As of September 2021

Information About the Processing of Your Data

Under the EU General Data Protection Regulation (GDPR), we are required to inform you of the purposes for which we collect, store, or share your data. This information also outlines your rights regarding data protection.
 

Data Controller

• GPR Gesundheits- und Pflegezentrum Rüsselsheim gemeinnützige GmbH
• GPR Medical Care Center Rüsselsheim Non-Profit GmbH
• GPR Service GmbH

(depending on the company or companies to which you have applied; in the case of an unsolicited application, all companies may be included)

August-Bebel-Str. 59, 65428 Rüsselsheim
Managing Director Achim Neyer
Phone: 06142 88-4002
Email: info@~@gp-ruesselsheim.de

- hereinafter referred to as GPR -

Data Protection Officer

If you have any questions regarding data protection, please contact our Data Protection Officer:

Ute Soffel
Phone: 06142 88-1563
Email: datenschutz@~@gp-ruesselsheim.de

Scope, Legal Basis, and Purpose of Data Processing

As part of your application, the data listed below in particular is collected, recorded, stored, processed, retrieved, used, transmitted, etc. Collectively, this is referred to as the “processing” of your data. The term “processing” serves as the umbrella term for all these activities. Processing takes place both in paper form and digitally.

• Your so-called master and contact data (last name, first name, any additional names and date of birth, home address, telephone number and mobile phone number, email address)
• Data regarding your qualifications, etc. (e.g., professional qualifications, skills, and knowledge, particularly in relation to the job requirements of the advertised position)
• Work permit/residence permit, if applicable
• Health data, to the extent necessary to verify medical fitness
• Criminal record, if required to verify your personal suitability (submission of a certificate of good conduct)
• Additional data from your application documents (such as professional licenses, previous work experience, evaluations in employment references, salary expectations)

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) as well as national data protection laws (Federal Data Protection Act, Hessian Data Protection and Freedom of Information Act) and any other applicable laws (e.g., Works Constitution Act, Social Code Book IX).

Data processing is carried out for the purpose of deciding whether to establish an employment relationship. This is based on Article 6(1)(b) of the GDPR in conjunction with Section 23 of the Hessian Data Protection and Freedom of Information Act (HDSIG) or Section 26(1) of the Federal Data Protection Act (BDSG). Furthermore, pursuant to Article 10 of the GDPR in conjunction with Section 23(1) of the HDSIG or Section 26(1) of the BDSG, data regarding criminal convictions may also be processed to the extent necessary to verify your personal suitability for the advertised position (submission of a certificate of good conduct). Your health data may also be processed on the basis of Article 9(2)(h) of the GDPR in conjunction with Section 20(1) of the HDSIG or Section 22(1) of the BDSG for the purpose of assessing your ability to work.

Should we wish to process your personal data for a purpose not mentioned above, we will inform you in advance.

For data protection reasons, the GPR may only process your data if a legal basis requires or permits such processing, or if you have given your consent. In order to consider your application, we require the personal data necessary to conduct the application process and make a decision regarding the establishment of the employment relationship. It is not possible to conduct the application process without this data.

Source of the Data

We generally collect the data from you directly as part of the application or hiring process—where possible—specifically from application documents, interviews and phone calls conducted with you, and potentially via a personnel questionnaire. In the case of job placement, we also receive relevant data from third parties (e.g., recruiters, the Employment Agency). In addition, in individual cases, we also process personal data that we have lawfully obtained from public sources (e.g., XING, Stepstone, etc.).

Data Access

Only the management and those GPR employees directly or indirectly involved in the application and hiring process have access to your data. This also includes potential future line managers and their deputies. Your data may also be lawfully disclosed to the works council and, if applicable, the representative for employees with severe disabilities. Your data is processed by individuals who are subject to a general duty of confidentiality and have been instructed in compliance with data protection regulations.

The confidential handling of your data is guaranteed.

Recipients of Your Data

Your data is collected within the scope of the intended purpose in compliance with the applicable data protection regulations and any existing declarations of consent, and may be transmitted to internal and external persons or entities. Such persons or entities may include, in particular (non-exhaustive list):

• Management
• Line managers of the respective position for which the application is being submitted
• GPR’s application management team and Human Resources staff
• Works council and, if applicable, the representative for employees with severe disabilities
• Employment Agency (if the application was forwarded to us by them or if you have requested confirmation of the application, etc.)
• External service providers (so-called data processors), in particular IT service providers in connection with maintenance and service work

Withdrawal of Consent

If the processing of your data is based on consent, you have the right to withdraw your consent at any time. You may submit this declaration—in writing, by email, or by fax—to GPR. No reasons need to be provided. However, your withdrawal of consent takes effect only from the time you submit it. It has no retroactive effect. The processing of your data up to that point remains lawful.

Protection of the GPR’s legitimate interests

If the GPR is compelled to seek legal or judicial assistance to enforce its claims against you, the GPR may (for the purpose of enforcing its rights) use the necessary data regarding your person and your claims, as well as disclose such data if necessary, and is entitled to do so even without your consent.

Duration of Data Storage

In the event of a rejection, your application documents will be blocked from general access or deleted no later than six months after the conclusion of the application process.

For statistical purposes, the data is subsequently processed in a purely anonymized manner without any personal references, so that no conclusions can be drawn regarding the application.

Data will only be retained for a longer period if you have given us your consent to do so (e.g., for inclusion in an applicant pool).

Right to access, rectification, erasure, etc.

You have the right to obtain information about the personal data concerning you. You may also request the correction of inaccurate data.

Furthermore, under certain conditions, you have the right to erasure of data, the right to restrict data processing, and the right to data portability.

You also have the right to lodge a complaint with the competent data protection supervisory authority if you believe that the processing of your personal data is not lawful.

Details of the supervisory authority responsible for us

The Hessian Commissioner for Data Protection and Freedom of Information
P.O. Box 3163, 65021 Wiesbaden
Tel: 0611 1408-0