J. Müller logo – Logistics & Port Operations
de en

Privacy Notice for Applications and Employment Contracts in accordance with the GDPR

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG), and other data protection regulations is:

J. MÜLLER Aktiengesellschaft /
J. MÜLLER Weser GmbH Co. KG.
Neustadtstrasse 15
26919 Brake

Phone: 04401 / 914-0
Fax: 04401 / 914-109
Email: info@jmueller.de

 

II. Contact Details of the Data Protection Officer

The data protection officer of the controller can be reached at:

TÜV Informationstechnik GmbH
Unternehmensgruppe TÜV NORD
IT Security, Business Security & Privacy

Langemarckstraße 20
45141 Essen

Phone: 0201 – 8999-899
Fax: 0201 - 8999-666
Email privacyguard@tuvit.de

 

III. Data Processing in the Context of Application Procedures

1. Scope of Processing Personal Data
As part of the application process, we process only personal data related to your application and necessary for assessing your professional and personal qualifications for the position to be filled. This may include general personal data (such as name, address, and contact details), details of professional qualifications and education, information on professional training, or other details of your career that you provide in connection with your application.

2. Legal Basis and Purpose of Processing Personal Data
We process the data specified in Section III.1 for the purpose of deciding on the establishment of an employment relationship and—if an employment relationship is established between you and us—for the execution or termination of the employment relationship and to exercise or fulfill legal rights and obligations. This processing is based on § 26 BDSG.

Furthermore, we may process personal data if necessary for asserting or defending legal claims arising from the application process. The legal basis for this is Art. 6 (1) (f) GDPR, with our legitimate interest being the protection of our legal positions.

3. Sources
If you do not submit your application to us directly but instead via an external online portal or recruiter, we initially collect your data through these third parties.

4. Recipients
Within our company, only those persons have access to your personal data who require it for the purposes listed in Section III.2.

We will only transfer your personal data to external recipients if legally permitted or if you have given your consent. External recipients may include:

  • Data Processors: Service providers we use to deliver services, for example, in the areas of IT infrastructure and system maintenance.
  • Public Authorities: Government agencies and institutions such as social security providers, courts, or other authorities to whom we must transmit personal data due to legal obligations.
  • Private Entities: Tax consultants, insurance companies, or similar auxiliary persons who receive data based on legal grounds or with your consent.

5. Data Deletion and Storage Duration
We delete your personal data after the application process has been completed unless a legal provision or your consent allows for longer retention. In such cases, we delete your personal data upon expiration of the legal permission or upon withdrawal of consent.

6. Obligation to Provide Data
You are not obliged to provide us with personal data. However, depending on the individual case, providing certain personal data may be required for making a decision regarding the establishment and execution of an employment relationship with us. If you do not provide the necessary personal data, we may not be able to make a decision regarding your employment with us.

IV. Data Processing in the Context of Employment Contracts

1. Scope of Processing Personal Data

As part of your employment relationship, the data you have provided (e.g., resume, emergency contacts) as well as data generated in the course of the employment relationship (e.g., salary data, sick leave, caregiving leave, parental leave) will be processed.

The processing and transmission of data are carried out for payroll and salary processing and compliance with record-keeping, reporting, and disclosure obligations, insofar as this is required by law, collective agreements, or contractual employment obligations. This includes automatically generated and archived text documents (such as correspondence) in these matters. Without this data, we cannot conclude or fulfill the contract with you. This also applies to all voluntary social benefits provided by the employer as well as to external training and further education offers.

We generally collect and use personal data of our employees only to the extent necessary to establish and carry out the employment relationship. The collection and use of personal data of our employees beyond this regularly take place only with the employee’s consent. An exception applies in cases where obtaining prior consent is not possible for factual reasons, and the processing of the data is permitted by legal provisions.

2. Legal Basis for Processing Personal Data

1. For personal data pursuant to Art. 4 No. 1 BDSG

  • Processing is based on consent (Art. 6 para. 1 lit. a) GDPR) - without employment context

  • Pre-contractual performance (Art. 6 para. 1 lit. b) GDPR) - without employment context

  • Contractual performance (Art. 6 para. 1 lit. b) GDPR) - without employment context

  • Processing is required for a legal obligation (Art. 6 para. 1 lit. c) GDPR)

  • Processing is carried out to protect vital interests (Art. 6 para. 1 lit. d) GDPR)

  • Processing is in the public interest or carried out in the exercise of official authority (Art. 6 para. 1 lit. e) GDPR)

  • Legitimate interests of the controller or a third party (Art. 6 para. 1 lit. f) GDPR)

  • Processing is based on a purpose change (Art. 6 para. 4 GDPR).

  • Processing is carried out for the establishment of an employment relationship (see § 26 para. 1 sentence 1 BDSG).

  • Processing is carried out for the execution or termination of an employment relationship (see § 26 para. 1 sentence 1 BDSG).

  • Processing is necessary for the exercise or fulfillment of rights and obligations arising from a law, collective agreement, or works agreement regarding employee representation (see § 26 para. 1 sentence 1 BDSG).

  • Processing is carried out for the detection of criminal offenses in the employment relationship (see § 26 para. 1 sentence 2 BDSG).

  • Processing is carried out based on the consent of employees (see § 26 para. 2 BDSG).

  • Processing is carried out based on collective agreements (see § 26 para. 4 BDSG).

 

2. For Special Categories of Personal Data under Art. 9 (1) GDPR

  • Processing is based on consent (Art. 9 para. 2 lit. a) GDPR) - without employment context.

  • Processing takes place in the context of social law (Art. 9 para. 2 lit. b) GDPR in conjunction with § 22 para. 1 no. 1a BDSG).

  • To fulfill legal obligations under labor law or social law (Art. 9 para. 2 lit. b) GDPR in conjunction with § 26 para. 3 BDSG) "employment context".

  • Processing is based on a collective agreement or a works agreement (Art. 9 para. 2 lit. b) in conjunction with § 26 para. 4 BDSG) "employment context".

  • Vital interests exist / no consent possible (Art. 9 para. 2 lit. c) GDPR).

  • Processing takes place in accordance with Art. 9 para. 2 lit. d) GDPR.

  • Processing relates to personal data that data subjects have obviously made public (Art. 9 para. 2 lit. e) GDPR).

  • Processing is necessary for the establishment, exercise, or defense of legal claims (Art. 9 para. 2 lit. f) GDPR).

  • Processing takes place in accordance with Art. 9 para. 2 lit. g) GDPR.

  • Processing takes place in accordance with Art. 9 para. 2 lit. h) GDPR in conjunction with § 22 para. 1 no. 1b BDSG.

  • Processing is carried out for archiving purposes in the public interest, scientific or historical research purposes, or for statistical purposes (Art. 9 para. 2 lit. j) GDPR).

3. Sources
If your employment data is not submitted directly to us but via an external portal or recruiter, we first collect your data from these third parties.

4. Recipients
Only those persons within our organization who require access to your personal data for the purposes specified in IV.1. have access to it. We only transfer your personal data to external recipients if a legal permission exists or if we have obtained your consent for this purpose. External recipients may include:

  • Processors: Service providers that we use to provide services, for example, in the areas of technical infrastructure and maintenance of our IT systems.

  • Public authorities: Government agencies and state institutions, such as social security agencies, courts, or authorities, to which we are legally required to transmit personal data.

  • Private entities: Tax consultants, insurance companies, or similar auxiliary persons to whom data is transmitted based on consent or a legal basis.

5. Data Deletion and Retention
The personal data of employees is deleted or blocked as soon as the purpose of storage ceases to exist. Storage may also take place beyond this if it is required by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. Data will also be blocked or deleted when a legally prescribed retention period expires, unless further storage of the data is necessary for the conclusion or fulfillment of a contract.

6. Obligation to Provide Data
The provision of personal data is required for the execution of an employment relationship with us. If you do not provide us with this personal data, we may not be able to establish an employment relationship with you.

V. Rights of the Data Subject

If your personal data is processed, you are considered a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

1. Right of Acces

You have the right to request confirmation from the controller as to whether personal data concerning you is being processed.

If such processing is taking place, you may request information from the controller regarding:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or categories of recipients to whom the personal data concerning you has been disclosed or will be disclosed;

(4) the planned duration of storage of the personal data concerning you or, if specific information is not available, the criteria used to determine the storage duration;

(5) the existence of a right to rectification or erasure of the personal data concerning you, a right to restriction of processing by the controller, or a right to object to such processing;

(6) the existence of a right to lodge a complaint with a supervisory authority;

(7) all available information about the source of the data if the personal data was not collected from the data subject;

(8) the existence of automated decision-making, including profiling, pursuant to Art. 22 para. 1 and 4 GDPR, and—at least in these cases—meaningful information about the logic involved as well as the significance and the intended effects of such processing for the data subject.

You have the right to request information on whether personal data concerning you is transferred to a third country or an international organization. In this context, you may request to be informed about the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

VI. Right to Rectification
You have the right to request that the controller corrects or completes any inaccurate or incomplete personal data concerning you. The controller must make the correction without undue delay.

VII. Right to Restriction of Processing

You have the right to request the restriction of processing of your personal data under the following conditions:

(1) if you contest the accuracy of your personal data for a period that allows the controller to verify the accuracy of the personal data;

(2) if the processing is unlawful, and you oppose the erasure of the personal data and instead request the restriction of its use;

(3) if the controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims; or

(4) if you have objected to processing pursuant to Art. 21 para. 1 GDPR and it has not yet been determined whether the legitimate grounds of the controller override your grounds.

If the processing of your personal data has been restricted, such data—apart from being stored—may only be processed with your consent or for the establishment, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

If the restriction of processing has been imposed based on the above conditions, you will be informed by the controller before the restriction is lifted.

VIII. Right to Erasure (Right to be Forgotten)

a) Obligation to Delete

You have the right to request the controller to erase personal data concerning you without undue delay, and the controller is obliged to erase this data without undue delay if one of the following reasons applies:

(1) The personal data concerning you is no longer necessary for the purposes for which it was collected or otherwise processed.

(2) You withdraw your consent on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.

(3) You object to the processing pursuant to Art. 21 para. 1 GDPR, and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Art. 21 para. 2 GDPR.

(4) The personal data concerning you has been processed unlawfully.

(5) The erasure of the personal data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.

(6) The personal data concerning you was collected in relation to the offer of information society services pursuant to Art. 8 para. 1 GDPR.

b) Notification to Third Parties
If the controller has made the personal data concerning you public and is obliged to erase it pursuant to Art. 17 para. 1 GDPR, the controller shall take reasonable steps, including technical measures, taking into account available technology and implementation costs, to inform data controllers processing the personal data that you, as the data subject, have requested the erasure of all links to this personal data or of copies or replications of this personal data.

c) Exceptions

The right to erasure does not apply to the extent that processing is necessary:

(1) for exercising the right to freedom of expression and information;

(2) for compliance with a legal obligation that requires processing under Union law or the law of the Member States to which the controller is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health pursuant to Art. 9 para. 2 lit. h and i as well as Art. 9 para. 3 GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of this processing; or

(5) for the establishment, exercise, or defense of legal claims.

IX. Right to Notification

If you have exercised your right to rectification, erasure, or restriction of processing against the controller, the controller is obliged to inform all recipients to whom your personal data has been disclosed of this rectification, erasure, or restriction of processing, unless this proves to be impossible or involves disproportionate effort.

You have the right to be informed by the controller about these recipients.

X. Right to Data Portability

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, and machine-readable format. You also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data was provided, provided that:

(1) the processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR, or on a contract pursuant to Art. 6 para. 1 lit. b GDPR, and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. The rights and freedoms of others must not be adversely affected by this.

The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

XI. Right to Object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out pursuant to Art. 6 para. 1 lit. e or f GDPR; this also applies to profiling based on these provisions. Automated individual decision-making, including profiling within the meaning of Article 22 GDPR, does not take place in connection with an application with us.

The controller will no longer process the personal data concerning you unless they can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing is for the establishment, exercise, or defense of legal claims.

You also have the option, in connection with the use of information society services—regardless of Directive 2002/58/EC—to exercise your right to object by automated means using technical specifications.

XII. Right to Withdraw Consent under Data Protection Law

You have the right to withdraw your consent under data protection law at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

XIII. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing—including profiling—that produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:

(1) is necessary for entering into or fulfilling a contract between you and the controller,

(2) is authorized by Union or Member State law to which the controller is subject and that law contains appropriate measures to safeguard your rights, freedoms, and legitimate interests, or

(3) is based on your explicit consent.

However, such decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR unless Art. 9 para. 2 lit. a or g applies and appropriate measures have been taken to protect your rights, freedoms, and legitimate interests.

In cases referred to in (1) and (3), the controller shall implement appropriate measures to safeguard your rights, freedoms, and legitimate interests, including at least the right to obtain human intervention by the controller, to express your point of view, and to contest the decision.

XIV. Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of your personal data violates the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

 

Warum wir Cookies verwenden.

Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell, während andere uns helfen, diese Website und Ihre Erfahrung zu verbessern.

Speichern
Alle akzeptieren
Impressum Datenschutz
Warum wir Cookies verwenden.

Wir nutzen Cookies auf unserer Website. Einige von ihnen sind essenziell, während andere uns helfen, diese Website und Ihre Erfahrung zu verbessern.

Notwendige Cookies helfen dabei, eine Webseite nutzbar zu machen, indem sie Grundfunktionen wie Seitennavigation und Zugriff auf sichere Bereiche der Webseite ermöglichen. Die Webseite kann ohne diese Cookies nicht richtig funktionieren.

Marketing-Cookies werden verwendet, um Besuchern auf Webseiten zu folgen. Die Absicht ist, Anzeigen zu zeigen, die relevant und ansprechend für den einzelnen Benutzer sind und daher wertvoller für Publisher und werbetreibende Drittparteien sind.

Speichern
Alle akzeptieren
Impressum Datenschutz
Your cookie preferences have been saved.