Products
 
Creasing recommendations
 

Data protection for applicants

Information on handling your data as an applicant

1.    Name and address of the controller
Buchmann GmbH
Wasgaustraße 5
76855 Annweiler am Trifels
Landau Commercial Register

HRB 1078
VAT ID number DE 148929721

Phone: +49 (0)6346 927-0
E-mail: info@buchmannkarton.de

2.    Contact person personnel department
Mrs Caroline Tessé
Email address: bewerbung@buchmannkarton.de

3.    Data Protection Officer
has been commissioned as the External Data Protection Officer:
Mr Stefan Kleinermann
at Kleinermann & Sohn GmbH
Max Planck St. 9
52499 Baesweiler
dsb@das-datenschutz-team.de

4.    Competent supervisory authority for control and compliance with data protection law
The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate
Rear pale 34
55116 Mainz

5.    Purpose of the data collection, processing or use
As part of the application process, we would like to get to know each other - before you decide for us and we decide for you. Your application documents, which you send us in writing or in text form, should serve as a ba-sis. We would like to get to know each other better in person. The purpose of this data collection is to make a well-founded decision for a long-term relationship. All personal data you provide, including the data resulting from all attachments you enclose, will be processed by us in an Excel overview exclusively for the purpose of your application.

6.    Legal regulations on data protection
Pursuant to section 26 (1) sentence 1 BDSG in conjunction with Art. 88 (1) DSGVO. Art. 88 para. 1 DSGVO, the collection of data required for the establishment of the employment relationship is permitted. If you voluntarily provide us with data beyond what is necessary, data protection law allows us to do so within the framework of consent according to Art. 6 Para. 1 lit. a DSGVO.
We ensure that your personal data is processed in a way that guarantees the protection of your data. The data is processed by electronic means as well as in paper form. In doing so, we comply with security standards to protect your privacy and the risk of access to this data by unauthorised persons. We have taken extensive tech-nical and organisational precautions to protect the data you have made available to us from loss, manipulation, destruction and unauthorised access. Our security measures are continuously improved in line with technologi-cal developments and legal requirements.

7.    Personal data
You yourself determine the scope of the data you wish to transfer to us as part of your application. When you apply, we process data from you that you provide to us as part of your application. This can be contact data as well as all data related to the application (CV, certificates, qualifications, answers to questions, etc.). The legal basis for this results from § 26 BDSG.
We do not intentionally collect special types of personal data (information on racial and ethnic origin, political opinions, religious and philosophical beliefs, trade union membership, health or sex life) in the application pro-cess. Accordingly, we ask you not to provide any information on the above criteria as part of your application.

8.    Data correctness
You shall ensure that the personal data you provide is true, accurate and up-to-date. You may not apply on be-half of third parties. If you infringe the rights of third parties when using texts, photos or graphics, for example, you may be held liable.

9.    Obligation to provide personal data
The provision of personal data is neither legally nor contractually required. You are therefore not obliged to provide us with your data. However, it is not possible to carry out the application process without certain perso-nal data. This means that if you do not provide us with the required personal data as part of your application, we will not be able to process your application or enter into an employment relationship with you.

10.    Data subjects' rights
As a data subject of a data processing operation, you have, among others, the following rights under the GDPR (hereinafter also referred to as "data subject rights"):
 

Rights of access (Art. 15 GDPR)


You have the right to request information about whether or not we are processing personal data rela-ting to you.
The first copy is free of charge; an appropriate fee may be charged for further copies. A copy may only be provided insofar as the rights of other persons are not impaired thereby.

Right to rectify data (Art. 16 GDPR)


You have the right to request us to correct your data if it is incorrect and/or incomplete. This right also includes the right to completion through supplementary declarations or notifications.

Right to erasure of personal data (Art. 17 GDPR)


You have the right to request us to delete your personal data if
•    the personal data are no longer necessary for the purposes for which they were collected and processed;
•    the data processing is carried out on the basis of consent given by you and you have revoked the consent; however, this does not apply if there is another legal permission for the data pro-cessing;
•    you have objected to data processing, the legal permission for which lies in the so-called "legiti-mate interest" (according to Art. 6 para. 1 lit e or f DSGVO); however, deletion need not take place if there are overriding legitimate grounds for further processing;
•    you have objected to data processing for the purpose of direct marketing;
•    your personal data have been processed unlawfully;
•    it is data of a child collected for information society services (=electronic service) on the basis of consent (pursuant to Art. 8(1) DSGVO).

A right to delete personal data does not exist if
•    the right to freedom of expression and information precludes the request for deletion;
•    the processing of personal data 
•    to comply with a legal obligation (e.g. statutory retention obligations), 
•    for the performance of public duties and interests under applicable law (this includes "public health") or 
•    is required for archiving and/or research purposes;
•    the personal data is necessary for the assertion, exercise or defence of legal claims.

If personal data has been made public by us (e.g. on the Internet), we must ensure, as far as is techni-cally possible and reasonable, that other data processors are also informed of the deletion request, in-cluding the deletion of links, copies and/or replications.

Right to restriction of data processing (Art. 18 DSGVO)

You have the right to have the processing of your personal data restricted in the following cases:
•    If you have disputed the accuracy of your personal data, you can request that we do not use your data for any other purpose for the duration of the verification of the accuracy and thus restrict its processing.
•    In the event of unlawful data processing, you can demand the restriction of data use instead of data deletion;
•    If you need your personal data for the assertion, exercise or defence of legal claims, but we no longer need your personal data, you can request us to restrict processing to the purposes of le-gal proceedings;
•    If you have objected to data processing (pursuant to Art. 21 (1) DSGVO) and it is not yet clear whether our interests in processing outweigh your interests, you may request that your data not be used for other purposes for the duration of the review and thus that its processing be restricted.

Personal data the processing of which has been restricted at their request may - subject to storage - on-ly be 
•    with your consent, 
•    for the assertion, exercise or defence of legal claims, 
•    to protect the rights of other natural or legal persons, or 
•    processed for reasons of important public interest. 
If a processing restriction is lifted, they will be informed in advance.

Right to data portability (Art. 20 DSGVO)

You have the right to request the data you have provided to us in a common electronic format (e.g. as a PDF or Excel document). 
You may also request us to transfer this data directly to another (through designated) company, provi-ded that this is technically possible for us.
The condition for you to have this right is that
•    the processing is carried out by on the basis of consent or for the performance of a contract and is carried out with the aid of automated procedures;
•    the exercise of the right to data portability does not affect the rights and freedoms of other persons;


If you use the right to data portability, you also continue to have the right to data deletion according to Art. 17 DSGVO.

Right of appeal (Art. 77 GDPR)

You have the right to complain to a supervisory authority. For this purpose, you can contact the supervi-sory authority of your usual place of residence, your place of work or our company headquarters (The State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate).

Right of objection (Art. 21 DSGVO)

You have the right to object at any time, on grounds relating to your particular situation, to the proces-sing of personal data relating to you which is carried out on the basis of a balance of interests (Art. 6 (1) (f) DSGVO). This is particularly the case if the data processing is not necessary for the performance of a contract. If you exercise your right to object, we ask you to explain the reasons. We will then no longer process your personal data unless we can prove to you that compelling reasons worthy of protection for the data processing outweigh your interests and rights. Please send your objection to the contact address of the data controller given above.

Right of withdrawal (Art. 7 para. 3 DSGVO)

You have the right to revoke your consent to the processing of your data at any time. The revocation declared by you does not change the lawfulness of the processing of your personal data that took place until the revocation.
Exercise of data subject rights
To exercise the data subject rights, please contact the above-mentioned office. Requests submitted electronically will generally be answered electronically. The information, notifications and measures to be provided under the GDPR, including "the exercise of data subject rights", are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for processing or to refrain from taking action (Art. 12 (5) GDPR).
If there is reasonable doubt about your identity, we may request additional information from you for the purpose of identification. If we are unable to identify you, we are entitled to refuse to process your request. If we are unable to identify you, we will - as far as possible - notify you separately. (see Art. 12 Ab. 6 and Art. 11 DSGVO).

Requests for information will normally be processed without delay, within one month of receipt of the request. The deadline may be extended by a further two months if this is necessary, taking into account the complexity and/or number of requests; in the event of an extension of the deadline, we will inform you of the reasons for the delay within one month of receiving your request. If we do not act on a re-quest, we will inform you without delay, within one month of receipt of the request, of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking a ju-dicial remedy. (see Art. 12 para. 3 and para. 4 DSGVO).
Please note that you can only exercise your data protection rights within the framework of restrictions and limi-tations provided for by the Union or the Member States (Art. 23 GDPR).

11.    Recipients or categories of recipients of the data
Within the framework of the processing, your data may be transmitted to:
•    Persons within our company who are directly involved in data processing (e.g. human resources de-partment)
•    Service providers who are contractually bound and obliged to maintain confidentiality and who perform partial data processing tasks
•    External companies if this is necessary. Examples of this are postal service providers for the delivery of letters

12.    Data transfer to third countries
Data transfers to third countries are not planned and only occur within the framework of existing contractual requirements, necessary communication and other exceptions expressly provided for in Articles 44-49 of the GDPR. A further transfer to third countries does not currently take place.

13.    Duration of data storage / standard periods for deletion of data
We store your data for the time we need it to achieve the purposes outlined in point 5. No later than four mon-ths after the decision, the paper documents will be returned or the digital documents deleted. This deadline arises as protection against recourse under the General Equal Treatment Act (AGG). However, there may be legal regulations (e.g. the German Fiscal Code § 147) that require us to keep certain documents for six or ten years. After the retention period has expired, we delete data that is no longer required.

14.    Data processing
We process your data on our own server. This is protected against access by unauthorised persons by technical and organisational measures in accordance with Article 32 of the GDPR. An authorisation concept ensures that only authorised employees can access this data. Our security measures are continuously improved in line with technological developments and legal requirements.

Return