V2 (022024)
hiral GmbH uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data by the onlyfy one service and by hiral GmbH.
With regard to interaction within the company account of hiral GmbH, hiral GmbH and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.
onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social and jobs network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet.
With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with hiral GmbH, detailed information is available in the XING Privacy Policy at https://privacy.xing.com/en/privacy-policy. You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.
When submitting an application, you enter into a user relationship with New Work SE for the purpose of processing applications. In addition, you will receive support and New Work SE can present you with other opportunities in support of your career. A public profile will not be automatically created for you on the XING social and jobs network. The legal basis for New Work SE processing your data is, in particular, Article 6 (1)(b) GDPR (processing necessary for the performance of a contract).
You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of hiral GmbH in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to hiral GmbH only.
The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.
If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: https://www.cronofy.com/gdpr/ and https://docs.cronofy.com/policies/privacy-notice/
If you use the apply using WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.
The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here: https://www.pitchyou.de/en/pitchyou-gdpr. Candidate data from apply via WhatsApp are transferred to onlyfy one via an interface. Immediately after this transfer, candidate data are deleted from the apply via WhatsApp infrastructure in PitchYou. Further processing then takes place exclusively in onlyfy one.
Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here: https://www.whatsapp.com/legal/privacy-policy-eea.
Subject to your consent, your application will be sent from WhatsApp via the PitchYou infrastructure to onlyfy one. You have the right to withdraw your consent to this at any time. Either way, your application data will be deleted from the PitchYou infrastructure once transferred to onlyfy one, meaning that PitchYou will not process your data any further.
The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.
Dear Candidate,
Trust and confidentiality are the foundation of professional recruitment consulting. This includes, above all, the sensitive handling of your personal data. To provide you with the best possible advice and to send you interesting job offers, we require your consent.
Thank you for your trust.
Your hiral Team
I have understood and am aware of the following information provided by hiral regarding the collection, processing, use, transfer, and storage of my personal data by hiral and its contractual partners, including in European and non-European countries (hiral Data Protection Declaration as of January 28, 2025).
Since we collect, process, use, transfer, and store special categories of personal data, such as religious affiliation, severe disability, family status, etc., for the purposes outlined in section 4 in databases and also on servers outside the European Union, particularly in the USA, a separate consent from you is required.
Furthermore, the collection, processing, use, transfer, or storage of your personal data is permitted if other legal regulations allow or require this data processing.
By providing this consent, I agree to the collection, processing, use, and transfer of my special categories of personal data as described below.
By providing this consent, I also agree to the collection, processing, use, and transfer of my personal data to non-European countries, including data from a registration form as part of an online application, from job interviews, and any additional documents I provide, such as resumes, certificates, assessments, etc.
By providing this consent, I also pre-approve the transfer of my signed employment contract with hiral GmbH’s customer to hiral GmbH for billing purposes.
If I do not provide my consent(s), hiral will unfortunately not be able to accept or process my application further. There is no entitlement to the processing of my application.
You have the right to revoke or restrict this consent to the collection, processing, use, or transfer of your personal data at any time for the future.
By giving consent, you further declare that all data provided by you is complete and accurate. In case of any changes to your personal data, you agree to notify hiral of these changes promptly. The circumstances of your consent (date, time, content) are logged by us due to legal requirements.
All hiral employees, third parties involved in data processing (external service providers), and our contractual partners are obliged to maintain data confidentiality pursuant to § 53 BDSG.
For information or corrections regarding your personal data, or if you have any questions related to the processing of your personal data, or if you wish to revoke your consent for the future, please contact:
hiral GmbH
— Reference: Data Protection —
Grimm 14
20457 Hamburg
or
send an email to datenschutz@hiral.de.
This data protection information applies to data processing by the controller:
hiral GmbH
Grimm 14
20457 Hamburg
Germany
Email: datenschutz@hiral.de
Phone: +49 (0)40 – 228 992 80
During your registration as a candidate, we collect your personal data directly from you, your resume, references (previous employers or educational references), and online tests you may participate in at our request. Our clients may request additional personal data from you in connection with their job offers and requirements.
Additionally, we collect your personal data from other sources when you contact us via these channels, such as our website, social media platforms like Xing or LinkedIn, or when you provide your personal data at a job fair or promotional, networking, or training event.
We collect, among others, the following types of personal data:
We use your data to forward suitable job offers that match your criteria and preferences, or those our recruitment consultants deem potentially interesting for you.
If you have provided your consent, we disclose your personal data to clients who have corresponding vacancies to fill. Additionally, we may use your data for billing purposes with these clients.
If you share the data of others with us, we assume that they have given you their consent to share their data and that this consent also includes the collection, processing, and transfer of these data by hiral to the same extent as your data.
We also process your personal data for other legitimate business purposes, such as creating statistics, evaluating the success of our marketing campaigns, tracking the number of visitors to our website, and fulfilling legal and regulatory obligations and requirements.
We currently do not use technologies for automated decision-making to make final or conclusive decisions about you. A member of our staff is always involved in providing recruitment services for you.
hiral may disclose your personal data to external third parties without notifying you in the following cases:
To our clients in connection with providing private recruitment services (temporary employment and/or recruitment).
To companies and individuals we engage to perform business functions and services for us. Examples include payroll services enabling us to pay the salaries of our employees and temporary workers, applicant screening services, operating data storage facilities (including in the USA and in the cloud), hosting our web servers, performing data analyses and statistical evaluations, and providing legal, accounting, auditing, and other professional services.
To authorities, including police and other law enforcement agencies, regulatory authorities, credit bureaus, and third parties conducting penalties and terrorism checks.
To comply with applicable laws and court orders, or when we reasonably consider such action necessary to: (a) comply with laws requiring such disclosure; (b) protect the rights or property of hiral or group companies; (c) prevent a crime or offense, safeguard national security, or protect the safety of users of this website or the public.
To third parties to whom we sell or transfer parts of our business or business assets or with whom we merge. Similarly, we may acquire or merge with other businesses. If our business changes, we will notify you. To IT consultants performing testing and development work on our IT systems, processors contracted by us, and other service providers who may be located outside the EEA.
We impose reasonable contractual, security, confidentiality, and other obligations on the external service providers and processors we engage to process your personal data under our instructions and in accordance with legal requirements. They are not permitted to use your personal data for their purposes, and we ensure that your personal data is securely returned or destroyed when our business relationship ends.
Some of these external third parties are also controllers responsible for processing your personal data for their purposes, such as the local tax authority for tax matters. We may not impose obligations or restrictions on these controllers regarding how they process your personal data.
hiral stores your personal data only as long as necessary for the purposes for which we collect it. This means that we store your personal data for the duration of your business relationship with us and as long as we can provide further recruitment services for you, i.e., as long as we consider you interested in finding another or additional position, unless you have objected to further storage of the data.
We are legally obliged to retain basic information about our clients and candidates (including contracts, proof of identity, financial and transaction data) for legal, compliance, and tax purposes for ten years after the end of the business relationship.
We store your personal data in accordance with the applicable legal provisions and retention periods, which require us to retain your personal data for a longer period, e.g., to defend against legal claims.
In cases where no retention period is specified by law, we determine the appropriate retention period for personal data by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process the data and whether we can achieve these purposes by other means, as well as applicable legal requirements. In such cases, we may anonymize your personal data (so that it can no longer be associated with you and we cannot identify you) for market research and statistical purposes, in which case we may use this anonymized data indefinitely without further notice to you.
We aim to ensure that your personal data is accurate and up-to-date at all times. Besides your legal rights, you can request changes to your personal data or request a copy of your data via a simple request to datenschutz@hiral.de.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights if you request us to do so). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.
We use your personal data for recruitment purposes based on your consent (Art. 6 Para. 1 lit. f GDPR) and for the performance of the candidate agreement (Art. 6 Para. 1 lit. b GDPR). When we contact you proactively, we also rely on our legitimate interests as a recruitment agency (Art. 6 Para. 1 lit. f GDPR). A legitimate interest exists when we have a business or commercial reason to use your data in connection with operating and managing our business. When processing your personal data, we consider any potential impacts on you and your legal rights and strive to balance our mutual interests.
We do not use your personal data for activities where the effects on you outweigh our interests unless we have your consent or are otherwise required by law.
We only share your personal data with authorities, including police and other law enforcement agencies, when we are legally required to do so (Art. 6 Para. 1 lit. c GDPR).
This privacy policy is current as of January 28, 2025. The latest version of the hiral privacy policy is always available at https://www.hiral.de/datenschutz-kandidaten.
