General and obligatory
The data controller under data protection
legislation, in particular the EU General Data Protection Regulation (GDPR),
OPTIMAL Automotive GmbH
Phone: +49 (0) 8761 7206-0
Fax: +49 (0) 8761 7206-121
Managing Director: Helge Schöngarth
The data controller is responsible for deciding
alone or together with others about the purposes and means of processing
personal data (e.g. names, contact details).
If you have any questions about data protection,
please send us an email:
Data subject rights
You can exercise the following rights at any time by
contacting our data protection officer using the details provided:
Withdraw your consent to data processing
Some data processing activities are only
possible with your express consent. Once you have consented to data processing,
you may withdraw your consent at any time in accordance with Article 7(3)
GDPR. A simple email will suffice. The withdrawal of consent will not affect
the lawfulness of data processing which took place before consent was
Right to lodge a complaint with the competent supervisory authority
As a data subject, you have the right in
accordance with Article 77 GDPR to lodge a complaint with the competent
supervisory authority in the event of a breach of data protection legislation.
The competent supervisory authority for matters relating to data protection is
the Bavarian Data Protection Commissioner (Bayerischer Landesbeauftragte für
The following link takes you to the
official website of the Federal Commissioner for Data Protection and Freedom of
Information. You can find the required contact details here: https://www.bfdi.bund.de/SharedDocs/Adressen/LfD/Bayern.html?nn=5217144
Right to data portability
In accordance with Article 20 GDPR,
you have the right to receive or have transmitted to a third party the data
which we process by automated means on the basis of your consent or on the
basis of performing a contract. The data will be provided in a machine-readable
format. If you request that the data be transferred directly to another
controller, this will only be done where technically feasible.
Right of access and right to rectification, erasure and restriction
In accordance with the applicable legal
provisions under Article 15 GDPR, you have the right at any time to obtain
access free of charge to the personal data concerning you which we have
processed. In particular, you can request information about the following: the
purposes of the processing; the categories of personal data concerned; the
categories of recipient to whom your data has been or will be disclosed; the
envisaged duration of storage; the existence of the right to rectification,
erasure or restriction of processing or to object to such processing; the
existence of the right to lodge a complaint; the source of the data if it was
not collected by us; the existence of automated decision-making, including
profiling and, if applicable, meaningful information on the details concerning
In accordance with Article 16 GDPR,
you have the right to request the rectification without undue delay of
inaccurate personal data we have stored about you.
Furthermore, pursuant to Article 17
GDPR, you are entitled to request the erasure of the personal data we have
stored about you, provided that processing thereof is not necessary for
exercising the right of freedom of expression and information, for compliance
with a legal obligation, for reasons of public interest or for the
establishment, exercise or defence of legal claims.
In accordance with Article 18 GDPR,
you have the right to request that the processing of your personal data be
restricted in any of the following cases: you do not believe the data to be
accurate; the processing is unlawful, but you are opposed to the data being
erased; we no longer need the personal data, but you require it for the
establishment, exercise or defence of legal claims; you have objected to the
processing pursuant to Article 21 GDPR.
If you have any questions about your rights
or any other matters relating to your personal data, please do not hesitate to
contact us using the details provided on the legal notice on our website.
SSL or TLS encryption
For security reasons and to secure the
transmission of confidential information which you send to us in our capacity
as the site operator, our website uses SSL or TLS encryption. This prevents
third parties from being able to access the data you transfer through our
website. A connection is encrypted whenever “https://” or a lock symbol appears
in your browser’s address bar.
Server log files
visit our website, information of a general nature is automatically recorded
using a cookie. This information (server log files) includes, for example, the
type of web browser, the operating system used, the domain name of your
Internet service provider and similar. This is exclusively information that
does not allow any conclusions to be drawn about your person.
information is technically necessary in order to correctly deliver the website
content you have requested and is mandatory when using the Internet. In particular, they are processed for the following purposes:
The page you visited on our
Date and time of the server
Browser type and browser
Host name of the computer
accessing the website
This data is not merged with data from any
other sources. The legal basis for the data processing is Article 6(1)(b)
GDPR, as it is within our legitimate interest to improve our website’s
stability and functionality. The data is stored for seven days and is
automatically deleted after this period.
The provision of the aforementioned
personal data is neither required by law nor by contract. Without the IP
address, however, the service and functionality of our website cannot be
Data transmitted using our contact form,
including your contact details, is stored so that we can process your enquiry
and contact you in the event of follow-up questions. This data will not be
disclosed to third parties without your consent.
The data entered into the contact form is
processed on the basis of a legitimate interest (Article 6(1)(f) GDPR) and
for the purpose of initiating, performing or ending a contractual relationship
(Article 6(1)(b) GDPR).
We will store data transmitted via our
contact form until you ask us to delete it or you withdraw your consent to its
storage or until we no longer need to store it. Mandatory legal provisions, in
particular statutory retention periods, will not be affected by this.
The provision of your personal data is
voluntary. However, we can only process your request if you provide us with
your name, your e-mail address and the reason for the request.
Social media plugins
Our website uses social medial plugins from
the providers listed below. These plugins can be identified from the providers’
In certain circumstances, information,
which may include personal data, is sent to the service providers through these
plugins and possibly used by them. We use a two-click solution to prevent data
from being collected and transferred to the service providers without your
knowledge or consent. To activate a social media plugin, users first need to
click on the button in question. Data can only be collected and transferred to
the respective service provider once the plugin has been activated in this way.
We do not collect any personal data through the social media plugins or about
We have no influence over which data an
activated plugin collects and how this data is used by the provider. At
present, we have to assume that a direct connection to the provider’s services
is established and at least the user’s IP address and data about their device
are collected and used. The service providers may also attempt to store cookies
on your device. Please see the providers’ privacy policies for specific
information about which data is collected and how it is used. Please note: If
you are logged into Facebook at the same time as visiting our website, Facebook
may be able to identify which webpages you have visited.
Our website uses plugins from the social
network facebook.com, which is operated by Facebook Inc., 1601 S. California
Ave, Palo Alto, CA 94304, USA (“Facebook”). When you visit a page on our
website which includes a Facebook plugin, a connection to Facebook’s servers is
established which instructs your browser to display the plugin on that webpage.
Information about which of our webpages you have visited is then transferred to
Facebook’s server. If you are logged into Facebook at the same time, Facebook
will link this information to your personal Facebook account. If you use the
plugin’s features (e.g. by clicking the “Like” button or posting a comment),
this information will also be linked to your Facebook account. You can only
prevent this by logging out of your account before using the plugin. If you do
not want Facebook to link the data it collects through our website to your
Facebook account, you need to log out of Facebook before visiting our website.
Please see Facebook’s Data Policy (https://www.facebook.com/about/privacy/)
for information about which data Facebook collects, the purposes for which it
collects this data, how it processes and uses data, your rights and how you can
change your settings to protect your privacy.
uses functions from the social network Instagram. These functions are offered
by Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA. If you are
logged into your Instagram account, you can link the contents of this website
to your Instagram profile by clicking the Instagram button. This enables
Instagram to assign your visit to this website to your user account. We would
like to point out that, as the provider of the pages, we have no knowledge of
the content of the data transmitted or its use by Instagram. The data are
stored and analyzed on the basis of Article 6(1)(f) GDPR. The website
operator has a legitimate interest in the widest possible visibility in social
media. If a corresponding consent has been requested, processing takes place
exclusively on the basis of Article 6(1)(a) GDPR; the consent can be
revoked at any time. You can find more information on this in Instagram's data
protection declaration: https://instagram.com/about/legal/privacy/.
Our website uses features from the service
provider Twitter. These services are provided by Twitter Inc., 1355 Market
Street, Suite 900, San Francisco, CA 94103, USA.
When you use Twitter and the “Retweet”
feature, the websites you visit are linked to your Twitter account and
published on your Twitter feed. This results in data being transferred to
Twitter. We have no knowledge of which data is transferred or of how Twitter
We use YouTube plugins to integrate and
display video content on our website. The provider of this video portal is
YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit a webpage with an integrated
YouTube plugin, a connection is made with YouTube’s servers. This provides
YouTube with information about which of our webpages you have visited.
If you are logged into your YouTube
account, YouTube can link your browsing behaviour directly to your personal
profile. You can prevent this by logging out of your YouTube account before
visiting our website.
We use YouTube to make our website more
appealing. This constitutes a legitimate interest within the meaning of
Article 6(1)(f) GDPR.
more information about the processing of user data: https://www.google.de/intl/en/policies/privacy.
Our website uses features from the network
XING, which is provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg,
When you visit a webpage with integrated
features from XING, a connection to XING’s servers is established. As far as we
are aware, this does not result in any personal data being stored. XING does
not store any IP addresses or analyse your browsing behaviour.
information about data protection and the XING share button:
Our website uses features from the network
LinkedIn, which is provided by LinkedIn Corporation, 2029 Stierlin Court,
Mountain View, CA 94043, USA.
When you visit a webpage with integrated
features from LinkedIn, a connection to LinkedIn’s servers is established. This
informs LinkedIn of the IP address you have used to visit our webpages. If you
click on the LinkedIn “Recommend” button while you are logged into your
LinkedIn account, LinkedIn can link your visit to our webpage to you and your
user account. As the provider of this website, we do not have any knowledge of
which data is transferred or how it is used by LinkedIn.
more information: https://www.linkedin.com/legal/privacy-policy.
text files which your web browser stores on your end device. They help us to
make our website more user-friendly, efficient and secure.
While session cookies are automatically
deleted at the end of your browser session, other cookies remain on your end
device until you delete them yourself. These cookies help us to identify you if
you visit our website again.
Up-to-date web browsers are able to
monitor, restrict and block cookies. Many web browsers can be configured to
delete cookies automatically when the program is closed. Deactivating cookies
may, however, reduce the functionality of our website.
If other cookies are set (e.g. for analysis
functions), the legal basis for this processing is your consent,
Article 6(1)(f) GDPR. They serve to tailor the offer on a website better
to the interests of the visitors or to generally improve them on the basis of
Of course, you can also view our website without cookies. Internet
browsers are regularly set to accept cookies. In general, you can deactivate
of consent). Please note that individual functions of our website may not work
The data may be transferred to technical service providers responsible
for operating and maintaining our website as processors contracted by us. We
have concluded appropriate processing agreements with these service providers.
We use the following cookies:
Stores the user’s cookie consent status for the current domain.
Collects statistics about the user's
visits to the website, such as the number of visits, average time spent on
the website and which pages were read.
Used by the Piwik Analytics Platform to
track the visitor's page views during the session.
permission, we will use the web analytics service Matomo (www.matomo.org),
which is provided by InnoCraft Ltd., 7 Waterloo Quay PO625, 6140 Wellington,
New Zealand, („Matomo“) to collect data of statistic analytics and user
behavior for optimization- and marketing purposes. According to Article 6 (1)(a)
GDPR, data will be collected and saved.
Matomo cookies are only placed on your device
if you consent to this in our cookie banner.
this kind of data, it is possible to create and analyze
anonymized/pseudonymised user profiles for the same purposes. Hereto, cookies
are used. These kind of cookies make it possible to recognize the used web
The through the Matomo-Technology gained Data
(including your pseudonymised IP-Address) will be processed locally on
informations from the pseudonymised user profile will not be used to identify the visitor and won’t be brought together
with person related Data of the pseudonym user or the person behind the
Withdraw of consent
You are always able to withdraw your
approval for the future, if you remove the tick in the box „Statistics“. Don’t
forget to click „save and exit“ afterwards, as described in II.2. above.
We collect various pieces of personal data
during the recruitment process. Personal data includes any information
which allows conclusions to be drawn about your personal or factual
circumstances or which allows you to be identified. The following data is
collected and processed to allow us to process your application automatically:
- First name, surname, address,
email address, date of birth, title, telephone number, country of
residence and nationality
- Additional questions specific to
the advertised position (e.g. driving licence)
- CV, in particular information on
professional experience and education
- Skills and competencies relating
to the advertised position
- Qualifications, awards and
- Files and documents which you send
to us or upload to support your application
When you transfer your application data to
us, you automatically consent to the processing of your personal data for the
When processing your application, we do not
require any information which is not permitted to be processed under the German
General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz), including
data on race, ethnic origin, gender, disability, religion or belief, and age.
Please do not send us any information which is irrelevant to the processing of
your application in accordance with the General Act on Equal Treatment (e.g.
information on medical conditions, pregnancy, membership of a trade union or
your sexual orientation).
Furthermore, please do not send us any
content which could violate copyright or the rights of third parties under
a. Processing and use of
The data you transfer to us is only
collected, processed and used in connection with the processing of your
application to OPTIMAL Automotive GmbH.
If you are hired by our company, we will
use the information you have transferred to us for administrative purposes
relating to payroll, financial accounting and HR management.
Your personal data will only be collected
or processed by individuals who are responsible for processing applications.
All staff involved in this process have been obligated to treat your data
confidentially. In particular, they are not permitted to transfer data to
If you submit your application in writing,
your personal data will be entered into our applicant management system. Hard
copies will be returned to you after your data has been entered into our
If you submit your application by email, we
will also enter your data into our applicant management system. Your email will
then be stored for two weeks, before being automatically deleted at the end of
this two-week period.
Please note that emails are not generally
encrypted by default. Applicants should therefore take their own steps to
encrypt their emails. This is why we recommend either applying online or
sending in your application by post.
b. We process your data for
the following purposes and on the following legal basis:
We process personal data in accordance with
the provisions of the EU General Data Protection Regulation (GDPR) and the
German Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG):
fulfil pre-contractual obligations (Article 6(1)(b) in conjunction with
Article 88 GDPR and Section 26 BDSG)
We will only use the data you send to us to
evaluate your suitability for the role and to get in contact with you.
Processing takes place for the purpose of
establishing an employment relationship with you and involves taking steps at
your request prior to entering into a contract.
fulfil contractual obligations (Section 26 BDSG)
Data processing takes place for the purpose
of maintaining or terminating an employment relationship on the basis of a
contract concluded with you or involves taking steps at your request prior to
entering into a contract. If you claim additional benefits (e.g. a childcare
subsidy), your data will, wherever necessary, be processed to provide these
weighing up interests (Article 6(1)(f) GDPR)
If necessary, we will process your data for
reasons beyond the performance of a contract if doing so is required for the
purposes of our legitimate interests or those of a third party. Examples of
such cases include the following:
relating to building and system security (e.g. the operation of video
cameras, access controls, locking systems)
establishment of legal claims and the provision of a defence in the case
of legal disputes
If we are unable to offer you a position,
we will keep your data for a maximum of six months following this decision
so that we can answer any questions relating to our decision not to employ you.
Please contact us if you want us to delete
your data or if you would like to make a request for information in accordance
with Article 15 GDPR. You can reach us on 08761 72060 from Monday to
Friday between 8:00am and 4:30pm. If you are calling from outside Germany,
please dial 0049 8761 72060. Alternatively, please send an email to firstname.lastname@example.org or
to our data protection officer at email@example.com
d. Data security
We place immense value on keeping your
personal data secure, which is why we protect it from access by unauthorised
parties. We do this using a range of measures, including antivirus software, a
firewall and encrypted connections to our applicant management system. We also
regularly update our security systems to ensure that they provide protection
against the latest threats.
You are also welcome to send us your
application in an encrypted form. Please send us the password needed to decrypt
the file separately or communicate it to us over the phone.
We reserve the right to change this Privacy
Policy to ensure that it always complies with current legal requirements or to
ensure that it takes into account any changes to our services, e.g. if we
you next visit our website.