Data Protection Declaration and the Provision of Information for epunkt Candidates (Art 13 GDPR)
First things first: We keep your personal data confidential and conform with the statutory data protection regulations.
We would like to provide you with information concerning which personal data we collect from you in the event of you registering with our candidate portal, why we require it, and who you can contact should you have any questions. All personal designations are deemed to be gender neutral. Only the male form is used for reasons of legibility.
Who is the Data Protection Declaration for?
The declaration is for persons (hereafter also referred to as candidates) who wish to register a career profile on our candidate portal with epunkt free of charge either when applying for a vacancy or when submitting an unsolicited application.
Who are we?
We are epunkt GmbH (hereafter referred to as “epunkt“) with legal domicile in Linz. We are the market leader in recruiting in Austria and specialise in the placement and advising of specialised and executive staff.
epunkt GmbH, FN 210991g
T: +43 732 611 221
F: +43 732 611 221 -20
Companies that are affiliated with epunkt
Our company includes subsidiaries and epunkt franchise partners that have access to and receive your data for the following purposes:
- Franchise partners exist in Germany (see under www.epunkt.com/en/u/offices-germany/) that concern themselves with the placement and advising of specialised and executive staff, they being provided with your data for the purpose of filling vacancies in this market.
- In the Austrian market, the brand Talentor is present with two companies, Talentor International GmbH and Talentor Austria GmbH (registered office Universitätsring 8/6, 1010 Vienna, Austria), which are active in the executive search branch in the Austrian market (see www.talentor.com/l/talentor-austria). These companies receive access to your data for placing executive-level positions in Austria and internationally.
As a candidate, you can assert your data protection rights (see below) centrally with the epunkt GmbH data protection officer. All of the affiliated companies have an obligation to maintain confidentiality and adhere to the valid data protection legislation.
Why do we process your data?
We use your data in order to provide career advice and for job placements. You can register with our candidates pool for this without you applying for a specific position. As soon as job vacancies exist that match your candidate profile, you will be contacted by an epunkt recruiting partner by email or telephone in order to discuss the next steps with you.
Candidates can also create a profile and thereby apply direct for a specific position. It is unfortunately not always the case however that the first vacancy you actively apply for is successful. In this case, an epunkt recruiting partner shall also contact you by email or telephone as soon as there are other vacancies that match your profile.
What is the legal basis on which we process your personal data?
We process your personal data on the basis of your express consent (Art 6 Par. 1 a and Art 9 para. 2 a GDPR), that you can provide us with specifically and voluntarily. Without your consent, we cannot and shall not process your personal data, the exception being that the processing is (also) carried out in order to meet legal obligations and from a justified interest (Art 6 para. 1 f GDPR) in connection with the assertion, exercising or defending against legal claims(e.g. claims being asserted under the Austrian Equal Treatment Act).
Neither do you have a legal obligation to disclose your personal data, nor does a contractual one exist. However, we are unable to accept any job applications from you without your personal data and we are also unable to inform you with regard to appropriate job vacancies.
Which personal data do we collect and process?
The following data are collected when you create a profile, we then processing them later:
- IP address, registration data (login, password)
- Personal data (first name, surname and date of birth)
- Address data
- Contact data (telephone number, email address)
- Application documents (curriculum vitae or certificates)
- Career (information concerning your previous employment)
- Educational data (study or school qualification data)
- Vocational requirements (desired extent of the employment, the desired salary, period of notice)
- Skills & qualifications (supplementary training, certificates, languages, hobbies)
- Date and time (of the registration or update)
Your data is supplemented by an epunkt contact during the course of the recruiting process:
- Job interviews, memos, and remarks concerning your profile (information concerning why you wish to change jobs)
- Residence permit (from candidates from non-member states)
- Email communication with the contact
- Job positions that we suggest to you or that you apply for
- Indexing your profile in order to find it easier
We wish to point out that health-related data, information concerning your racial or ethnic origin, political or religious views, trade union membership or sexual orientation are data that are especially worth protecting (special personal data as defined in Art. 9 GDPR). We therefore request you to not send us such data, neither in your curriculum vitae, nor in other documents.
Does profiling take place?
Our recruiting process does not include any automatisms that result in candidates being automatically removed from the application process or being automatically recommended to one of our clients. The decision concerning which candidates are to be contacted regarding which positions or whether their data are to be forwarded to one of our clients, is always made by the responsible Talentor personnel consultant.
Candidate profiles are indexed in the candidates database in order to find them easier, this enabling appropriate job positions to be suggested efficiently. The indexing includes data from the application documents regarding the skills and qualifications or the career. When new job vacancies exist, these tags are used in order to match the candidate profiles and all of the other data with the job requirements.
The epunkt employees also use search algorithms in order to match candidate profiles with job positions. With the assistance of this method, is is also possible to find candidates that use synonymous terms (e.g. consultant instead of Berater) in their advertising documents.
Who is provided with your data?
In order to fulfil a purpose, epunkt employees and employees from companies affiliated with epunkt (see above) have access to all of the data stipulated under “Which personal data do we collect and process?”.
We suggest matching job positions to you in the scope of the recruiting process. After an interview at epunkt or after we have contacted you, we forward your data for a specific job position to individual clients. The client is not granted full access to your data, a so-called candidate report is generated as a PDF document. This report is issued in relation to the position and comprises your master data (personal data, address and contact data), your professional requirements (e.g. desired salary or period of notice), the appraisal of the epunkt recruiting partner on the basis of the interview and the memos. Our clients are placed under a contractual duty of confidentiality and secrecy.
epunkt clients may be obligated to pay a fee to epunkt for up to two years after epunkt has transmitted the candidate data to them. Clients might also save candidate data (name, date of birth, and e-mail address) for this period of time.
Technical service provider
We are supported with the provision of our services by service providers (so-called order processors). Examples of such service providers are the producer of our recruiting software or the hosting providers that provide us with the server for the operation of the software. These service providers have access to your data on a case by case basis for maintenance purposes. They have a contractual duty of confidentiality on the basis of an order processor agreement pursuant to Art. 28 GDPR in addition to them being contractually obliged to implement data security measures, whereby the adherence to these measures is regularly checked by us.
It could be possible that we have to grant authorities or courts of law access to your data on a case by case basis for the purpose of fulfilling legal obligations or in order to defend ourselves against legal claims.
What are your rights?
The General Data Protection Regulation (Articles 15 to 22) stipulates that you have information, deletion, restriction, data transfer, amendment and contradictory rights. We would like to explain some of these rights to you in more detail:
- Your information and amendment right
You shall obviously be provided with information with regard to your personal data that we store and process. Should your data no longer be applicable or be incomplete, you can demand that it be amended or supplemented.
- Your right to have your personal data revoked or deleted
You can revoke your consent at all times and exercise your “right to be forgotten“. In this case, we have a duty to deleting your personal data and to informing all of those who we have transferred your personal data to of your deletion request. Your revocation of the consent does not affect the legality of the processing that has taken place until receipt of the revocation on the basis of the consent.
- Your restriction, data transferability and contradiction rights in addition to measures in connection with the automated making of decisions
You can also exercise processing or provision restriction rights with regard to your data within the scope of the data transferability right in addition to you being entitled to contradict the processing or provision of your data (especially in direct marketing). You can also demand that diverse measures be adopted in the scope of the automated data processing (e.g. personal intervention or the presentation of your own point of view).
You also have the right to file a complaint with the data protection authority should you believe that your rights have been infringed. The contact data of the Austrian data protection authority is to be found here: www.dsb.gv.at/kontakt
How long do we store your personal data for?
Your personal data are basically stored until such time as you revoke your granted consent. It is possible however that statutory documentation obligations (e.g. Austrian fiscal code in connection with filled vacancies) or the documentation for the assertion and exercising of legal claims or the defence against such (e.g. the Austrian Equal Treatment Act and the assertion of any other claims by clients), can necessitate the data being processed after receipt of your declaration of revocation. In such cases, we shall inform you that your data is still being processed and the reason for this in addition to us informing you of its deletion.
We reserve the right to delete the profiles of candidates who we have been unable to offer a matching job to for a long time. Should you find an interesting vacancy later, you can always create a new profile.
Please note that under certain circumstances, a deletion cannot take place immediately but with a delay on the basis of legal obligations or in order to assert or exercise legal claims or in order for us to defend ourselves against such claims. There is a time limit of 6 months for the assertion of claims pursuant to Section 15 para. 1 and Section 29 of the Austrian Equal Treatment Act (GlBG) on the ground of discrimination during application proceedings, for example.
Who can you contact?
Please contact our data protection officer should you have any questions concerning this data protection declaration or on the exercising of your rights: