Data protection declaration
of the Omega Consulting Group GmbH
The Omega Consulting Group GmbH (hereinafter “OCG”, “we” or “us”) is a recruitment consultancy specialized in Intellectual Property which helps companies and law firms choose and find the right personnel. The OCG also gives candidates career advice. The OCG collects, processes and uses personal data in accordance with legal provisions, in particular the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG).
Confidentiality, trust and protection of privacy and of sensitive information are of very high importance to the OCG. That is why we would like explain clearly in the following how and why we collect, store, share and use your personal data – we would also like to give an overview of the controls and settings at your disposal in order to decide when and how you want to share your personal data.
The data protection declaration is based on the terminology of the General Data Protection Regulation (GDPR).
- ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) (Article 4 no. 1 GDPR). Your personal data include information such as your reference data (first and last name, address and date of birth), your contact details (phone number, e-mail address), your billing information (bank account details) and many more.
- ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- ‘data subject’ means any identified or identifiable natural person whose personal data are processed by the controller.
- ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- ‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.
- ‘third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
- ‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
1.2. Collection and processing of data
It is basically possible to use our web sites without having to indicate any personal data. When you access our web sites, however, general information is automatically collected. This information includes access data (server log files) such as the name of your internet service provider, the operating system being used, the previously visited web site, the date and the duration of the visit or the name of the requested file as well as, for security reasons, e.g. in order to identify attacks on our web sites, the IP address of the computer being used. The data are analysed exclusively for improving our services and they give us no information about your person. We will not merge these data with other data sources. Furthermore, these data are also generated when accessing any other web site on the internet. Therefore, this is not a function specific to our web sites. These data are collected only for the purpose of statistical evaluation. A transmission to third parties, for commercial or non-commercial purposes, does not take place. The legal basis for the processing of the data is Article 6 para. 1 GDPR. We process and use the data for the following purposes: 1. deployment of the web sites of the OCG, 2. improvement of our web sites and 3. prevention and recognition of errors/malfunctions as well as misuse of our web sites. The data processing of this nature is carried out with the intention of ensuring the functionality and the error-free operation of the web sites and also of adapting the web sites to the requirements of the user. If, however, you want to use particular services of our company via our web site, a processing of personal data could become necessary. If the processing of personal data is necessary and if there is no statutory basis for such processing, we will in general seek the consent of the data subject.
PHPSESSID: this cookie serves as an identifying feature for the duration of your visit to our web sites. It is only valid for the current session.
1.4. Note on Google Analytics
This web site uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses so-called “cookies”, i.e. text files which are stored on your computer and which make it possible to analyse your user behaviour on our web site. The information generated by the cookie on your web site usage is generally transmitted to a Google server in the USA where it is stored. In general, IP addresses are automatically anonymized by means of shortening to Google servers. Only in exceptional cases, IP addresses are transmitted to Google servers in the USA where they are anonymized by means of shortening. Google will use this information on behalf of the operator of the web site in order to analyse your user behaviour on the web site, to put together reports on the web site activities for the web site operators and to render other services linked to the web site and internet usage. Google may also transmit this information to third parties if this is required by law or if third parties process these data on behalf of Google. Google will in no case associate your IP address with other data of the Google services. You can disable the cookie installation by choosing the corresponding setting in your browser software; however, we point out that in this case, you may not be able to fully use all of the website’s functions. By using this web site, you express your consent to the processing of the data collected by Google about you in the way described above and for the abovementioned purpose.
Objection against the recording of data by Google
Moreover, you can disable the recording of the data that are generated by the cookie and contain information on your web site usage (including your IP address) and the processing of these data by Google by downloading and installing the browser plug-in which is available at http://tools.google.com/dlpage/gaoptout?hl=de
Additional information on the conditions of use and on data protection can be found at http://www.google.com/analytics/terms/de.html or at http://www.google.com/intl/de/policies/privacy.
Furthermore, we give the users of our web sites the opportunity to disable the recording of their behaviour by Google Analytics. You can disable the recording of your data by Google Analytics by clicking on the following link: disable Google Analytics
1.5. Use of Google Maps
We use Google Maps to display maps and to generate directions. Google Maps is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.
By using this web site, you agree with the recording, the processing and the use of the automatically collected data and the data that you entered by Google, by one of their representatives or by a third-party provider.
The conditions of use for Google Maps can be found at https://www.google.com/intl/de_de/help/terms_maps.html
Detailed information can be found in the data protection centre of google.de: transparency and selection options as well as data protection provisions at https://policies.google.com/privacy?hl=de&gl=de
2. Acquisition and processing of personal data
2.1. Purposes of the acquisition – data category – legal basis for the processing
2.1.1. Making contact
If an internet user reaches out to us by sending us an e-mail or by using the contact form, the information given by the person will be stored for the purpose of processing the request and for possible follow-up questions. We will not share these data without your consent. The legal basis for the collection and the processing of the data is Article 6 para. 1 letter a or b GDPR. The information you have provided in the contact form remain with us until you call on us to delete them, until you withdraw your consent to the storage or until the purpose of the storage ceases to apply (e.g. after the processing of your request has been completed). Mandatory statutory regulations – in particular retention periods – remain unaffected.
188.8.131.52. Contact by e-mail
If you send us requests or information by e-mail, we will store the information (e-mail address, e-mail content, e-mail subject and date), including the contact details that you provide in the e-mail (name, last name, phone number if applicable, address), for the purpose of processing the request and for possible follow-up questions. We will not share these data without your consent. The legal basis for the acquisition and the processing of the data is Article 6 para. 1 letter a GDPR.
The user should note that e-mails could be read and modified unnoticeably by unauthorized persons on the transmission path. The OCG uses a software to filter unwanted e-mails (spam filter). This filter could reject e-mails if they have specific characteristics that are incorrectly identified as spam.
The information you have provided remains with us until you call on us to delete them, until you withdraw your consent to the storage or until the purpose of the storage ceases to apply (e.g. after the processing of your request has been completed). Mandatory statutory regulations – in particular retention periods – remain unaffected.
184.108.40.206. Online application via the Job Market
On our site, you have the possibility to use the tab “job market” to apply for a job and/or to send your application via e-mail. Personal data are only collected, stored, processed and used for purposes which are related to the application process and your interest in personnel consulting in general and recruitment in particular for our clients. Furthermore, we use your contact details to inform you of career-related topics and events (e.g. webinars, career fairs etc.)
All the information that you provide during the application process is voluntary. By submitting your application, you affirm that your data are correct and true.
The data collection includes in particular the name, the address, the phone number, the e-mail address as well as details on your career, training, skills and credentials and also any other information that you provided voluntarily. The OCG uses these data to match it with the requirements of the vacancies that are relevant to you and to present your profile to our client as potential candidate and also to conclude the application process. The legal basis for the collection and the processing of the data is Article 6 para. 1 letter a GDPR.
220.127.116.11. Social Plug-Ins
On our web site, we offer you the possibility to use so-called “social plugins”.
Our web site uses functions of the network LinkedIn. The provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time one of our web sites that contains LinkedIn functions is accessed, a connection to the servers of LinkedIn is established. LinkedIn receives the information that you visited our web sites with your IP address. If you click the LinkedIn “Recommend-Button” when logged into your LinkedIn account, LinkedIn can trace your visit to our web site to you and your user account. We point out that we, as provider of the web sites, have no knowledge of the transmitted data and their use by LinkedIn.
2.1.2. Data from publicly accessible sources
The data made available to us by you may be complemented with publicly accessible data. This includes in particular data from XING and/or LinkedIn.
3. Transmission of data
3.1. Transmission of data within the company
We may transmit data within the company to the administration and the personnel department in order to comply with our contractual or legal obligations. The data will only be transmitted or disclosed to the extent necessary for this and with due regard to the applicable data protection rules.
3.2. Transmission to third parties
We transmit your data to certain third parties to present you to our client as potential candidate, to carry out the application process and to execute in-house tasks.
- The first presentation of your application to our client can either take place by (I) passing on an anonymized applicant profile or – after obtaining your consent in accordance with Article 6 para. 1 sentence 1 letter a GDPR – by (II) passing on the complete application documents.
- Any application-related documents and data made available to the client remain the property of the OCG. The client is required to treat and store them as confidential. They may not be shared with third parties. After the termination of the contract, the client has to pass all documents, data as well as all generated processing and usage results related to the recruitment that he gained possession of back to the OCG and to physically delete the data media. This does not apply to documents and data of candidates that were placed successfully with the client.
- We share data with specific third parties in order to be able to provide certain applications and services (so-called “processors”) that perform external services. This includes for example IT-providers, tax attorneys etc. We may share the data with third parties in order to fulfil our duties (authorities, banks, social insurance carrier etc.). Third parties only process these data in accordance with our instructions. In addition to that, they are prohibited from using these data for own commercial purposes that do not correspond to the agreed purposes.
We have to disclose personal data if we are obligated to in the context of an ongoing lawsuit, by a court’s order, by law or by established law (Article 6 para. 1 letter c GDPR).
We only share data with third parties outside Europe if the assignment so requires. If the processing of your data takes place outside Europe, the transmission is made in compliance with all applicable data protection laws and in particular in accordance with Article 44 et seq. GDPR.
4. Handling of your personal data
When handling your personal data, all necessary technical and organizational safety measures are deployed in order to protect your personal data at all times from unauthorized access and from abuse. In order to ensure this comprehensively and to prevent data abuse, we use encryption processes (SSL) over HTTPS for the data transmission on the web site. In addition to that, we use modern data storage and safety technology which is continuously adjusted to meet the latest requirements. The systems are protected against access by unauthorized persons and can only be accessed by a specific, authorized group of persons. This group of persons is bound to secrecy in accordance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). In addition to that, an external data protection officer regularly checks our processes.
4.1. Length of storage
We apply the principles of data reduction and data economy. As a result, we only store your personal data as long as is necessary for achieving the goals specified herein or for the duration of one of the various retention periods provided for by the legislator. After the corresponding purpose ends or upon expiry of these periods, the relevant data is routinely blocked or deleted in accordance with statutory provisions.
Generally, the personal data transmitted or communicated by the candidate (in particular curriculum vitae and credentials) are stored in the data management software of the OCG as long as there is a relationship between the candidate and the OCG. This includes that you receive suitable job offers, if possible, until you revoke pursuant to Article 20 GDPR.
Furthermore, we would like to inform you with regard to the General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, applicable as of 25 May 2018, that you have the right to consent to the storage of your data for the duration of one specific application process only. In the event of a rejection in this specific case, your data will be marked for erasure at the time of the rejection. The erasure is performed with regard to potential legal claims under the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG) – accompanied by the burden of proof – after four months. You can choose this option in the application form on our web site.
5. Statutory or contractual provisions concerning the provision of the personal data
We inform you that the provision of personal data is sometimes a legal requirement (e.g. tax regulations) or that it can be a consequence of contractual regulations (e.g. information on the contracting party). Occasionally, it can be necessary for the conclusion of the contract that a data subject give us personal data which we have to process afterwards. For example, the data subject is obliged to give us personal data if our company concludes a contract with that person. If the person does not provide the personal data, the contract cannot be concluded with the data subject. Before providing personal data, the data subject has to contact one of our employees. Our employee then explains to the data subject in the individual case whether the provision of personal data is a statutory or a contractual requirement or whether it is necessary for the conclusion of the contract, whether there is a duty to provide the personal data and which are the potential consequences if the personal data are not provided.
6. Note for minors
This online service is not directed at children under the age of 16. Persons who have not yet completed their sixteenth year of life are not allowed to send us personal data without the consent of their parents or legal guardians.
7. Rights of the data subject
You have the right,
- pursuant to Article 15 GDPR, to obtain communication of your personal data stored in our database at any time. In particular, you can obtain communication of the purposes of the processing, the categories of personal data, the categories of recipients to whom the personal data have been or will be disclosed, the envisaged period for which the data will be stored as well as the source of your data unless we are the ones who collected it;
- pursuant to Article 16 GDPR, to obtain without undue delay the rectification of inaccurate personal data or to have incomplete personal data stored in our database completed;
- pursuant to Article 17 GDPR, to request the erasure of your personal data stored in our database unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- pursuant to Article 18 GDPR, to obtain restriction of the processing of your personal data if the accuracy of the personal data is contested by you, if the processing is unlawful and you oppose its erasure and if we no longer need the data, but you need it for the establishment, exercise or defence of legal claims or you have objected to processing pursuant to 21 GDPR;
- pursuant to Article 20 GDPR, to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format or to obtain transmission to another controller (data portability);
- if your personal data is processed on the grounds of legitimate interests pursuant to Article 6 para. 1 sentence 1 letter f GDPR, to object to the processing of your personal data pursuant to Article 21 GDPR to the extent that there are reasons relating to your particular situation or that the objection is directed against direct marketing. In the latter case, you have a general right to object which we will implement without the specification of a particular situation; to complain to a supervisory authority pursuant to Article 77 GDPR. As a rule, you can do this by contacting the supervisory authority of your habitual residence or place of work.
7.1. Withdrawal of your consent to the processing of data
Some data processing operations are only possible with your explicit consent. You can withdraw a consent that you have already given at any time. It is sufficient if you send us a notification (no official format required) to email@example.com. The lawfulness of the data processing before the withdrawal remains unaffected by the withdrawal.
8. Responsible body
|Responsible body within the meaning of the data protection law:
Omega Consulting Group GmbH
Director authorized to represent:
Phone: +49 89 452 449 0
If you have questions about data protection, please send us an e-mail or contact our data protection officer directly.
9. Modification of our data protection provisions
We reserve the right to change this data protection declaration from time to time to make sure that it always comply with the latest legal requirements or to implement modifications of our services in the data protection declaration, e.g. when implementing new processing activities. Upon your next visit to our web site, the new data protection declaration will apply.
Updated: 25 may 2018