Skip to main content

Processing of (personal) data by the entity in charge of the online application process

This is the data protection policy of MindPeak GmbH (“MindPeak”, “we”). We provide information (“services”) in various ways, such as our website (“website”). With this data protection policy, we would like to provide you with information on which personal data we collect and process. Furthermore, we would like to inform you about your rights. The responsibility to protect and process personal data is an important concern to MindPeak. Your data is protected against unauthorized access as well as loss using various technical and contractual measures. MindPeak has taken the necessary technical and organizational measures for this purpose. If links lead to third-party websites, please note that these companies provide their own data protection statements that apply accordingly.

I. Name and address of the responsible party

The responsible party, with respect to the General Data Protection Regulation and other national data protection laws of member states as well as other data protection provisions, is:

MindPeak GmbH

Zirkusweg 2

20359 Hamburg

Email: info@mindpeak.ai

Website: www.mindpeak.ai

II. General information on data processing

1. Scope of personal data processing

As a rule, we only collect personal data that you share when contacting us, as needed. Personal data is considered data that includes information on personal or factual circumstances. Additionally, when processing your requests or to provide you with support, it is sometimes required to ask you for personal data such as name, address, email address, and telephone number. We treat all of this data in a confidential manner and in consideration of statutory data protection regulations. As a rule, we do not provide such information to third parties without your permission, unless it is required to process your request, or to provide you with support, or permitted according to statutory data protection regulations.

2. Legal basis for processing personal data

If we receive the consent of the person concerned to process personal data, Art. 6 Para. 1 a of the EU General Data Protection Regulation (GDPR) serves as the legal basis for processing personal data. When processing personal data that is required to perform a contract whose contractual party is the person concerned, Art. 6 Para. 1 b GDPR serves as the legal basis. This also applies to processing processes that are required to carry out pre-contractual measures. If personal data must be processed to comply with a legal requirement to which our company is subject, Art. 6 Para. 1 c GDPR serves as the legal basis. In the event that the vital interests of the person concerned or another natural person make it necessary to process personal data, Art. 6 Para. 1 d GDPR serves as the legal basis. If processing is required to protect a legitimate interest of our company or a third party, and if the interests, basic rights, and basic freedoms of the party concerned do not prevail over the previously stated interest, Art. 6 Para. 1 f GDPR serves as the legal basis.

3. Purpose of processing personal data

We collect and process data in order to enable you to use our services. This also includes processing for the purpose of data security and the stability and operational security of our system. We process data in order to provide you assistance when you submit inquiries.

4. Data erasure and storage duration

The personal data of the person concerned is erased or locked as soon as there is no longer a reason to store it. Data may also be stored if required by European or national lawmakers in Union directives, laws, or other regulation to which the responsible party is subject. Data may also be stored or erased after the storage period stipulated by the specified standards expires, unless the continued storage of the data is required to conclude or perform a contract.

5. Data security

We endeavor to take reasonable precautions in order to prevent unauthorized access to your personal data as well as unauthorized use or falsification of this data and to minimize the associated risks. Nevertheless, providing personal data, whether in person, on the telephone, or via the internet, is always associated with risks and no technical system is completely free of the possibility of manipulation or sabotage. We process the data collected from you in accordance with German and European data protection law. All employees are required to protect data privacy and comply with data protection regulation, and are trained accordingly.

III. Cookies

We use cookies on our website. Cookies are small text files that are automatically created by your browser and can be stored on your device. This cookie contains a characteristic string of characters that allows the browser to be uniquely identified when you return to the website. This does not mean that we are immediately informed of your identity.      

The use of necessary cookies serves the purpose of being able to display our website in a technically perfect manner. The data processed by these cookies is required for the above-mentioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 Para. 1 p. 1 lit. f DSGVO. Our legitimate interest lies in providing a functional and user-friendly website.    

Furthermore, we use cookies to optimize the user-friendliness of our offer and for statistical purposes.

We use so-called session cookies to recognize that you have already visited individual pages of our website. These cookies are automatically deleted after you leave our site. In addition, we use temporary cookies that are stored on your terminal device for a certain specified period of time. If you visit our site again, we will automatically recognize that you have already been to our site and what entries and settings you have made so that you do not have to enter them again. The data collected includes the frequency of page views, search terms entered and the use of website functions. These cookies enable us to automatically recognize that you have already been with us when you visit our site again. These cookies are automatically deleted after a defined time.  

The legal basis for data processing by cookies for statistical purposes and evaluation of our offer is your consent in accordance with Art. 6 Para. 1 p. 1 lit. a DSGVO. When visiting our website, you have the possibility to give your consent to data processing by cookies for evaluation purposes. This consent is voluntary and can be revoked by you at any time. If you do not give your consent, no cookies will be set for analysis purposes.  

You can also configure your browser so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you will not be able to use all functions of our website.


IV. Provision of services and creation of log files

1. Description and scope of data processing

Whenever our services are solicited, our system automatically collects data and information on the visiting computer system. The following data is collected during this:

  • Internet protocol
  • IP address
  • URL of the referring website from which the file was requested
  • Date and time of access
  • Browser type and operating system as well as hardware information
  • The site you visited
  • Quantity of data transmitted
  • Access status (file transferred, file not found, etc.)
  • Duration and frequency of use

The data is also stored in the log files of our system.

2. Legal basis for data processing

Art. 6 Para. 1 f GDPR is the legal basis for the temporary storage of data and log files.

3. Purpose of data processing

Temporary storage of the IP address by the system is necessary in order to deliver services to the computer of the user. To do so, the IP address of the user must be stored for the duration of the session. Data is stored in log files in order to ensure the functionality of the services. Additionally, the data also serves to optimize the services and to ensure the security of our IT systems. Data is stored over the duration of the session for purposes of IT security (e.g. protection against DDoS attacks). Otherwise, the data is stored merely for purposes of statistical evaluation.

4. Duration of storage

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected.

5. Option to object and erase

Data collection to provide services and data storage in log files is absolutely required in order to ensure the uninterrupted provision of services. As a consequence, the user has no option to object.


V. Contact form and email,

1. Description and scope of data processing

There is a contact form on our website which can be used to contact us electronically. If a user makes use of this option, the data submitted into the input form will be sent to us and stored. This data is:

  • Name
  • Email
  • Request

Alternatively, we can be contacted using the email provided. In this case, the personal data of the user is saved with the email used to send it. The data is used exclusively to process the inquiry.

2. Legal basis for data processing

The legal basis for processing data is Art. 6 Para.1 a GDPR if the user has provided consent. The legal basis for processing data, that is submitted when an email is sent, is Art. 6 Para. 1 f GDPR. If the email is intended to conclude a contract, the further legal basis for processing is Art. 6 Para. 1 b GDPR.

3. Purpose of data processing

We process personal data from the input form solely to process communication. In the event that contact is made via email, there is also the required legitimate interest to process the data here. The other data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our IT systems.

4. Duration of storage

The data is erased as soon as it is no longer required to achieve the purpose for which it was collected. The data is stored for twelve months for the purposes of combating fraud and improving support.

5. Option to object and erase

The user has the option, at any time, to withdraw his consent to process the personal data. If the user contacts us, he can object to the storage of his personal data at any time. In such an event, the conversation cannot continue. All personal data, that was stored when contact was made, is erased in this case.


VI. Rights of the person concerned

If we process your personal data, you are the person concerned in the sense of the GDPR, and you have the following rights with respect to the responsible party.

1. Right of access

You can request from the responsible party a confirmation of whether personal data that concerns you is processed by us. If such processing occurs, you can request the following information from the responsible party:

  • The purposes for which the personal data is processed;
  • The categories of personal data that is processed;
  • The recipient or categories of recipients to which the personal data that concerns you was submitted or not submitted;
  • The planned duration of storage of the personal data concerning you, or, if concrete information on this is not available, the criteria for determining the storage duration;
  • The existence of a right to disclose or erase the personal data concerning you, a right to limit processing on the part of the responsible party, or a right to object to this processing;
  • The existence of a right to lodge a complaint with a supervisory authority;
  • All available information on the source of the data if the personal data is not collected for the person concerned;
  • The existence of an automated decision making process including profiling in accordance with Art. 22 Para. 1 and 4 GDPR and, at least in these cases, detailed information on the logic involved as well as the scope and the desired effects of such processing for the person concerned.

You have the right to request information on whether the personal data concerning you is sent to a third country or an international organization. In this context, you can request suitable guarantees pursuant to Art. 46 GDPR in connection with the transfer.

2. Right to rectification

You have the right to rectification and/or completion, with respect to the responsible party, provided that the processed personal data concerning you is incorrect or incomplete. The responsible party must make the rectification without delay.

3. Right to limit processing

Under the following conditions, you can request a limit to the processing of the personal data concerning you:

  • If you contest the correctness of the personal data concerning you for a duration of time that enables the responsible party to verify the correctness of the personal data;
  • The processing is illegal and you refuse erasure of the personal data and instead request a limitation of the use of the personal data;
  • The responsible party no longer requires the personal data for the purposes of processing, but you require it to assert, exercise, or defend legal claims, or
  • If you have submitted the objection to processing according to Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate concerns of the responsible party prevail over your concerns.

If the processing of the personal data concerning you was limited, this data, except for its storage, may only be processed with your consent or to assert, exercise, or defend legal claims, or to protect the rights of another natural or legal person or for reasons of an important public interest of the Union or a member state. If processing was limited according to the above conditions, you will be informed by the responsible party before the limitation is applied.

4. Right to erasure

a) Obligation to erase

You can request that the responsible party immediately erase the personal data concerning you, provided one of the following reasons applies:

  • The personal data concerning you is no longer required for the purposes for which it was collected or processed in another manner.
  • You withdraw your consent upon which processing pursuant to Art. 6 Para. 1 a or Art. 9 Para. 2 a DSGVO is based, and there is no other legal basis for processing.
  • You submit an objection to processing pursuant to Art. 21 Para. 1 GDPR and there exist no superordinate legitimate reasons for processing, or you submit an objection to processing pursuant to Art. 21 Para. 2 GDPR.
  • The personal data concerning you was processed illegally.
  • The erasure of the personal data concerning you is required to comply with a legal requirement according to Union law or the law of a member state to which the responsible party is subject.
  • The personal data concerning you was collected in regard to services offered by the information company in accordance with Art. 8 Para. 1 GDPR.

b) Information to third parties

If the responsible party published the personal data concerning you and is required to erase such according to Art. 17 Para. 1 GDPR, said party will take suitable measures, also of a technical nature and in consideration of available technology and implementation costs, to inform data processors processing the personal data that you, as the person concerned, have requested the erasure of all links to this personal data or copies or replications of this personal data.

c) Exceptions

There is no right of erasure if processing is required to exercise the right of free expression and information;

  • To comply with a legal obligation to which the responsible party is subject according to Union law or that of a member state for processing purposes, or to perform a task that is in the public interest or in the practice of public authority conferred to the responsible party;
  • For reasons of public interest in the area of public health according to Art. 9 Para. 2 h and i as well as Art. 9 Para. 3 GDPR;
  • For archiving purposes, scientific or historic research purposes, or for statistical purposes in the public interest according to Art. 89 Para. 1 GDPR, provided that the right specified in section a) temporarily makes the achievement of the goals of processing impossible or severely limits such, or
  • To assert, exercise, or defend legal claims.

5. Right to information

If you have asserted the right to information on, erasure, or limitation of processing with respect to the responsible party, said party is required to share this rectification or erasure of the data or limitation of processing with all recipients to whom the personal data concerning you was published, unless this proves to be impossible or is associated with excessive cost. You have the right to information on these recipients from the responsible party.

6. Right to data transferability

You have the right to receive the personal data concerning you, which you provided to the responsible party, in a structured, standard, and machine-readable format. Additionally, you have the right to transfer this data to another responsible party without obstruction on the part of the responsible party, to which the personal data was provided,  

  • provided that processing occurs based on consent pursuant to Art. 6 Para. 1 a GDPR or Art. 9 Para. 2 a GDPR or a contract pursuant to Art. 6 Para. 1 b GDPR,
  • and the processing is carried out using automatic processes.

When exercising this right, you also have the right to ensure that the personal data concerning you is transferred directly from one responsible party to another responsible party, provided this is technically feasible. The freedom and rights of others may not be affected by this. The right of data transferability does not apply for processing personal data that is required to carry out a task that is in the public interest or in the practice of public authority conferred to the responsible party;

7. Right to object

You have the right, for reasons relating to your particular situation, to submit at any time objection to processing of the personal data concerning you which is conducted based on Art. 6 Para. 1 e or f GDPR; this also applies to profiling based on these conditions. The responsible party no longer processes the personal data concerning you, unless said party can provide evidence of compelling reasons worthy of protection for the processing that prevail over your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims. Regardless of Directive 2002/58/EC, you have the option, in connection with the use of services of the information company, of exercising your right to object using an automated process that uses technical specifications.

8. Right to withdraw data protection declarations of consent

You have the right to withdraw your declaration of consent at any time. The withdrawal of consent does not affect the legality of the processing conducted on the basis of the consent up to the date of the withdrawal.

9. Automated decision in individual cases including profiling

You have the right not to be subjected to a decision based solely on automated processing, including profiling, which will have legal effect or similarly affect you in a similar manner. This does not apply if the decision

a) is required to conclude or carry out a contract between you and the responsible party,

b) is permissible on the basis of Union or member state law to which the responsible party is subject, and that legislation contains suitable measures to safeguard your rights and freedoms and your legitimate interests, or

c) is made with your explicit consent.

However, these decisions must not be based on special categories of personal data under Art. 9 Para. 1 GDPR, provided that Art. 9 Para. 2 a or g does not apply, and reasonable measures have been taken to protect your rights and freedoms and your legitimate interests. With respect to the situations mentioned in (a) and (c), the responsible party shall take appropriate measures to protect your rights and freedoms and your legitimate interests, including at least the right to obtain the intervention of a person on the part of the responsible party to express his own position and challenge the decision.

10. Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial legal remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence or employment or the place of the alleged infringement, if you believe that the processing of the personal data concerning you violates the GDPR. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Article 78 of the GDPR.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.