Data Privacy
Privacy Policy
In the course of our business as an executive search firm, we have acquired some information about you which we maintain on our systems. As we take your privacy seriously, this is to inform you about our processing of your data.
To learn more about our use of your data or to object to further processing please contact us: dataprivacy@steinpach-partner.com
GENERAL DATA PROCESSING PRACTICES
Protecting your privacy is important to Steinbach Management Consultants GbR, Ferdinandstr. 18, 61348 Bad Homburg v.d.H., Deutschland („Steinbach & Partner“, "we," "us," or "our"). This Privacy Policy explains how Steinbach & Partner collects, uses, and discloses (“processes”) personal data on its own behalf and in conjunction with individual local Steinbach & Partner offices, and any additional rights you may have under applicable privacy law. We and/or the local Steinbach & Partner offices determine the purposes and means of the processing of personal data.
You can exercise your privacy and data protection rights by contacting dataprivacy@steinpach-partner.com or your local Steinbach & Partner office.
Data Protection Officer and data protection representative according to Article 27 GDPR of the Controllers is Sascha Klesius, Hasengarten 48, 61440 Oberursel, Germany, Email: dataprivacy@steinpach-partner.com
Please find below the most important information about our typical data processing sorted by groups of data subjects and types of data processing. For data processing activities that relate only to specific groups, and processing activities controlled only by local Steinbach & Partner offices, the obligations to provide information are met separately.
The terms “data”, “personal data” and “personal information” are used interchangeably in this policy, and in each case include any information relating to an identified or identifiable natural person.
We process personal information from or about the following categories of individuals, as more fully described in the sections below:
- Website Visitors
- Potential Candidates
- Candidates
- References of Candidates
- Service Providers, Business Partners and their Employees
- Business Contacts and Communication Partners
- Your Rights
Website Visitors
Our website may be used without entering personal information. Different rules may apply to certain services on our site, however, and are explained separately below. The provisions below serve to provide information as to the manner, extent and purpose for collecting, using and processing personal information by us.
Please be aware that data transfer via the internet is subject to security risks and, therefore, complete protection against third-party access to transferred data cannot be ensured.
1.1 Purpose
The purpose of the data processing of web server log data is the online presentation of Steinbach & Partner and Steinbach & Partner services.
1.2 Web server log data
Each time a visitor to our website uses their browser to request access to a page on our website, our web server processes a range of data which the visitor’s browser automatically transmits to our web server.
In the past 12 months we have processed, and may continue to process, personal data from website visitors such as the IP address allocated to their device, the date and time of the request, the time zone, the specific page or file accessed, the HTTP status code and the data quantities transmitted; in addition, the website from which their request originated, the browser used, the operating system of their device and the language used. This data is covered by Art 6 Abs. 1 lit. f) GDPR (legitimate interest, operation of an Internet presence and exchange with communication partners) and Rechtsgrundlage für die Analyse des Nutzungsverhaltens ist Artikel 6 Abs. 1 lit. f) GDPR (legitimate interest, namely the design of the website according to the needs).
We obtain these categories of data directly and indirectly from activity on our website. For example, from submissions through our website portal or website usage details collected automatically.
Web server log data is anonymized before storage. Web server log data will be deleted when it is no longer necessary for the purposes of processing.
Web server log data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office. We may also enter into service agreements with other businesses to perform services on our behalf, in particular to provide, maintain, and support IT systems.
Use of the website without disclosure of web server log data is not possible.
1.3 Cookies
Our website makes use of so-called cookies in order to recognize repeat use of our website by the same user/internet connection subscriber. Cookies are small text files that your internet browser downloads and stores on your computer. They are used to improve our website and services. In most cases these are so-called "session cookies" that are deleted once you leave our website.
To an extent, however, these cookies also pass along information used to automatically recognize you. Recognition occurs through an IP address saved to the cookies. The information thereby obtained is used to improve our services and to expedite your access to the website.
You can prevent cookies from being installed by adjusting the settings on your browser software accordingly. You should be aware, however, that by doing so you may not be able to make full use of all the functions of our website.
Our website use no performance cookies to count visits and traffic sources or targeting cookies for advertising.
1.3.1 Strictly Necessary Cookies
Our website only uses cookies, which are necessary for the functioning of the website and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
2 Potential Candidates
2.1 When we or a local Steinbach & Partner office identify a potential candidate, we may collect business card data about such potential candidate from publicly accessible sources, and we and the local Steinbach & Partner office jointly determine the purposes and means of the processing of such data and have entered into an agreement for that purpose. According to that agreement, the local Steinbach & Partner office is responsible to ensure the fulfilment of the potential candidate’s rights and will inform them in a privacy notice about the contact details of the local office and the publicly accessible sources of the data. However potential candidate’s may contact either us or the local Steinbach & Partner office regarding any claims or complaints.
Data Protection Officer and data protection representative according to Article 27 GDPR of the Controllers is Sascha Klesius, Hasengarten 48, 61440 Oberursel, Germany, Email: dataprivacy@steinpach-partner.com
2.2 In the past 12 months, we have processed, and in the future may continue to process personal data about potential candidates such as name, postal address, email address, telephone number, employment, employment history, title.
2.3 We collect data about potential candidates from the following publicly accessible sources: Public business websites, services such as LinkedIn, Xing or other business press or publications.
2.4 Data about potential candidates are processed for the purpose of providing executive search services to potential employers worldwide.
2.5 The legal basis for the processing is our legitimate interest in the provision of these services (Art. 6. para. 1 letter f) GDPR).
2.6 No retention period has been defined for data about potential candidates. It is deleted upon the potential candidate’s request.
2.7 Data about potential candidates is shared with Steinbach & Partner offices worldwide upon request. Some Steinbach & Partner offices are located outside the EU. All Steinbach & Partner offices have concluded EU standard contractual clauses between themselves. You can always request a copy of the EU standard contract clauses from us.
3 Candidates
3.1 Whenever an individual authorizes Steinbach & Partner to list them as a candidate for job offerings, we and the local Steinbach & Partner office jointly determine the purposes and means of the processing of such candidate’s data and have entered into an agreement for that purpose. According to the agreement, the local Steinbach & Partner offices are responsible to ensure the fulfilment of the candidate’s rights. However all candidates may contact either us or the local Steinbach & Partner office regarding any claims or complaints.
Data Protection Officer and data protection representative according to Article 27 GDPR of the Controllers is Sascha Klesius, Hasengarten 48, 61440 Oberursel, Germany, Email: dataprivacy@steinpach-partner.com
3.2 In the past 12 months, we have processed, and in the future may continue to process personal data about candidates, such as name, signature, postal address, email address, telephone number, education, employment, employment history, age, national origin, citizenship, sex (including gender), current and/or past employment history including performance evaluations, education records, files, documents, and other materials directly related to a student maintained by an educational agency or institution or by a person acting for such an agency or institution, such as grades, transcripts, personal interests, hobbies and background check information (like identity verification, criminal, civil and regulatory judgements, financial and credit checks), or any other details a candidate may choose to share with us.
3.3 Data about candidates may be collected from the candidate, from publicly accessible sources like websites (e.g. Company or private websites, LinkedIn) and third parties that the candidate or their testimonials have named as potential references.
3.4 Data about candidates are processed for the purpose of providing the candidates with employment opportunities and job or career related information as well as providing executive search services to potential employers worldwide.
3.5 The legal basis for this is consent (Article 6(1)(a) GDPR) and - insofar as only business card data and publicly accessible data are concerned - our legitimate interest in providing these services (Article 6(1)(f) GDPR).
3.6 The data retention period is seven calendar years from the last completion of the client engagement or documented contact with the candidate, whichever is later.
3.7 Data about potential candidates is shared with Steinbach & Partner offices worldwide upon request and with potential employers. Personal data is only transferred to clients if a candidate is basically suitable for a position with a client or fits the requirement profile of the client and the candidate has agreed to the transfer. Potential employers may be located outside the EU and may not be able to guarantee an adequate level of protection under Art. 44 GDPR.
3.8 Some Steinbach & Partner offices are located outside the EU. All Steinbach & Partner offices have concluded EU standard contractual clauses between themselves. You can always request a copy of the EU standard contract clauses from us. The legal basis for disclosure is the consent of the candidates (Article 6(1)(a) GDPR) and, where appropriate, a legitimate interest (Article 6(1)(f) GDPR).
3.9 Candidates are not obliged to provide personal data. Without such personal data, however, we will not be able to provide candidates with employment opportunities.
4 References of Candidates
4.1 When we or a local Steinbach & Partner office receive personal data from a candidate or other source about the candidate’s reference, we and the local Steinbach & Partner office jointly determine the purposes and means of the processing of the data about the candidate’s reference and have entered into an agreement for that purpose. According to the agreement, the local Steinbach & Partner office is responsible to ensure the fulfilment of the rights of the candidate’s reference and will inform the personal reference in a privacy notice about our contact details and source of their data. However all references of candidates may contact either us or the local Steinbach & Partner office regarding any claims or complaints.
Data Protection Officer and data protection representative according to Article 27 GDPR of the Controllers is Sascha Klesius, Hasengarten 48, 61440 Oberursel, Germany, Email: dataprivacy@steinpach-partner.com
4.2 In the past 12 months, we have processed, and in the future may continue to process personal data about references of candidates, such as name, postal address, email address, telephone number, employment, employment history, position, or any other details that the candidate or the candidate’s reference chooses to share with us.
4.2 Sources of data about a candidate’s reference are the candidate, another reference, or publicly accessible sources like public business websites, services such as LinkedIn, Xing or other business press or publications.
4.3 Data about a candidate’s reference are processed for the purpose of providing executive search services to employers and candidates. No change in these purposes is planned.
4.4 The legal basis is the candidate's legitimate interest in naming a reference contact as well as our legitimate interest in checking the suitability of the candidate (Art. 6. para. 1 letter f) GDPR).
4.5 The data retention period is seven calendar years from the last completion of the client engagement or documented contact with the candidate who named the data subject as a reference, whichever is later.
4.6 We may also enter into service agreements with other businesses to perform services on our behalf, in particular to provide, maintain and support IT systems.
5 Service Providers, Business Partners and their Employees
Steinbach & Partner and the local Steinbach & Partner office may process personal data regarding service providers, business partners and their employees.
5.1 In the past 12 months, we have processed, and in the future may continue to process personal data about service providers, business partners and their employees, such as name, title, postal address, email address, telephone number, employment, employment history and any other details that they later choose to share.
5.2 Data about service providers, business partners and their employees may be collected from the applicable service provider, business partner, or their employees, or from publicly accessible sources like websites (e.g. Company or private websites, LinkedIn).
5.3 We process data about service providers, business partners and their employees for the purpose of preparation and performance of the contractual relationship and for the fulfilment of legal requirements. No change in these purposes is planned.
5.4 The legal basis for processing is Article 6(1)(b) DS-GVO (preparation and execution of the contract) in the case of contracts with natural persons, Article 6(1)(f) DS-GVO (legitimate interest, namely communication with contractually relevant contact persons) in the case of contracts with legal persons and always Article 6(1)(c) DS-GVO (legal obligations, in particular tax and commercial law provisions). In the examination, enforcement or rejection of claims, the legal basis is Article 6 (1) (f) DS-GVO (legitimate interest, namely enforcement of claims or defence against claims).
5.5 All contractual data and data relevant for accounting are stored for 10 calendar years in accordance with the storage periods under tax and commercial law. Inquiries and communication data are automatically deleted after 10 years.
5.6 Recipients of data about service providers, business partners and their employees may include banks for the processing of payments. Public authorities and offices may receive data within the scope of their duties, insofar as we are obligated or entitled to transmit data. Moreover in specific cases data may be transmitted to a collection of service providers, legal advisors and courts. We may also enter into service agreements with other businesses to perform services on our behalf, in particular to provide, maintain and support IT systems.
5.7 Processing of the contact data from service providers and business partners and their Employees is necessary in order to perform the contract or order. If the data are not provided, the contract cannot be established or carried out. The provision of data is required for prospective service providers, business partners and their employees. The communication is not possible without the data.
6 Business Contacts and Communication Partners
Steinbach & Partner and the local Steinbach & Partner office may process personal data regarding Business Contacts and Communication Partners.
6.1 In the past 12 months, we have processed, and in the future may continue to process personal data about our business contacts and communication partners, such as name, postal address, email address, telephone number, employment, title or any other details that they later choose to share with us.
6.2 We obtain these categories of personal information from our business contacts and communication partners, from our clients or their agents, and from third-parties that interact with us in connection with the services we perform.
6.3 The legal basis for the processing of interested parties and other communication partners is Article 6(1)(f) GDPR (legitimate interest, namely communication with interested parties and communication partners).
6.4 We may also enter into service agreements with other businesses to perform services on our behalf, in particular to provide, maintain and support IT systems.
6.5 Inquiries and communication data are automatically deleted after 10 years.
6.6 We may also enter into service agreements with other businesses to perform services on our behalf, in particular to provide, maintain and support IT systems.
6.7 The provision of data is required for prospective business partners and communication partners. The communication is not possible without the data.
7 Your rights according to GDPR
You have the following rights under GDPR:
7.1 You may withdraw your consent at any time, if your data is processed based on your consent. The withdrawal of consent does not affect the lawfulness of processing before the withdrawal of consent.
7.2 You may at any time object to the further processing of your data if your data is processed based on our legitimate interest.
7.3 You may at any time request access to your personal data processed by Steinbach & Partner or any Steinbach & Partner office.
7.4 If our processing is based on your consent you have the right to data portability.
7.5 You may request rectification of your personal data at any time.
7.6 You may request erasure of your personal data at any time, provided that no right or legal obligation of Steinbach & Partner or any Steinbach & Partner office requires further processing of your personal data.
7.7 You may request restriction of processing for your data at any time.
7.8 You may at any time lodge a complaint with a supervisory authority.