receive from you or collect about you in connection with the operation and use of our website and its associated applications. The input of personal or business data on our website and its associated applications is voluntary.In addition to the personal data that you provide us directly (e.g. when registering for a newsletter or using a contact form), the categories of personal data that we receive about you from third parties in particular include information from public registers (e.g. debt collection register or company/commercial register), credit information (if we conduct business with you) as well as data in connection with the use of our website and its associated applications (e.g. IP address, MAC address, settings, and other information about the device used, date and time of the visit, webpages and contents accessed, functions used, referring website, location details).
If you provide us with personal data of other persons (e.g. family members, work colleagues), you must ensure that these persons have agreed to such provision and have taken note of the contents of this Privacy Policy.

 3. Purpose of data processing and legal basis
We process personal data primarily for the following purposes:
Ensuring the operation of our website and its associated applications
Responding to inquiries you send us via contact forms on our website and its associated applications
Compliance with our legal obligations in Switzerland and abroad
In addition, we process personal data of you and other persons, to the extent permitted by law and where appropriate, also for the following purposes which are in our legitimate interest:

Further development of our website and its associated applications as well as of our offers and services
Marketing (e.g. sending newsletters), provided that you have not objected to this use of your personal data
Assertion of legal claims and defense in connection with legal disputes and official proceedings
We process personal data in accordance with Swiss data protection law and, where applicable, with the EU-GDPR. In relation to the EU-GDPR, we process personal data with the consent of the data subject (art. 6 para. 1 lit. a EU-GDPR), for the performance of a contract to which the data subject is party and for taking corresponding steps prior to entering into a contract (art. 6 para. 1 lit. b EU-GDPR), to comply with a legal obligation to which we are subject under any applicable EU law or under any applicable law of a country in which the EU-GDPR is wholly or partially applicable (art. 6 para. 1 lit. c EU-GDPR) and to protect the legitimate interests pursued by us or by third parties, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Legitimate interests are in particular our business interests to operate our website and its associated applications, information security, the enforcement of our own legal claims and compliance with applicable law (art. 6 para. 1 lit. f EU-GDPR).

If you have given us your consent to process your personal data for specific purposes (e.g. when registering for a newsletter), we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. A given consent can be withdrawn at any time, but this does not affect data processed prior to such withdrawal.

4. Retention period for personal data
We process and retain your personal data as long as required for the purposes pursued with the processing or for the performance of our contractual obligations and compliance with legal obligations as well as beyond this duration in accordance with legal retention and documentation obligations.Personal data may be retained for the period during which claims can be asserted against our company (e.g. in particular during the statutory limitation period) or insofar as we are otherwise legally obliged to do so or if legitimate business interests require further retention (e.g. for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible. In the case of long-term retention obligations, we limit the processing as much as possible.

5. Transfer of personal data
Within the scope of the purposes stated in section 3 and our business activities, we disclose your personal data, to the extent permitted by law and where appropriate, to third parties in Switzerland and abroad, in particular to our service providers, suppliers and auxiliary persons (e.g. hosting providers, software suppliers, IT service providers, newsletter service providers, debt collection service providers, banks, legal advisors/counsels) as well as to authorities, official offices or courts.If we transfer data to a country without adequate legal data protection, we ensure an appropriate level of protection as legally required by way of using appropriate contracts or we rely on the statutory exceptions, in particular the exceptions of consent, the performance of contracts as well as the establishment, exercise or enforcement of legal claims.

6. Newsletter
On our website, you are given the opportunity to subscribe to our newsletter. The input mask used for this purpose determines what personal data are transmitted.Newsletters may only be received if you have a valid e-mail address. A confirmation e-mail will be sent to the e-mail address registered by you. This confirmation e-mail is used to prove whether the owner of the e-mail address as the data subject is authorized to receive the newsletter.During the registration for the newsletter, we also store your IP address as well as the date and time of the registration. The collection of this data is necessary in order to understand the (possible) misuse of the e-mail address of a data subject at a later point in time, and it therefore serves the aim of the legal protection of the controller.
The personal data collected as part of a registration for the newsletter will only be used to send our newsletter. The subscription to our newsletter may be terminated at any time. The consent to the storage of personal data, which you have given for sending the newsletter, may be revoked at any time. For the purpose of revocation of your consent, a corresponding link is found in each newsletter. It is also possible to unsubscribe from the newsletter by communicating this to us in a different way.

8. Rights of data subjects
Persons about whom we process personal data have the right to request confirmation from us whether we process personal data and, if so, information about our processing of their personal data. Furthermore, data subjects may, if provided for under the data protection law applicable to them (in particular the EU-GDPR), restrict the processing of their personal data, exercise their right to data portability or have their personal data rectified, erased (“right to be forgotten”) or blocked, withdraw consents granted and object to the processing of their personal data. The exercise of the aforementioned rights usually requires that you clearly prove your identity. For this purpose, please send us a copy of your identification document if your identity is not otherwise clear or cannot be verified.
We reserve the right to enforce statutory restrictions on our part, for example if we are obliged to retain or process certain personal data, have an overriding interest (insofar as we may invoke such interest) or need the data for asserting claims. Please note that the exercise of the aforementioned rights may be in conflict with contractual agreements between you and us (e.g. on the provision of services that we are providing to you) and that this may result in consequences such as premature contract termination or costs. If this is the case, we will inform you in advance.

In addition, persons about whom we process personal data have the right to enforce their rights in court or to lodge a complaint with the competent data protection authority. The data protection authority of Switzerland is the Federal Data Protection and Information Commissioner (FDPIC). Information on the FDPIC can be found under the following link:
https://www.edoeb.admin.ch/edoeb/en/home.html
 
Data subjects and supervisory authorities can contact us by e-mail or by letter at the addresses listed in section 9.

9. Controller
The “controller” of the data processing as described in this Privacy Policy is GEMA International AG. In case of any data protection related concerns, you can contact our data protection officer (art. 37 EU-GDPR) by e-mail or by letter as follows:
GEMA International AG
Heiko Friedrich
Neuhofstrasse 5A
6340 Baar
Switzerland
data-privacy@thegema.com
 

10. Data security
We take appropriate technical and organizational security precautions to protect your personal data from unauthorized access and misuse (e.g. encryption of data media and data transmissions, access restrictions). The access to our website and its associated applications is via SSL/TLS encryption.
 

11. Amendments
We may amend this Privacy Policy at any time without prior notice. The current version published on this website applies.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.