V2 (022024)
CMS Reich-Rohrwig Hainz Rechtsanwälte uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data by the onlyfy one service and by CMS Reich-Rohrwig Hainz Rechtsanwälte.
With regard to interaction within the company account of CMS Reich-Rohrwig Hainz Rechtsanwälte, CMS Reich-Rohrwig Hainz Rechtsanwälte and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.
onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social and jobs network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet.
With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with CMS Reich-Rohrwig Hainz Rechtsanwälte, detailed information is available in the XING Privacy Policy at https://privacy.xing.com/en/privacy-policy. You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.
When submitting an application, you enter into a user relationship with New Work SE for the purpose of processing applications. In addition, you will receive support and New Work SE can present you with other opportunities in support of your career. A public profile will not be automatically created for you on the XING social and jobs network. The legal basis for New Work SE processing your data is, in particular, Article 6 (1)(b) GDPR (processing necessary for the performance of a contract).
You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of CMS Reich-Rohrwig Hainz Rechtsanwälte in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to CMS Reich-Rohrwig Hainz Rechtsanwälte only.
The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.
If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: https://www.cronofy.com/gdpr/ and https://docs.cronofy.com/policies/privacy-notice/
If you use the apply using WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.
The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here: https://www.pitchyou.de/en/pitchyou-gdpr. Candidate data from apply via WhatsApp are transferred to onlyfy one via an interface. Immediately after this transfer, candidate data are deleted from the apply via WhatsApp infrastructure in PitchYou. Further processing then takes place exclusively in onlyfy one.
Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here: https://www.whatsapp.com/legal/privacy-policy-eea.
Subject to your consent, your application will be sent from WhatsApp via the PitchYou infrastructure to onlyfy one. You have the right to withdraw your consent to this at any time. Either way, your application data will be deleted from the PitchYou infrastructure once transferred to onlyfy one, meaning that PitchYou will not process your data any further.
The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.
We are pleased that you wish to apply to CMS Reich-Rohrwig Hainz Rechtsanwälte.
Transparent and trustworthy handling of your personal data is an important basis for a good working relationship. Therefore, we would like to inform you about how we process your personal data and how you can exercise therights to which you are entitled under the General Data Protection Regulation (GDPR). The information below provides you with an overview of how your personal data are collected and processed in connection with the application process. Please read this privacy policy carefully before applying to us.
The controller within the meaning of Art. 4 (7) GDPR is:
CMS Reich-Rohrwig Hainz Rechtsanwälte
Gauermanngasse 2, 1010 Vienna, Austria
For questions regarding data protection, you can reach us by e-mail at dpo@cms-rrh.com.
According to Art. 4 (1) GDPR, personal data is any information relating to an identified or identifiable natural person.
Applicant master data (first name, last name, title, e-mail address, telephone number, address, date of birth, citizenship).
Qualification data (cover letter, letter of motivation, curriculum vitae, previous activities, professional qualifications and skills).
Voluntary information, such as an application photo, information on your status as a severely disabled person or other information that you voluntarily provide to us in your application or upload voluntarily, additional data dependent on the respective advertisement (e.g. driver's licence, proof of citizenship).
Other data/categories of data on a case-by-case basis, e.g. job-related data made publicly available, e.g. a profile on professional social media networks such as XING or LinkedIn
Additional data dependent on the respective advertisement (e.g. driver's license, proof of citizenship), communication between you and us as well as comments and evaluations written about you during your application process
Special categories of personal data: If, in your application documents you provide information that contains special categories of personal data within the meaning of Art. 9 para. 1 GDPR (e.g. information that allows conclusions to be drawn about your sexual orientation; information about your health; information that allows conclusions to be drawn about your ethnic origin or your religion), we will also only process this data within the legally permissible scope.
When accessing the jobbase.io domain, your internet browser automatically transmits certain usage data for technical reasons. This information is stored separately from other data in log files. The following information is collected by Prescreen:
date and time as well as duration of access,
browser type/version,
operating system used,
URL of the previously visited website,
amount of data transferred,
based on the IP address (internet protocol address) a GeoIP lookup is made,
name of the accessed files,
http status code (e.g. equest successful),
URL of the accessed website, and
type of access (GET,POST).
This data is technically necessary to provide the functions of the e-recruiting system and to ensure its stability and security. They are stored by Prescreen for a period of 12 months. Data whose further retention is necessary for evidentiary purposes are exempt from deletion until the final clarification of the respective incident.
The legal basis for processing the above data is Art. 6 para.1 lit. f GDPR.
Prescreen uses cookies in the operation of the applicant management tool. The cookies are technically necessary to provide you with the applicant management tool. Without the use of cookies, the operation of the Prescreen applicant management tool would not be possible. It is not therefore possible to object to the use of the cookies.
The legal basis for the processing of the data is Art. 6 para.1 (f) GDPR.
The cookies used by Prescreen can be found in the Prescreen data protection information at: https://prescreen.io/en/datenschutzerklaerung
Your personal data is processed for the purposes of personnel selection to fill vacancies, i.e. to initiate an employment contract, within the framework of the applicant tool. The necessity and the scope of the data collection are assessed, among other things, according to the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health requirements, more extensive data collection may be necessary. During the application process, your personal data will be transferred to jobbase.io in order to create a corresponding user account and to record uploaded documents in jobbase.io.
The legal basis for the above data processing is Art. 6 para. 1 (b) GDPR.
If you havevoluntarily given us your consent to process certain personal data, then this consent forms the legal basis for the processing of your data in accordance with Art. 6 para.1 (a) or Art. 9 para. 2 (a) GDPR.
In the following cases, we process your personal data on the basis of consent given by you:
Inclusion in the applicant pool, i.e. we store the application documents beyond the current application process for consideration in subsequent application processes.
Further processing based on consent (e.g. forwarding the documents to other Group companies/Group-wide applicant pool, sending feedback questionnaires). The data you have already provided in the application process will be processed for this purpose
If we process data based on your consent, you have the right to revoke your consent at any time with future effect. If possible, please send the revocation by e-mail to career@cms-rrh.com. The lawfulness of the processing of your data up to the time of the revocation remains unaffected.
In certain cases, we process your data to safeguard a legitimate interest of us or of third parties in accordance with Art. 6 (1) lit. f GDPR. A legitimate interest exists, for example, if your data is required for the assertion, exercise or defense of legal claims in the context of the application process (e.g. claims under the General Equal Treatment Act) are necessary. In the event of a legal dispute, we have a legitimate interest in processing the data for evidence purposes.
To optimize our application processes and improve as an employer, we offer you the opportunity to provide your personal feedback. For this purpose, we will send you a feedback questionnaire to the e-mail address you provided with your prior consent (pursuant to Art. 6 para.1 (a) or Art. 9 para. 2 (a) GDPR). If you participate in the survey, data will be collected by our service provider Prescreen (see Point 5 To whom will your data be disclosed?), namely the feedback, position title and location of the position as well as job category and, if applicable, type of employment for which you have applied. This information is then transmitted to kununu GmbH and possibly other verified ratin platforms and published there without mentioning your name. Kununu cannot establish any reference to your person. However, please note that other people, e.g. your employer, may be able to identify you based on the information you provide in the published feedback.
Your data is mainly processed by our HR department. However, in some cases other internal and external bodies are also involved in the processing of your data.
Internal bodies may be departments or divisions or the works council of our company.
We use New Work SE as an external service provider. New Work SE, Dammtorstraße 30, 20354 Hamburg (hereinafter "Prescreen"), operates the e-recruiting system Prescreen under the domain *.jobbase.io (hereinafter jobbase.io), on which companies can post job advertisements and receive and manage applications.
Within the scope of these activities, Prescreen processes personal data only on behalf of and for the purposes of CMS Reich-Rohrwig Hainz Rechtsanwälte and is therefore a "processor" within the meaning of Article 4 para. 8 GDPR.
Jobbase.io is the central platform for our applicant management. When you use our online form, your personal data is recorded directly in jobbase.io. In the case of a postal or e-mail application, your data can also be transferred to the e-recruiting system.
We store your personal data for as long as is necessary to decide on your application. If an employment relationship between you and us does not come about, we may continue to store data beyond this, insofar as this is necessary for the defence against possible legal claims. As a rule, your data will be deleted within 6 months of the end of the application process.
Insofar as no employment relationship is established, but you have given us your consent for the further storage of your data (applicant pool), we will store your data until you revoke your consent, but only for a maximum of 24 further months. If there is a specific reason, we may also store your data for a longer period for the purpose of defending against possible legal claims.
If you withdraw your application before the end of the application process, i.e. delete your data and your account, the stored data will be blocked for the period of the ongoing application process and finally deleted after 7 months after the end of the application process.
If you no longer use your candidate profile and have not given your consent to longer data storage in the applicant pool, the data will be deleted within 6 months after the end of the application process.
You yourself can delete your candidate profile and your application documents at any time or submit a request for deletion or to have the processing restricted.
The GDPR grants you as a data subject the following rights:
The right of access according to Art. 15 GDPR regarding the personal data processed by the controller,
The right of rectification according to Art. 16 GDPR,
The right of erasure according to Art. 17 GDPR,
The right to restriction of processing according to Art. 18 GDPR,
The right of data portability according to Art. 20 GDPR,
The right of objection according to Art. 21 GDPR.
The right to appeal to the competent data protection authority in accordance with Art. 77 GDPR, which in Austria is the Data Protection Authority (www.dsb.gv.at).
To exercise your rights, you can contact us by email at dpo@cms-rrh.com.
The provision of your personal data is necessary for of the application process. This means if you do not provide us with personal data when applying, we will not be able to carry out the application process.
You can interrupt the creation of your online application at any time and continue it at a later time. For this purpose, technically necessary cookies are used on the platform. During the application process, data is transferred to jobbase.io. That is data provided by you for the creation of the user account as well as uploaded documents are recorded in jobbase.io. The data remains recorded even if you interrupt and/or do not complete an application. In this case, your application will be marked as incomplete and the data will remain restricted fromour company´s view.
You can view, edit or update the data you provided in the online application in your candidate profile at any time.
Provided you do not make any further changes to your candidate profile, such as completing a current application, starting a new application or changing the data of an existing application, your data will be deleted within 6 months of the end of the last active application process.
You yourself can request deletion of your candidate profile and application documents at any time. After the deletion request has been made, you will be informed about the exact deletion date and your data will be automatically deleted according to the specified conditions of this privacy policy.
If you do not complete your application, you will be reminded once to continue your application. The legal basis for this is our legitimate interest (Art. 6 para. 1 (f) GDPR) in only being able to include complete applications in our application process. You have the option to request deletion (and to object to data processing) at any time if you do not wish your personal data to be further processed within the framework of the applicant tool.
