onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet. On or respectively via onlyfy one, companies can, for example, publish job ads, identify interesting talented individuals (where applicable including from the XING professional network), receive and manage applications, and enter into dialogue with talented individuals and applicants. New Work SE supports this coming together of talented individuals and companies on and via onlyfy one. This takes place through, for example, talented individuals being recommended and displayed in the business customer’s company account, as well as through the generation and provision of recruitment-relevant information and analysis based on data that New Work SE processes in onlyfy one and, where applicable, in other XING applications or outside them.
With regard to interaction within the company account of iSi Group, iSi Group and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed herehttps://www.xing.com/terms/onlyfy-oneto gain information on the key aspects of the agreement.
Data processing by New Work SE
Pausing your online application
You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of iSi Group in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to iSi Group only.
Visibility of your data
The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.
Notes on the special functions of onlyfy one
If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here:https://www.cronofy.com/gdpr/andhttps://docs.cronofy.com/policies/privacy-notice/
If you use the apply using the WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.
The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here:https://www.pitchyou.de/en/pitchyou-gdpr.
Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. The USA is currently considered an insecure third country, which means that it may not be able to guarantee EU data protection standards. Sending the application may involve certain data protection risks (e.g. unauthorised access to your data by US security agencies). However, the sent and received messages are encrypted end-to-end.
Version 2.4 (April 2022) Information about data protection
We are pleased you have chosen to apply atiSi Group. Transparent and trustworthy handling of your personal data is an important foundation for successful collaboration. We wish to inform you how we process your data and how you can exercise your rights according to the General Data Protection Regulation (GDPR). The information below offers an overview of the collection and processing of your personal data in connection with the application process. Please read this Data Protection Declaration carefully before submitting your application.
1. General information
a) Who is responsible for the data processing?
The controller as defined by Art. 4 (7) GDPR is:
b) How can I contact the data protection officer?
For questions about data protection, please email firstname.lastname@example.org.
2. What is personal data?
According to Art. 4 (1) GDPR, personal data is all data that refers to an identified or identifiable natural person.
3. Which data is processed?
3.1. The following data and data categories are processed within the application process:
Applicant master data (first name, last name, title, email address, telephone number, address, date of birth, citizenship)
Qualifications data (cover letter, personal statement, resume, previous experience, professional qualifications and skills)
Voluntary information, such as a photo, disability status or other information that you voluntarily share with us in your application or voluntarily upload
Additional questions depending on the respective position (e.g. driver’s license, citizenship)
Communication between you and us as well as comments and evaluations concerning you that are created during your application process
Other data / data categories, e.g. publicly accessible professional data such as profiles on professional social media networks like XING or LinkedIn(possibly modifiable by the customer)
Special categories of personal data: If you provide information in your application documents that falls into special categories of personal data as defined by Art. 9 (1) GDPR (e.g. information that implies your sexual orientation; information on your health; information that implies your ethnicity or religion), we will also process this data only within the legally permissible framework.
3.2.The following additional data are processed in connection within the use of the platform:
a) Automated collection of usage data
When accessing the domain jobbase.io, your web browser automatically sends certain usage data for technical reasons. This information is stored separately from other data in log files. Prescreen collects the following information:
Date and time as well as duration of the access
URL of the previously visited web page
Quantity of data transmitted
A GeoIP lookup is performed based on your IP address (Internet Protocol address)
Names of the accessed files
http status code (e.g.“request successful”)
URL of the accessed web page
Access type (GET, POST)
This data is technically required in order to offer the functions of the e-recruiting system and to ensure the stability and security of the system. It is stored by Prescreen for a period of 12 months. Data that must be further retained for evidential purposes is excepted from the erasure until final clarification of the respective case.
The legal basis for processing of the data is Art. 6 (1) (f) GDPR.
The legal basis for processing of the data is Art. 6 (1) (f) GDPR.
4. For what purposes do we process your data and on what legal basis?
a) Data processing for purposes of employment – Section 26 BDSG (German Data Protection Act) (possibly modified by the customer for country-specific regulations)
Your personal data is used for purposes of selecting personnel to fill open positions, in other words for initiating a contract of employment. The necessity and the scope of data collection are determined according to the position to be filled, among other factors. More extensive data collection may be required if your desired position is associated with particularly confidential duties, entails significant responsibilities in the areas of human resources and/or finance, or requires certain physical and mental capabilities. The legal basis is Section 26 (1) German Data Protection Act (BDSG).
b) Consent –Art.6 (1) (a) and Art. 9 (2) (a) GDPR , Section 26 (2) BDSG
If you have declared to us your consent for processing specific personal data, this consent thenforms the legal basis for processing of this data.
In the following cases(possibly modified by the customer), we process your personal data on the basis of your consent:
Inclusion in the candidate pool; in other words, we save your application documents after the current application process in order to consider you in subsequent application processes.
To be added by the company: Possibly other processing scenarios that are based on consent (e.g.forwarding of documents to other group companies / group-wide candidate pool, sending of feedback questionnaire). The data you have already provided in the application process will also be processed.
If we base data processing on your consent, you have the right to withdraw this consent at any time with future effect. Please inform us of this revocation by email email@example.com. The legality of the processing of your data up to the time of revocation remains hereby unaffected.
c) Data processing based on a legitimate interest – Art. 6 (1) (f) GDPR
In certain cases, we process your data to safeguard a legitimate interest of ours or of third parties. A legitimate interest applies, for example, if your data is required for the establishment, exercise or defense of legal claims in connection with the application process (e.g. claims according to the General Equal Treatment Act). In the event of a legal dispute, we have a legitimate interest in processing the data for evidential purposes.
d) Feedback questionnaire
To optimize our application process and to improve as an employer, we offer you the opportunity to provide personal feedback. For this purpose, we will send(with prior consent – to be modified by the customer)a feedback questionnaire to you at the specified email address. If you participate in the survey, our service provider Prescreen (see item 5“With whom is your data shared?”) will collect the feedback, position title, location of the position, job category and type of employment for which you have applied. This information will then be shared with kununu GmbH and possibly other verified evaluation platforms and published there without inclusion of your name. Kununu cannot establish a relationship to your person. However, please note that other parties, such as your employer, may be able to identify you based on the information provided in the published feedback.
e)Calendar feature (possibly modified by the customer)
If the calendar feature is used, your data will be processed within the scope and for the purposes of an application process. The legal basis for this is Art. 6 (1) (f) GDPR. The calendar feature is provided by an IT service provider (Cronofy Ltd., U.K.). Due to an adequacy decision by the European Commission, the U.K is classified as a safe third country. Information about privacy and security at Cronofy is available here:https://www.cronofy.com/gdpr/and https://docs.cronofy.com/policies/privacy-notice/
5. With whom is your data shared?
Your data is primarily processed by our Human Resources department. In some cases, other internal and external parties also participate in processing the data.
Internal parties could be specialized areas or departments or the works council of our company. (possibly modified by the customer)
Our external service provider is New Work SE. New Work SE, Am Strandkai 1, 20457 Hamburg (hereafter“Prescreen”), operates the e-recruiting system Prescreen under the domain *.jobbase.io (hereafter“jobbase.io”), where companies can post job ads as well as receive and manage applications.
As part of these activities, Prescreen processes personal data solely on behalf of and for the purposes of iSi Groupand is therefore considered a processor according to Art. 4 (8) GDPR.
Jobbase.io is the central platform for our applicant tracking. When using our online form, your personal data is entered directly into jobbase.io. When an application is submitted by post or email, your data may also be transferred to the e-recruiting system.
6. For how long is your data stored?
(1) We store your personal data for as long as necessary for making the decision concerning your application. If you are not hired for the position in question, we may continue to store your data to the extent necessary for defending against possible legal claims. Your data willnormally be deleted within 7 months after the end of the application process.
(2) If you are not hired but you have granted us consent to save your data (“candidate pool”), we will store your data until revocation of your consent or for a maximum of7additionalmonths.Where specifically justified, we may also store your data for a longer time period for the purpose of defending against possible legal claims.
(3) If you retract your application before the end of the application process (in other words, if you delete your data and your account), the stored data will be restricted for the period of the continued application process and permanently deleted once7 monthshave elapsed after the end of the application process.
(4) If you are no longer using your candidate profile and have not granted consent for continued data storage in the candidate pool, the data will be deleted within7 monthsafter the end of the application process.
(5) You can delete your candidate profile and your application documents, submit a deletion request or request a restriction of processing at any time.
7.What rights do you have in connection with the processing of your data?
(1) You can request information on whether we are storing personal data concerning you. Upon your request, we will inform you of what data is involved, the purposes for which the data is processed, who the data is shared with, for how long the data will be stored and what other rights you have in relation to this data.
(2) You also have the right to rectification or erasure of your data. You can also request that we make all personal data that you have shared with us available to you, another person or a company of your choice in a structured, commonly used and machine-readable format.
(3) You also have the right not to be subjected to a decision based solely on automated processing (including profiling) that produces legal effects concerning you. Within the context of the application process, we do not use any exclusively automated processes for making decisions.
(4) You have the right to object at any time, on grounds relating to your particular situation, to processing of personal data concerning you which is based on Art. 6 (1) (e) GDPR (data processing for reasons of public interest) or on Art. 6 (1) (f) GDPR (data processing for safeguarding of a legitimate interest), including profiling based on those provisions. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms or for the establishment, exercise or defense of legal claims.
(5) You also have the right to lodge a complaint with the competent supervisory authority.
(6) To exercise your rights, you can contact us by firstname.lastname@example.org. We will process your requests as quickly as possible according to the statutory requirements and inform you of the measures we have taken or will take.
8. Are you obligated to provide your personal data?
The provision of personal data is required neither by law nor by contract, nor are you obligated to provide the personal data. However, the provision of personal data is required for conducting the application process. In other words: if you do not provide us with any personal data along with an application, we cannot conduct the application process.
9.What happens if you interrupt your online application?
You can interrupt the creation of your online application at any time and continue it later. The platform utilizes technically necessary cookies for this purpose. Data is transmitted to jobbase.io during the application process. In other words: data you have provided for creation of a user account and any uploaded documents are entered into jobbase.io. The data remains here if you interrupt and/or do not conclude an application. In this case, your application is marked as incomplete, but the data remains visible to our company, to a limited extent.
You can view, edit or update the data you have provided within the context of the online application at any time in your candidate profile.
If you make no further changes in your candidate profile, such as concluding an ongoing application, starting a new application or changing the data of an existing application, your data will be deleted within7 %applicationDataRententionUnit%after completion of the last active application process.
You can submit a request for erasure of your candidate profile and your application documents at any time. After the request for erasure has been submitted, you will be informed of the exact erasure date, and your data will be automatically deleted according to the conditions established in this Data Protection Declaration.(possibly to be modified by the customer)
10. Apply via WhatsApp (possibly modified by the customer)
Insofar as you use our Apply via WhatsApp, the legal basis for communication is your consent, which may be withdrawn at any time (Art. 6 (1) (a) GDPR). Whenever applying via WhatsApp, all required candidate details are requested via a WhatsApp chat. The data is then imported directly into our recruitment service provider’s system via a service provider and processed there within the scope and for the purposes of a regular application process.
The Application via WhatsApp function is provided by an IT service provider (PitchYou), which may access your data for this purpose. You can find more information here:https://www.pitchyou.de/data-privacy.
Please note that you use your own private WhatsApp account for applications, meaning that forwarding of messages, in particular to the U.S., cannot be excluded. The U.S. is currently considered an insecure third country, which means that it may not be able to guarantee the EU data protection standard. Certain data protection risks may be associated with data transfers (e.g., unauthorized access to your data by U.S. security authorities). However, end-to-end encryption is applied to sent and received messages. More information on WhatsApp.