Information on data protection for Talents

With this data protection notice, we inform you about our handling of your personal data and about your rights under the European General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG). The data controller is Zenjob SE (hereinafter referred to as “we” or “us”).

I. General information

  1. Contact
  2. Legal bases
  3. Duration of storage
  4. Categories of recipients of the data
  5. Data transfer to third countries
  6. Processing when exercising your rights
  7. Your rights
  8. Right to object
  9. Use of personal data for AI training
  10. Data protection supervisor

II. Data processing when using our Zenjob app

  1. Processing of app log files
  2. Cookies
  3. Consent Management Tool
  4. Analysis of our app
    1. Adjust
    2. Google Firebase
    3. A/B Smartly
    4. Google ReCAPTCHA
    5. Satismeter
    6. Segment
  5. Tracking and Retargeting
    1. Google Ads
    2. Meta Pixel
    3. Tiktok Pixel

III. Data processing when applying for a job as a Talent with us

  1. Categories of data concerned
  2. Profile photo
  3. Identification procedure
  4. Automated document review
  5. Recipients of the data
  6. Data transfer to third countries
  7. Storage period

IV. Data processing during your assignments about us

  1. Matching Algorithm
  2. Digital signature for signing the employment contract
  3. Ordering work equipment in the Zenjob Online Shop
  4. e-Learning in the Zenjob Online Campus
  5. Time Tracking
  6. Rating system
  7. Contact requests via ticket system
  8. Contact via WhatsApp

V. Other data processing

  1. Contact by email (Salesforce)
  2. Use of email address and phone number for marketing purposes

I. General information

1. Contact

If you have any questions or suggestions about this information, or if you would like to contact us about exercising your rights, please direct your request to:

Zenjob SE
Saabrücker Straße 21
10405 Berlin
Tel: 030 229 574 95
E-mail: [email protected]

2. Legal bases

The term “personal data” under data protection law refers to all information relating to an identified or identifiable person. We process personal data in compliance with the relevant data protection regulations, in particular the GDPR and the BDSG. Data processing by us only takes place on the basis of a legal permission. We process personal data only with your consent (§ 25 (1) TDDDG or Art. 6 (1) (a) GDPR), for the performance of a contract to which you are a party or at your request for the implementation of pre-contractual measures (Art. 6 (1) (b) GDPR), for compliance with a legal obligation (Art. 6 (1) (c) GDPR) or if the processing is necessary to safeguard our legitimate interests or the legitimate interests of the interests of a third party, unless your interests or fundamental rights and freedoms, which require the protection of personal data, prevail (Art. 6 para. 1 lit. f GDPR).

If you apply for a job with us and enter into an employment relationship with us, we will also process your personal data to decide on the establishment of an employment relationship (Section 26 (1) sentence 1 BDSG).

3. Duration of storage

Unless otherwise stated in the following information, we will only store the data for as long as is necessary to achieve the purpose of processing or to fulfil our contractual or legal obligations. Such statutory retention obligations may arise in particular from commercial or tax regulations. From the end of the calendar year in which the data was collected, we will retain such personal data contained in our accounting data for ten years and personal data present in commercial letters and contracts for six years. In addition, we will retain data in connection with consents requiring proof as well as with claims for complaints and claims for the duration of the statutory limitation periods. We will delete data stored for advertising purposes if you object to the processing for this purpose.

4. Categories of recipients of the data

We use processors to process your data. The processing operations carried out by such processors include, for example, hosting, e-mail dispatch, maintenance and support of IT systems, customer and order management, order processing, accounting and billing, marketing measures or the destruction of files and data carriers. A processor is a natural or legal person, public authority, agency or other body that processes personal data on behalf of the data controller. Processors do not use the data for their own purposes, but carry out the data processing exclusively for the controller and are contractually obliged to ensure suitable technical and organizational measures for data protection. In addition, we may transmit your personal data to bodies such as postal and delivery services, house bank, tax consultancy/auditing company or the tax authorities. Further recipients may result from the following information.

5. Data transfer to third countries

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is required in such a third country. In the absence of such an adequacy decision by the European Commission, personal data will only be transferred to a third country if suitable safeguards are in place in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of obtaining or viewing a copy of these EU Standard Data Protection Clauses. Please contact the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 (1) (a) GDPR.

6. Processing when exercising your rights

If you exercise your rights in accordance with Articles 15 to 22 of the GDPR, we process the personal data transmitted for the purpose of implementing these rights by us and in order to be able to provide evidence of this. We will process data stored for the purpose of providing information and preparing it only for this purpose and for the purposes of data protection control and will otherwise restrict the processing in accordance with Art. 18 GDPR.

This processing is based on the legal basis of Art. 6 (1) (c) GDPR in conjunction with Art. 15 to 22 GDPR and § 34 (2) BDSG.

7. Your rights

As a data subject, you have the right to assert your rights as a data subject against us. In particular, you have the following rights:

  • In accordance with Art. 15 GDPR and § 34 BDSG, you have the right to request information as to whether and, if so, to what extent we process personal data about you or not.
  • You have the right to demand that we correct your data in accordance with Art. 16 GDPR.
  • You have the right to demand the deletion of your personal data from us in accordance with Art. 17 GDPR and § 35 BDSG.
  • You have the right to have the processing of your personal data restricted in accordance with Art. 18 GDPR.
  • In accordance with Art. 20 GDPR, you have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format and to transmit this data to another controller.
  • If you have given us separate consent to data processing, you can revoke this consent at any time in accordance with Art. 7 (3) GDPR. Such a revocation shall not affect the lawfulness of the processing carried out on the basis of consent up to the revocation.
  • If you believe that the processing of personal data concerning you violates the provisions of the GDPR, you have the right to lodge a complaint with a supervisory authority in accordance with Art. 77 GDPR.

8. Right to object

In accordance with Art. 21 (1) GDPR, you have the right to object to processing based on the legal basis of Art. 6 (1) (e) or (f) GDPR on grounds arising from your particular situation. If we process personal data about you for the purpose of direct marketing, you can object to this processing in accordance with Art. 21 (2) and (3) GDPR.

9. Use of personal data for AI training

We may use your personal data for training purposes for artificial intelligence (AI) or machine learning models such as large language models to improve and automate the quality and efficiency of our products and services. This would be the case, for example, if we wanted to automatically check submitted health certificates, enrollment certificates or driver’s licenses with the help of AI.

To do this, we will anonymize or pseudonymize your data, provided that this does not limit the training purpose of the AI, to ensure that no direct conclusions can be drawn about your identity. In the event that anonymization or pseudonymization is not possible, we are committed to maintaining the highest security standards when using your data for AI training and ensuring that your data remains confidential and protected.

This use of your data is solely for research and development, improvement, and training purposes and does not affect your individual rights and privacy rights.

Please note that you have the right to object to the use of your data for AI training at any time by writing an email to [email protected].

10. Data protection supervisor

You can reach our internal data protection officer at the following contact details: [email protected]

II. Data processing when using our Zenjob app

1. Processing of app log files

When using our app for purely informative purposes, general information is first stored automatically (i.e., not via registration), which your browser transmits to our server. By default, this includes: browser type/version, operating system used, date and time of the server request, and HTTP status code and IP-address.

The processing is carried out to protect our legitimate interests and is based on the legal basis of Art. 6 (1) (f) GDPR. This processing is used for the technical management and security of the app. The stored data will be deleted after 10 days, unless there is a justified suspicion of illegal use on the basis of concrete indications and further examination and processing of the information is necessary for this reason. We are not able to identify you

as a data subject based on the information we hold. Articles 15 to 22 of the GDPR therefore do not apply in accordance with Article 11 (2) of the GDPR unless you provide additional information that allows you to be identified in order to exercise your rights set out in these articles.

Our app is hosted on servers operated by Amazon Web Services EMEA SARL (AWS) (Luxembourg, EU). When using AWS, a transfer of your personal data to the United States cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information about privacy at AWS, please see the AWS Privacy Notice at https://aws.amazon.com/de/privacy/?nc1=f_pr.

2. Cookies

We use cookies and similar technologies (“cookies”) in our app. Cookies are small pieces of data that are stored when you visit an app. You have full control over the use of cookies. You can delete cookies at any time in the security settings of your browser. You can object to the use of cookies through your browser settings in principle or in certain cases.

The use of cookies is technically necessary for the operation of our app and is therefore permissible without the user’s consent. We may also use cookies to provide special features and content, as well as for analytics and marketing purposes. These may also include third-party cookies. We only use such technically unnecessary cookies with your consent in accordance with § 25 (1) TDDDG and, if applicable, Art. 6 (1) (a) GDPR. Information on the purposes, providers, technologies used, stored data, and the storage period of individual cookies can be found in the cookie settings of our consent management tool.

3. Consent Management Tool

The Zenjob app uses the consent management tool Usercentrics from Usercentrics A/S (Denmark, EU) to control cookies and the processing and transfer of personal data. The consent banner enables users of our app to give consent to certain data processing processes or to revoke a consent given. By confirming the “Allow cookies” button or by saving individual cookie settings, you agree to the use of the associated cookies. The legal basis under data protection law is your consent within the meaning of Art. 6 (1) (a) GDPR.

In addition, the banner supports us in being able to provide proof of the declaration of consent. For this purpose, we process information about the declaration of consent and other log data relating to this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).

4. Analysis of our app

  1. Adjust

    We use a Mobile Measurement Partner (MMP) called Adjust GmbH (Germany, EU) to determine which campaigns and channels have led to installs and other conversion actions in our Zenjob mobile app. This data is used to analyze and optimize our advertising campaigns. Adjust will redirect you to the app or play store if you’re using a mobile device and don’t have the Zenjob app installed (if you have the app, you’ll be redirected directly to it). Adjust uses a mix of mobile identifiers, including an anonymized IP address, advertising ID, and some device characteristics, to identify and match users on external platforms such as Google and within our app.

    The processing of your data is carried out on the basis of Art. 6 (1) (f) GDPR and is based on our legitimate interest in the optimization and economic operation of our advertisements. You can object to this data processing at any time via the settings of the browser used or certain browser extensions. Please note that this may result in functional restrictions on the app and the app.

    You can find more information about data protection at Adjust here: https://www.adjust.com/terms/privacy-policy/.

  2. Google Firebase

    We use Firebase Crashlytics, an analytics service provided by Google Inc (“Google”), to analyze and understand app crashes. This information helps us to improve the app and make it more user-friendly. For this purpose, Google processes identifiers for mobile devices on our behalf, including mobile advertising IDs, Analytics App Instance IDs, IDFVs/Android IDs, and Instance IDs.

    Firebase collects the following personal data: device information, IP address (anonymized), crash reports (when the app was opened and when the app was closed).

    Your data is processed on the basis of your consent in accordance with Art. 6 para. 1 letter a GDPR. You can revoke your consent at any time with effect for the future via our Consent Management Tool.

    Further information on data protection at Firebase can be found in the privacy policy: https://firebase.google.com/support/privacy?hl=de.

  3. A/B Smartly

    We use the A/B Smartly service in our app, which is offered by A/B Smartly (Netherlands, EU). Using A/B Smartly, we can test different designs and settings of our app and use the results to adapt our app to the needs and wishes of the users.

    The processing of your data is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time via our consent management tool with effect for the future.

    For more information on data protection at A/B Smartly, please refer to A/B Smartly’s privacy policy at https://www.absmartly.com/privacy-policy.

  4. Google ReCAPTCHA

    For the security of our app and to protect against misuse, we use “reCAPTCHA”. reCAPTCHA is a service of Google Inc. (United States). With the help of reCAPTCHA, we check whether access to our app as well as registration in our app is by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of app users in the background by evaluating various information such as IP address, click behavior, and dwell time.

    The processing of your data is based on your consent in accordance with Art. 6 (1) (f) GDPR. You can revoke your consent at any time via our consent management tool with effect for the future.

  5. Satismeter

    To conduct surveys, we use the SatisMeter service of SatisMeter s.r.o. (Czech Republic, EU). The data and answers provided will be used exclusively for the evaluation of the surveys. You can find more information about data protection when using SatisMeter under https://www.satismeter.com/privacy-policy/.

    The processing of your data is based on your consent in accordance with Art. 6 (1) (a) GDPR. You can revoke your consent at any time via our consent management tool with effect for the future.

  6. Segment

    We use the Segment service in our app, which is offered by Twilio Ireland Limited (Ireland, EU). Segment allows us to collect data collected by various services and tools and to create user profiles. This helps us to evaluate user behavior and improve our offering. Segment uses cookies for this purpose.

    The processing of your data is based on your consent in accordance with Art. 6 (1) (a) GDPR.

    In addition, Segment supports us in being able to provide proof of the declaration of consent. For this purpose, we process information about the declaration of consent and other log data relating to this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).

    When using the service, a transfer of your data to the United States cannot be ruled out. Please note the information in the section “Data transfer to third countries”. For more information about privacy at Twilio, please see Twilio’s Privacy Notice at https://www.twilio.com/legal/privacy.

5. Tracking and Retargeting

  1. Google Ads

    On our app, we use the online advertising program Google Ads of Google Ireland Limited (Ireland, EU), through which we place advertisements on the Google search engine

    . If you access our app via a Google ad, Google will place a cookie on your device (“conversion cookie”). Each Google Ads customer has a different conversion cookie associated with it, so the cookies are not tracked across the apps of different Ads customers. The information collected with the help of the cookie is used to compile conversion statistics. This tells us the total number of people who clicked on one of our Google ads. However, we do not receive any information that can be used to personally identify users.

    Your data is processed on the basis of your consent in accordance with Art. 6 (1) (a) GDPR.

    Cookies are set with your consent, which you can revoke at any time via the Consent Management Tool with effect for the future. When using the service, a transfer of your data to the USA cannot be ruled out. Please note the information in the section “Data transfer to third countries”. You can find more information about data protection at Google in Google’s privacy policy under https://policies.google.com/privacy#infocollect.

  2. Meta Pixel

    We use the Meta pixel on our app, a Meta Business tool provided by Meta Platforms Ireland Limited (Ireland, EU). Information on the contact details of Meta Platforms Ireland Ltd. and the contact details of the Data Protection Officer of Meta Platforms Ireland Ltd. can be found in the Meta Platforms Ireland Ltd. Data Policy at https://www.facebook.com/about/privacy.

    The Meta pixel is a snippet of JavaScript code that allows us to track users’ activities on our app. This tracking is called conversion tracking. For this purpose, the Meta-Pixel collects and processes the following information (so-called event data):

    • Information about the actions and activities of users of our app, such as searching for and viewing a product or purchasing a product;
    • Specific pixel information, such as the pixel ID and Facebook cookie;
    • Information about buttons clicked by users of the app;
    • Information present in the HTTP headers, such as IP addresses, information about the web browser, the location of the page, and the referrer;
    • Information about the status of ad tracking opt-out/restriction.

    Some of this event data is information that is stored in the device you are using. In addition, the Meta pixel also uses cookies to store information on the device you are using. Such storage of information by the Facebook pixel or access to information that is already stored in your device will only take place with your consent in accordance with § 25 (1) TDDDG.

    The event data collected through the Meta pixel is used to target our ads and to improve ad delivery on Meta products such as the social media platforms Facebook and Instagram, to personalize features and content, and to improve and secure Meta products. For this purpose, the event data collected on our app by means of the Meta pixel is transmitted to Meta Platforms Ireland Ltd. This collection and transmission of event data is carried out by us and Meta Platforms Ireland Ltd. as joint controllers. We have entered into a joint controller processing agreement with Meta Platforms Ireland Ltd., which sets out the distribution of data protection obligations between us and Meta Platforms Ireland Ltd. In this agreement, we and Meta Platforms Ireland Ltd. have agreed, among other things, to:

    • We are responsible for providing you with all information pursuant to Art. 13, 14 GDPR regarding the joint processing of personal data;
    • Meta Platforms Ireland Ltd. is responsible for enabling the rights of data subjects pursuant to Art. 15 to 20 GDPR with regard to personal data stored by Meta Platforms Ireland Ltd. after joint processing.

    You can access the agreement between us and Meta Platforms Ireland Ltd. at https://www.facebook.com/legal/controller_addendum.

    Meta Platforms Ireland Ltd. is solely responsible for the subsequent processing of the transmitted event data. For more information on how Meta Platforms Ireland Ltd. processes personal data, including the legal basis on which Meta Platforms Ireland Ltd. relies and how you can exercise your rights against Meta Platforms Ireland Ltd., please refer to Meta Platforms Ireland Ltd.’s Data Policy at https://www.facebook.com/about/privacy.

    We have also engaged Meta Platforms Ireland Ltd. to compile reports on the impact of our advertising campaigns and other online content based on the event data collected via the Meta pixel (Campaign Reports) and to provide analysis and insights about users and their use of our app, products, and services (Analytics). For this purpose, we transmit personal data contained in the event data to Meta Platforms Ireland Ltd. The personal data submitted will be processed by Meta Platforms Ireland Ltd. as our processor in order to provide us with the campaign reports and analytics.

    The collection and transmission of personal data by us to Meta Platforms Ireland Ltd. and the commissioned processing of personal data by Meta Platforms Ireland Ltd. for the preparation of analyses and campaign reports will only take place if you have given your prior consent to this. The legal basis for the processing of personal data is therefore Article 6(1)(a) of the GDPR.

    The data processed on our behalf will be transmitted by Meta Platforms Ireland Ltd. to Meta Platforms, Inc. in the USA. Meta Platforms Ireland Ltd. transfers the data to Meta Platforms, Inc. on the basis of processor-to-processor standard contractual clauses but reserves the right to use an alternative means of transfer recognized by the GDPR and other applicable data protection laws in the European Economic Area, the United Kingdom, and Switzerland.

  3. Tiktok Pixel

    We use the “TikTok pixel” of TikTok Technology Limited (Ireland, EU) on our app. The TikTok pixel is a snippet of JavaScript code that allows us to track users’ activities on our app. This tracking is called conversion tracking. For this purpose, the TikTok pixel collects and processes the following information (so-called event data):

    • Information about the actions and activities of users of our app, such as searching for and viewing a service or purchasing a service;
    • Specific pixel information such as the pixel ID and TikTok cookie;
    • Information about buttons clicked by users of the app;
    • Information present in the HTTP headers, such as IP addresses, information about the web browser, the location of the page, and the referrer;
    • Information about the status of ad tracking opt-out/restriction.

    Some of this event data is information that is stored in the device you are using. In addition, cookies are also used via the TikTok pixel, which are used to store information on the device you are using. Such storage of information by the TikTok pixel or access to information that is already stored in your device will only take place with your consent in accordance with § 25 (1) TDDDG.

    The event data collected via the TikTok pixel is used to target our ads and to improve ad delivery on TikTok to personalize features and content. For this purpose, the event data collected on our app by means of the TikTok pixel is transmitted to TikTok. This collection and transmission of event data is carried out by us and TikTok. as joint controllers. We have entered into a processing agreement with TikTok as joint controllers, which specifies the distribution of data protection obligations between us and TikTok. In this agreement, we and TikTok have agreed, among other things, to:

    • We are responsible for providing you with all information pursuant to Art. 13, 14 GDPR regarding the joint processing of personal data;
    • TikTok is responsible for enabling the rights of data subjects pursuant to Articles 15 to 20 of the GDPR with regard to personal data stored by TikTok after joint processing.

    You can access the agreement between us and TikTok at https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.

    TikTok is solely responsible for the subsequent processing of the transmitted event data. For more information on how TikTok processes personal data, please see TikTok’s data policy under https://www.tiktok.com/legal/page/eea/privacy-policy/de.

    We have also commissioned TikTok to compile reports on the impact of our advertising campaigns and other online content (campaign reports) based on the event data collected via the TikTok pixel and to provide analysis and insights about users and their use of our app, products, and services (analytics). For this purpose, we transmit personal data contained in the event data to TikTok. The personal data transmitted is processed by TikTok as our processor in order to provide us with the campaign reports and analyses.

    The collection and transmission of personal data by us to TikTok and the commissioned processing of personal data by TikTok for the preparation of analyses and campaign reports will only take place if you have given your prior consent to this. The legal basis for the processing of personal data is therefore Article 6(1)(a) of the GDPR.

III. Data processing when applying for a job as a Talent with us

1. Categories of data concerned

We process personal data that you provide to us as part of the application process. This includes, in particular, your login data (first and last name, e-mail, and password) as well as the data provided during the onboarding process, such as your address, date and place of birth, tax data, employment data, social security data, salary and payroll data, as well as enrollment information, certificates, and, if applicable, information in your CV, the attachments to it, and in your cover letter (application data). The data is stored by us in our own database (hereinafter referred to as “Zenjob Backend”).

We process this data for the purpose of carrying out the onboarding procedure and assessing professional suitability for the advertised position (Art. 6 para. 1 lit. b) GDPR in conjunction with § 26 BDSG). We process the application data to determine whether you fit the requirement profiles of our clients (companies, service providers).

2. Profile photo

In our app, you will be asked to voluntarily upload a profile photo, which we will store. The profile pictures are used to ensure identification and security in the workplace as well as during the assignment at our customers, to facilitate access control and to support certain business processes, such as time recording and confirmation by our customers. For our customers, your profile photo will be displayed in our business booking platform for identification purposes. The processing and storage of employee photos is carried out in order to fulfill our legal and contractual obligations in accordance with Art. 6 (1) (b) and (c) GDPR. We assure that these photos will be treated confidentially and will only be used for legitimate purposes. The photos are adequately protected to prevent unauthorized access or misuse. You can update your photo or withdraw your consent at any time.

3. Identification procedure

We are legally obliged to establish the identity of each temporary worker on the basis of a valid identification document and to record certain information from the identification document. In order to make the identification process simple and fast, we work together with the service provider IDNow.

IDNow GmbH, Auenstraße 100, 80469 Munich, Germany is a service provider specializing in the identification of identity documents. As part of the photo and/or video identification process, IDNow verifies your identity using the identification document you provide for this purpose. For the purpose of establishing identity and for the purpose of proving the proper implementation of the photo identity verification due to legal obligations, a complete photograph of the front and back of your identity document submitted for identity verification will be made and stored, and certain data from the identity document (e.g., first and last name, date of birth, nationality) will be processed. The legal basis for the processing of the aforementioned data is Art. 6 (1) (c) GDPR.

The entire video identification is recorded and processed audiovisually. Screenshots of you and the front and back of the ID document are also produced and processed. The data is then stored in accordance with the legal requirements. In this way, the necessary proof for the proper implementation of the video identification procedure can be provided at any time. If you have given your consent, the legal basis for the processing of the data is Art. 6 (1) (a) GDPR, Art. 6 (1) (c) GDPR.

We will retain the data collected during the identity verification process for the entire duration of the employment relationship with you, plus a retention period of three years.

Data processing by IDNow is carried out as a processor and IDNow is also obliged to comply with all applicable data protection regulations. You can find more information about data protection and data security at IDNow at https://www.idnow.io/de/regularien/datensicherheit/.

4. Automated document review

Zenjob may decide whether to accept or reject your document by means of an automated process as part of the document review for the performance of the contract to which you are a party or on the basis of your request to take pre-contractual measures (Art. 6 para. 1 lit. b GDPR). This concerns, among other things, the examination of driving licences, enrolment certificates, health certificates, certificates of good conduct, and language certificates. The case-by-case decision (acceptance/rejection) of your submitted document is also automated, without a Zenjob employee manually reviewing your submitted document again. If your document is rejected but is required for onboarding, e.g., your certificate of enrollment, you will not be able to use our app. If it is a document that is required for certain job categories, e.g., a driver’s license, and this is rejected, you will not be able to work in these job categories.

The automated decision on a case-by-case basis is necessary due to the large number of documents submitted and to enable faster onboarding within the meaning of Art. 22 (2) (a) GDPR. You have the option of challenging the outcome of the automated case-by-case decision, obtaining a manual review, and thus intervention by an employee from us, and presenting your own point of view.

5. Recipients of the data

Your data will only be shared internally with the departments that need it to evaluate the application and for hiring.

In the event of a takeover, we will transmit the application data to our customers, provided that you have given us your prior consent to do so. After receiving the application documents, the respective customer is also responsible for the processing of your personal data.

In addition, we transmit your data to the above-mentioned processors if this is necessary for a specific purpose, e.g., identification.

6. Data transfer to third countries

Our data processing may involve the transfer of certain personal data to third countries, i.e., countries where the GDPR is not applicable law. Such a transfer is permissible if the European Commission has determined that an adequate level of data protection is required in such a third country. In the absence of such an adequacy decision by the European Commission, personal data will only be transferred to a third country if suitable safeguards are in place in accordance with Art. 46 GDPR or if one of the requirements of Art. 49 GDPR is met.

Unless otherwise stated below, we use the EU standard data protection clauses as appropriate safeguards for the transfer of personal data to third countries. You have the option of obtaining or viewing a copy of these EU Standard Data Protection Clauses. Please contact the address given under Contact.

If you consent to the transfer of personal data to third countries, the transfer will take place on the legal basis of Art. 49 (1) (a) GDPR.

7. Storage period

In the event that we cannot find a suitable position with our customers and have to reject your application, we will store your data for a maximum period of 6 months after a rejection of the applicant.

If you have consented to your registration in the talent pool, we will store your data until you revoke your consent, but for a maximum period of ten years after your registration. In addition, we store your talent data for the duration of your employment, otherwise for the duration of the existence of a talent profile with us at the latest.

IV. Data processing during your assignments about us

1. Matching Algorithm

Based on your experience and preferences, our matching software will find the best job offers for you. In the course of our Open Job Marketplace, you can see all job offers that could suit you and meet the requirements of our customers. The matching algorithm is based on criteria and rules that we have defined based on the legal requirements and requirements of our customers. The use of the matching software is based on Art. 6 (1) (b) and (f) GDPR.

2. Digital signature for signing the employment contract

We are legally obliged to provide you with the essential contractual terms of your employment contract in writing. In order to comply with the legal written form requirement, we use the qualified electronic signature eSign of the verification provider ID Now from Munich, Germany. ID Now uses the data and documents you provide in the identification process to create a qualified certificate. Data processing by ID Now is carried out as a processor and IDNow is also obliged to comply with all applicable data protection regulations. You can find more information about data protection and data security at IDNow at https://www.idnow.io/de/datenschutzerklaerung/.

The use of eSign IDNow is based on Art. 6 para. 1 lit. b and c GDPR.

3. Ordering work equipment in the Zenjob Online Shop

Zenjob, as an employer, is

required by law to provide you with the personal protective equipment required to perform certain activities. If you are booked for your job that requires security equipment, you will receive a link to our Zenjob online shop for security equipment after confirming the booking of the job.

The online store is based on Shopify. Shopify Inc. is an e-commerce provider for online shops based in Ottawa, Canada. Shopify stores cookies in your browser to ensure the basic functions of the store. The cookies are used, for example, to enable the contents of the shopping cart, the login status, and also the CSRF protection. Without allowing cookies in the browser, Shopify cannot be used. Shopify only stores IDs in your browser; the assignment to the respective information is done in the area of the application. In order to provide the security equipment, Shopify processes the following personal data about you: surname, first name, address, email address, and, if applicable, telephone number. You can find more information about data protection and data security at Shopify here: https://www.shopify.com/de/legal/datenschutz.

To process the order, we also make this data available to our provider of safety equipment, Burgia Sauerland GmbH from Ratingen. Your Shopify order is automatically communicated by email to Burgia Sauerland, which also transfers the data to its CRM system. For the delivery of the delivery, Burgia Sauerland also passes on the personal data to the logistics service providers DPD or GLS. You can find more information about data protection and data security at Burgia Sauerland at https://www.burgia.de/datenschutz.

The use of Shopify and Burgia Sauerland is based on Art. 6 (1) (b) and (c) GDPR.

4. e-Learning in the Zenjob Online Campus

Through the Zenjob Online Campus, you can complete various training courses to unlock more job offers. This training is necessary for the performance of certain activities, e.g., cashier if you have not previously acquired qualifications in the field. Completing training courses is voluntary. The various training courses are offered via the e-learning portal of Gainsight (formerly Northpass). Gainsight Inc. is a learning management system provider based in the United States specializing in e-learning. Zenjob shares a UUID for each user with Gainsight. Gainsight is not able to identify you from this UUID. The processing of your data is based on your consent in accordance with Art. 6 (1) (a) GDPR. Further information on data protection can be found here: https://www.gainsight.com/policy/privacy/.

5. Time Tracking

During your assignment, you record your working hours directly in the Zenjob app by manually entering the start and end of working hours. Zenjob is legally obliged to document your working hours and check for compliance with the maximum working hours and rest breaks. The working hours are stored in our database, the “Zenjob Backend”, in your profile for documenting the working hours. In addition, your working hours are displayed to the customer in our B2B booking platform for customers to confirm them or report changes, e.g., delay or early end of the shift.

The recording of working hours is based on Art. 6 (1) (b) and (c) GDPR.

For certain shifts, you also have the option of having your working hours automatically recorded. If you have agreed to this option, Zenjob uses the service provider Hypertrack. Hypertrack is a GPS tracking and geofence service provider based in the United States. For automatic time tracking, we’ll ask for your consent to access your location. In addition, we create a geofence around the customer’s location in Hypertrack and create a shift ID that matches your shift. Hypertrack tracks your location 15 minutes before and after the shift starts. If you are in the geofence or within radius of the customer’s location during this time, Hypertrack transmits this information to us and we automatically log your working time into our database. Hypertrack processes the following data: your location, your device ID, and the start time and end time of your shift. Your name is not shared with Hypertrack.

If you notice errors in the automatic time tracking, you can contact a Zenjob employee at any time. He will analyze the discrepancies and, if confirmed, correct your working hours. The data will not be used for other purposes and will be kept for a period of three years for reasons of proof.

You can find more information about data protection and data security at Hypertrack here: https://hypertrack.com/privacy.

The automatic recording of working hours is based on Art. 6 (1) (a), (b) and (c) GDPR.

6. Rating system

You have the opportunity to rate your shift with our customers according to your work. The rating is only visible to us and is not shared with the customer. We use the data to improve the client’s work experience, but not for a scoring process.

The rating is stored in our database in the respective customer profile.

Our customers also have the opportunity to rate your work with them. A point system of 1-5 stars is available to you for this. The rating is only visible to certain departments as well as visible to the customer and serves to meet our customer satisfaction. However, the evaluation has no consequences for the job offers with us. As a result, you won’t see fewer jobs in our app if you’ve been rated poorly. There is no scoring procedure.

The reviews serve us to improve your work experience and the satisfaction of our customers in accordance with Art. 6 (1) (f) GDPR.

7. Contact requests

To manage your contact request, Zenjob uses the Salesforce software as a ticket system. Saleforce.com Germany GmbG, based in Munich, is a CRM system provider. In our Zenjob Salesforce CRM, we process the following personal data of yours to process your contact requests: surname, first name, e-mail address, telephone number, address, your personnel number and, if you attach documents e.g., CV, health certificate, residence permit to your request, these will also be stored in Salesforce.

The data is processed for the purpose of processing the employment relationship in accordance with Art. 6 (1) (b) GDPR.

You can learn more about data privacy and security at Salesforce here: https://www.salesforce.com/eu/company/privacy/.

If you choose our chatbot as a contact option, the chatbot of ultimate.ai GmbH, based in Berlin, will be used. The Ultimate Chatbot processes the personal data you enter. The chatbot records conversations so that they can be tracked. The Ultimate Chatbot produces short or long answers based on data records from our ticket system and help center. The chatbot will only use the data you provide in accordance with our instructions and to improve its own service.

The data is processed for the purpose of processing the employment relationship in accordance with Art. 6 para. 1 lit. b GDPR.

Further information on data protection and data security at Salesforce can be found here: https://www.ultimate.ai/security-privacy.

8. Contact via WhatsApp

We use WhatsApp Community as a communication channel for certain assignments with selected customers in order to communicate information about the assignment with you more efficiently and in a timely manner. This includes the transmission of work instructions, information on working hours, and other relevant communications. Your data will be used exclusively within the community group and only for the purposes mentioned above. Your data will not be passed on to third parties without your express consent.

The WhatsApp Community is a function of the messenger service WhatsApp Inc., based in the United States and as part of the Meta group of companies for the organization and coordination of groups. For the European area, WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland is the responsible party.

In the course of creating and coordinating a WhatsApp community, we process the following personal data: name, phone number, profile picture (if available), message content. Other community members will not be able to see your personal data. These are only visible to Zenjob administrators.

Participation in our community and the groups included in it is voluntary. You can join or leave the community at any time. Thus, we process your data within the framework of your consent in accordance with Art. 6 (1) (a) GDPR.

To use WhatsApp’s community function, you must already have a WhatsApp account and a user agreement with WhatsApp. As part of the use of our WhatsApp Community, WhatsApp Ireland Ltd. processes your personal data for the technical provision of services and, if necessary, for other purposes of its own that are beyond our knowledge. WhatsApp Ireland Ltd. is responsible for this under data protection law.

Our responsibility only extends to the data that is processed through the use of our WhatsApp community.

We will only store

your personal data for as long as is necessary for the purposes set out above or as required by law. Once you leave the community, we will no longer have access to your WhatsApp profile.

You can find more information about data protection and data security on WhatsApp here: https://www.whatsapp.com/legal/privacy-policy-eea?lang=de_DE.

V. Other data processing

1. Contact by email (Salesforce) and chatbot (ultimate.ai)

To manage your contact request, Zenjob uses the Salesforce software as a ticket system. Saleforce.com Germany GmbH, based in Munich, is a CRM system provider. In our Zenjob Salesforce CRM, we process the following personal data of yours to process your contact requests: surname, first name, e-mail address, telephone number, and address. If you attach documents e.g., CV, health certificate, residence permit to your contact request, these will also be stored in Salesforce.

The data is processed for the purpose of handling pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.

You can learn more about data privacy and security at Salesforce here: https://www.salesforce.com/eu/company/privacy/.

The data is processed for the purpose of handling inquiries regarding the employment relationship with Zenjob and thus for the processing of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR. If the employment relationship with Zenjob is not involved, the legal basis for the use of the Ultimate Chatbot is our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in fast and readily available customer communication.

Further information on data protection and data security at Salesforce can be found here: https://www.ultimate.ai/security-privacy.

2. Use of email address and phone number for marketing purposes

We may use the email address and phone number you provide to inform you about our own similar products and services we offer, changes to previous processes or new features, and to ask you to participate in surveys.

The legal basis is Art. 6 (1) (f) GDPR in conjunction with Section 7 (3) UWG. You can object to this at any time without incurring any costs other than the transmission costs according to the basic rates.

To conduct surveys, we use the SatisMeter service of SatisMeter s.r.o. (Czech Republic, EU). You can find more information about data protection when using SatisMeter under https://www.satismeter.com/privacy-policy/.

For the transmission of e-mail messages and in-app messages, we use the Braze service of Braze Inc. (New York, United States). You can find more information about data protection here: https://www.braze.com/company/legal/privacy.

For the transmission of chat messages, we use WhatsApp Business, a service of Meta Platforms Technologies Ireland Limited (Ireland, EU). You can find more information about data protection here: https://www.facebook.com/privacy/center/.