and obligatory information
The data controller under data protection
legislation, in particular the EU General Data Protection Regulation (GDPR),
OPTIMAL AG & Co. KG
Phone: +49 (0) 8761 7206-0
Fax: +49 (0) 8761 7206-121
Management Board: Cetin Genc, Helge Schöngarth
The data controller is responsible for
deciding alone or together with others about the purposes and means of
processing personal data (e.g. names, contact details).
If you have any questions about data
protection, please send us an email or directly contact the person responsible
for data protection in our organisation:
Data protection officer at Optimal AG &
c/o activeMind AG
Potsdamer Straße 3
Phone: +49 (0) 89 418 560 170
Data subject rights
You can exercise the following rights at any time by
contacting our data protection officer using the details provided:
Withdraw your consent to data processing
Some data processing activities are only
possible with your express consent. Once you have consented to data processing,
you may withdraw your consent at any time in accordance with Article 7(3)
GDPR. A simple email will suffice. The withdrawal of consent will not affect
the lawfulness of data processing which took place before consent was
Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right in
accordance with Article 77 GDPR to lodge a complaint with the competent
supervisory authority in the event of a breach of data protection legislation.
The competent supervisory authority for matters relating to data protection is
the Bavarian Data Protection Commissioner (Bayerischer Landesbeauftragte für
The following link takes you to the
official website of the Federal Commissioner for Data Protection and Freedom of
Information. You can find the required contact details here: https://www.bfdi.bund.de/SharedDocs/Adressen/LfD/Bayern.html?nn=5217144
Right to data portability
In accordance with Article 20 GDPR,
you have the right to receive or have transmitted to a third party the data
which we process by automated means on the basis of your consent or on the
basis of performing a contract. The data will be provided in a machine-readable
format. If you request that the data be transferred directly to another
controller, this will only be done where technically feasible.
Right of access and right to rectification, erasure and restriction
In accordance with the applicable legal
provisions under Article 15 GDPR, you have the right at any time to obtain
access free of charge to the personal data concerning you which we have
processed. In particular, you can request information about the following: the
purposes of the processing; the categories of personal data concerned; the
categories of recipient to whom your data has been or will be disclosed; the
envisaged duration of storage; the existence of the right to rectification,
erasure or restriction of processing or to object to such processing; the
existence of the right to lodge a complaint; the source of the data if it was
not collected by us; the existence of automated decision-making, including
profiling and, if applicable, meaningful information on the details concerning
In accordance with Article 16 GDPR,
you have the right to request the rectification without undue delay of inaccurate
personal data we have stored about you.
Furthermore, pursuant to Article 17
GDPR, you are entitled to request the erasure of the personal data we have
stored about you, provided that processing thereof is not necessary for
exercising the right of freedom of expression and information, for compliance
with a legal obligation, for reasons of public interest or for the
establishment, exercise or defence of legal claims.
In accordance with Article 18 GDPR,
you have the right to request that the processing of your personal data be
restricted in any of the following cases: you do not believe the data to be
accurate; the processing is unlawful, but you are opposed to the data being
erased; we no longer need the personal data, but you require it for the establishment,
exercise or defence of legal claims; you have objected to the processing
pursuant to Article 21 GDPR.
If you have any questions about your rights
or any other matters relating to your personal data, please do not hesitate to
contact us using the details provided on the legal notice on our website.
SSL or TLS encryption
For security reasons and to secure the
transmission of confidential information which you send to us in our capacity
as the site operator, our website uses SSL or TLS encryption. This prevents
third parties from being able to access the data you transfer through our
website. A connection is encrypted whenever “https://” or a lock symbol appears
in your browser’s address bar.
Server log files
visit our website, information of a general nature is automatically recorded
using a cookie. This information (server log files) includes, for example, the
type of web browser, the operating system used, the domain name of your
Internet service provider and similar. This is exclusively information that
does not allow any conclusions to be drawn about your person.
information is technically necessary in order to correctly deliver the website
content you have requested and is mandatory when using the Internet. In particular, they are processed for the following purposes:
The page you visited on our
Date and time of the server
Browser type and browser
Host name of the computer
accessing the website
This data is not merged with data from any
other sources. The legal basis for the data processing is Article 6(1)(b)
GDPR, as it is within our legitimate interest to improve our website’s
stability and functionality. The data is stored for seven days and is automatically
deleted after this period.
The provision of the aforementioned
personal data is neither required by law nor by contract. Without the IP
address, however, the service and functionality of our website cannot be
Data transmitted using our contact form,
including your contact details, is stored so that we can process your enquiry
and contact you in the event of follow-up questions. This data will not be
disclosed to third parties without your consent.
The data entered into the contact form is
processed on the basis of a legitimate interest (Article 6(1)(f) GDPR) and
for the purpose of initiating, performing or ending a contractual relationship
(Article 6(1)(b) GDPR).
We will store data transmitted via our
contact form until you ask us to delete it or you withdraw your consent to its
storage or until we no longer need to store it. Mandatory legal provisions, in
particular statutory retention periods, will not be affected by this.
The provision of your personal data is
voluntary. However, we can only process your request if you provide us with
your name, your e-mail address and the reason for the request.
Social media plugins
Our website uses social medial plugins from
the providers listed below. These plugins can be identified from the providers’
In certain circumstances, information,
which may include personal data, is sent to the service providers through these
plugins and possibly used by them. We use a two-click solution to prevent data
from being collected and transferred to the service providers without your
knowledge or consent. To activate a social media plugin, users first need to
click on the button in question. Data can only be collected and transferred to
the respective service provider once the plugin has been activated in this way.
We do not collect any personal data through the social media plugins or about
We have no influence over which data an
activated plugin collects and how this data is used by the provider. At
present, we have to assume that a direct connection to the provider’s services
is established and at least the user’s IP address and data about their device
are collected and used. The service providers may also attempt to store cookies
on your device. Please see the providers’ privacy policies for specific
information about which data is collected and how it is used. Please note: If
you are logged into Facebook at the same time as visiting our website, Facebook
may be able to identify which webpages you have visited.
Our website uses plugins from the social
network facebook.com, which is operated by Facebook Inc., 1601 S. California
Ave, Palo Alto, CA 94304, USA (“Facebook”). When you visit a page on our
website which includes a Facebook plugin, a connection to Facebook’s servers is
established which instructs your browser to display the plugin on that webpage.
Information about which of our webpages you have visited is then transferred to
Facebook’s server. If you are logged into Facebook at the same time, Facebook
will link this information to your personal Facebook account. If you use the
plugin’s features (e.g. by clicking the “Like” button or posting a comment),
this information will also be linked to your Facebook account. You can only
prevent this by logging out of your account before using the plugin. If you do
not want Facebook to link the data it collects through our website to your
Facebook account, you need to log out of Facebook before visiting our website.
Please see Facebook’s Data Policy (https://www.facebook.com/about/privacy/)
for information about which data Facebook collects, the purposes for which it
collects this data, how it processes and uses data, your rights and how you can
change your settings to protect your privacy.
Our website uses functions from the social
network Instagram. These functions are offered by Instagram Inc., 1601 Willow
Road, Menlo Park, CA 94025, USA. If you are logged into your Instagram account,
you can link the contents of this website to your Instagram profile by clicking
the Instagram button. This enables Instagram to assign your visit to this
website to your user account. We would like to point out that, as the provider
of the pages, we have no knowledge of the content of the data transmitted or its
use by Instagram. The data are stored and analyzed on the basis of Article
6(1)(f) GDPR. The website operator has a legitimate interest in the widest
possible visibility in social media. If a corresponding consent has been
requested, processing takes place exclusively on the basis of Article 6(1)(a)
GDPR; the consent can be revoked at any time. You can find more information on
this in Instagram's data protection declaration:
Our website uses features from the service
provider Twitter. These services are provided by Twitter Inc., 1355 Market
Street, Suite 900, San Francisco, CA 94103, USA.
When you use Twitter and the “Retweet”
feature, the websites you visit are linked to your Twitter account and
published on your Twitter feed. This results in data being transferred to
Twitter. We have no knowledge of which data is transferred or of how Twitter
We use YouTube plugins to integrate and
display video content on our website. The provider of this video portal is
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit a webpage with an integrated
YouTube plugin, a connection is made with YouTube’s servers. This provides
YouTube with information about which of our webpages you have visited.
If you are logged into your YouTube
account, YouTube can link your browsing behaviour directly to your personal
profile. You can prevent this by logging out of your YouTube account before
visiting our website.
We use YouTube to make our website more
appealing. This constitutes a legitimate interest within the meaning of
Article 6(1)(f) GDPR.
more information about the processing of user data: https://www.google.de/intl/en/policies/privacy.
Our website uses features from the network
XING, which is provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg,
When you visit a webpage with integrated
features from XING, a connection to XING’s servers is established. As far as we
are aware, this does not result in any personal data being stored. XING does
not store any IP addresses or analyse your browsing behaviour.
information about data protection and the XING share button:
Our website uses features from the network
LinkedIn, which is provided by LinkedIn Corporation, 2029 Stierlin Court,
Mountain View, CA 94043, USA.
When you visit a webpage with integrated
features from LinkedIn, a connection to LinkedIn’s servers is established. This
informs LinkedIn of the IP address you have used to visit our webpages. If you
click on the LinkedIn “Recommend” button while you are logged into your
LinkedIn account, LinkedIn can link your visit to our webpage to you and your
user account. As the provider of this website, we do not have any knowledge of
which data is transferred or how it is used by LinkedIn.
text files which your web browser stores on your end device. They help us to
make our website more user-friendly, efficient and secure.
While session cookies are automatically
deleted at the end of your browser session, other cookies remain on your end
device until you delete them yourself. These cookies help us to identify you if
you visit our website again.
Up-to-date web browsers are able to
monitor, restrict and block cookies. Many web browsers can be configured to
delete cookies automatically when the program is closed. Deactivating cookies
may, however, reduce the functionality of our website.
If other cookies are set (e.g. for analysis
functions), the legal basis for this processing is your consent, Article 6(1)(f)
GDPR. They serve to tailor the offer on a website better to the interests of
the visitors or to generally improve them on the basis of statistical
Of course, you can also view
our website without cookies. Internet browsers are regularly set to accept
settings of your browser (see revocation of consent). Please note that
individual functions of our website may not work if you have deactivated the
The data may be transferred to
technical service providers responsible for operating and maintaining our
website as processors contracted by us. We have concluded appropriate
processing agreements with these service providers.
We use the following cookies:
Stores the user’s cookie consent status for the
Used to send data about the device and the user’s
behaviour to Google Analytics. Tracks the user across devices and marketing
Creates a unique ID which is used to generate
statistical data about user behaviour on the website.
Used by Google Analytics to throttle the request
Creates a unique ID which is used to generate
statistical data about user behaviour on the website.
Our website uses features from the web
analytics service Google Analytics, which is provided by Google Inc., 1600
Amphitheatre Parkway, Mountain View, CA 94043, USA.
small text files which your web browser stores on your end device and which
analyse how you use our website. Information generated by cookies about how you
use our website is transferred to and stored on a Google server. This server is
generally located in the USA.
Google Analytics cookies are only placed on
your device if you consent to this in our cookie banner.
a. IP anonymisation
We use Google Analytics together with IP
anonymisation. In member states of the European Union or in other states party
to the Agreement on the European Economic Area, this ensures that Google
shortens your IP address before transferring it to the USA. There may be
exceptions where Google transfers your full IP address to a server in the USA
before shortening it there. Google uses this information on our behalf to
analyse how you use our website in order to compile reports about website
activities and to provide further services to us relating to the use of our
website and the internet. The IP address transferred by Google Analytics is not
merged with other data from Google.
b. Browser plugin
You can prevent cookies from being placed
on your device by changing your browser settings. Please note, however, that
this may reduce the functionality of some of the features of our website. You
can also prevent Google from collecting and processing data about how you use
the website (including your IP address). To do this, you need to download and
install the browser plugin available at
c. Preventing the collection
You can prevent Google Analytics from
collecting your data by clicking on the following link. This will place an
opt-out cookie on your device, which will prevent your data from being captured
on future visits to our website: Disable Google Analytics.
information on how Google Analytics processes your data: https://support.google.com/analytics/answer/6004245?hl=en.
d. Processing agreement
To ensure that we fully meet statutory data
protection requirements, we have concluded a processing agreement with Google.
Google processes your data in the USA and
is subject to the EU-US Privacy Shield https://www.privacyshield.gov/EU-US-Framework.
e. Google Analytics and
Our website uses the “Demographics” feature
provided by Google Analytics. This is used to compile reports containing
statements about the age, gender and interests of visitors to our website. This
data comes from interest-based advertising from Google as well as visitor data
from third-party providers. It is not possible to link the data to specific
individuals. You can disable this feature at any time by adjusting the ad
settings in your Google account or by preventing data from being captured by
Google Analytics in general by following the instructions under “Preventing the
collection of data” above.
We collect various pieces of personal data
during the recruitment process. Personal data includes any information
which allows conclusions to be drawn about your personal or factual
circumstances or which allows you to be identified. The following data is
collected and processed to allow us to process your application automatically:
- First name,
surname, address, email address, date of birth, title, telephone number,
country of residence and nationality
questions specific to the advertised position (e.g. driving licence)
- CV, in particular
information on professional experience and education
- Skills and
competencies relating to the advertised position
awards and language skills
- Files and documents
which you send to us or upload to support your application
When you transfer your application data to
us, you automatically consent to the processing of your personal data for the
When processing your application, we do not
require any information which is not permitted to be processed under the German
General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz), including
data on race, ethnic origin, gender, disability, religion or belief, and age.
Please do not send us any information which is irrelevant to the processing of
your application in accordance with the General Act on Equal Treatment (e.g.
information on medical conditions, pregnancy, membership of a trade union or
your sexual orientation).
Furthermore, please do not send us any
content which could violate copyright or the rights of third parties under
a. Processing and use of
The data you transfer to us is only
collected, processed and used in connection with the processing of your
application to OPTIMAL AG & Co. KG.
If you are hired by our company, we will
use the information you have transferred to us for administrative purposes
relating to payroll, financial accounting and HR management.
Your personal data will only be collected
or processed by individuals who are responsible for processing applications.
All staff involved in this process have been obligated to treat your data
confidentially. In particular, they are not permitted to transfer data to
If you submit your application in writing,
your personal data will be entered into our applicant management system. Hard
copies will be returned to you after your data has been entered into our
If you submit your application by email, we
will also enter your data into our applicant management system. Your email will
then be stored for two weeks, before being automatically deleted at the end of
this two-week period.
Please note that emails are not generally
encrypted by default. Applicants should therefore take their own steps to
encrypt their emails. This is why we recommend either applying online or
sending in your application by post.
b. We process your data for
the following purposes and on the following legal basis:
We process personal data in accordance with
the provisions of the EU General Data Protection Regulation (GDPR) and the
German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG):
fulfil pre-contractual obligations (Article 6(1)(b) in conjunction with
Article 88 GDPR and Section 26 BDSG)
We will only use the data you send to us to
evaluate your suitability for the role and to get in contact with you.
Processing takes place for the purpose of
establishing an employment relationship with you and involves taking steps at
your request prior to entering into a contract.
fulfil contractual obligations (Section 26 BDSG)
Data processing takes place for the purpose
of maintaining or terminating an employment relationship on the basis of a
contract concluded with you or involves taking steps at your request prior to
entering into a contract. If you claim additional benefits (e.g. a childcare
subsidy), your data will, wherever necessary, be processed to provide these
weighing up interests (Article 6(1)(f) GDPR)
If necessary, we will process your data for
reasons beyond the performance of a contract if doing so is required for the
purposes of our legitimate interests or those of a third party. Examples of
such cases include the following:
relating to building and system security (e.g. the operation of video
cameras, access controls, locking systems)
establishment of legal claims and the provision of a defence in the case
of legal disputes
If we are unable to offer you a position,
we will keep your data for a maximum of six months following this decision
so that we can answer any questions relating to our decision not to employ you.
Please contact us if you want us to delete
your data or if you would like to make a request for information in accordance
with Article 15 GDPR. You can reach us on 08761 72060 from Monday to
Friday between 8:00am and 4:30pm. If you are calling from outside Germany,
please dial 0049 8761 72060. Alternatively, please send an email to firstname.lastname@example.org or
to our data protection officer at email@example.com
d. Data security
We place immense value on keeping your
personal data secure, which is why we protect it from access by unauthorised
parties. We do this using a range of measures, including antivirus software, a
firewall and encrypted connections to our applicant management system. We also
regularly update our security systems to ensure that they provide protection
against the latest threats.
You are also welcome to send us your
application in an encrypted form. Please send us the password needed to decrypt
the file separately or communicate it to us over the phone.
We reserve the right to change this Privacy
Policy to ensure that it always complies with current legal requirements or to
ensure that it takes into account any changes to our services, e.g. if we
you next visit our website.