We have talent

Privacy Policy

General information about data protection at GECO

The protection of personally identifiable data is an important concern for us. We therefore operate our web activities in accordance with all applicable laws on data protection and data security. In the following, you will learn what information we may collect and how we handle it. It is therefore a matter of course for us to treat all data, in particular personally identifiable data, which you entrust to us with the strictest confidence and only for the stated intended purpose, in compliance with the statutory provisions. The new basic general data protection regulation (GDPR) has been in force since May 25, 2018. It harmonises data protection within the EU while at the same time reinforcing the rights of data subjects.

The following privacy policy provides detailed information about the data we process in the context of the use of our portal and in the context of the use of the freely accessible or login areas of our website. In addition, we will inform you how and for what purposes we process your data if you have consented to the data processing and if there is a cooperation between us or if you agree to be included in our candidate pool, how we use this data, and which data we transfer to third parties. It is very important to us that you understand the individual aspects and are fully aware of your rights.

Please note that our privacy policy applies exclusively to our own content. Links to third party websites are expressly not covered under this privacy policy. This privacy policy may be changed from time to time. Via the link, you can view the currently valid version of our privacy policy at any time.

Name and address of the controller

The controller in terms of the General Data Protection Regulation and other national data protection laws, as well as any other data protection regulations is:

GECO Germany GmbH

Schellerdamm 16
21079 Hamburg

Phone: 040 764 007 0
Fax: 040 764 007 40
E-mail: datenschutz@geco-group.de
Website: www.geco-group.com

Name and address of the Data Protection Officer and the data protection authority

The Data Protection Officer of the controller is:

a.s.k. Datenschutz e.K.

Schulstrasse 16a
91245 Simmelsdorf
Germany

Tel..: 09155-263 99 70
E-mail: extdsb@ask-datenschutz.de
Website: www.ask-datenschutz.de

The data protection supervisory authority responsible for us is the "Hamburg Commissioner for Data Protection and Freedom of Information":
Website: https://www.datenschutz-hamburg.de/

General information on data processing

Scope of the processing of personally identifiable data

As a matter of principle, we process the of personally identifiable data of our users only to the extent necessary to provide a functional website and our contents and services. The processing of our users’ personally identifiable data takes place either after the user's consent or if the processing of the data is permitted by legal regulations.

Legal basis for the processing of personally identifiable data

  • Insofar as we obtain the consent of the data subject for the processing of personally identifiable data, Article 6 (1) (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
  • In the processing of personally identifiable data necessary for the performance of a contract to which the data subject is a party, Article 6 (1) (b) of the GDPR serves as the legal basis. This also applies to processing operations necessary to perform pre-contractual measures at the request of the data subject.
  • Insofar as the processing of personally identifiable data is necessary to fulfil a legal obligation to which our company is subject, Article 6 (1) (c) of the GDPR serves as the legal basis.
  • If the processing is necessary to safeguard a legitimate interest of our company or of a third party, and if the interests, fundamental rights and freedoms of the data subject do not outweigh the aforementioned interest, Article 6 (1) (f) of the GDPR serves as the legal basis for the processing.

Data deletion and storage period

The personally identifiable data of the person concerned will be deleted or blocked as soon as the purpose of the storage no longer applies. Furthermore, data may be stored if so provided for by the European or national legislator in ordinances, laws or other regulations to which the controller is subject. Data may also be stored if this is necessary for the assertion, exercise or defence of legal claims.

Disclosure of personally identifiable data

Your personally identifiable data will not be transferred to third parties for purposes other than those listed below. We only pass on your personally identifiable data to third parties if:

  • You have given your express consent in accordance with Article 6 (1) (a) of the GDPR,
  • the disclosure pursuant to Article 6 (1) (f) of the GDPR, is necessary for the assertion, exercise or defence of legal claims, and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
  • there is a legal obligation to disclose the data in accordance with Article 6 (1) (c) of the GDPR, and
  • this is legally permissible and required under Article 6 (1) (b) of the GDPR, for the processing of contractual relationships with you.

Provision of the website and creation of log files

Description and scope of data processing

Each time that our website is called up, our system automatically collects data and information from the computer system of the calling computer.

The following data is collected:

  1. Information about the browser type and version used
  2. The user's operating system
  3. The Internet service provider of the user
  4. The IP address of the user
  5. Date and time of access
  6. Websites from which the user's system accesses our website
  7. Websites that are called up by the user's system via our website

Legal basis for data processing

The legal basis for the temporary storage of data is Article 6 (1) (f) of the GDPR.

Purpose of data processing

We process the data mentioned above for the following purposes:

  • To ensure a smooth connection to our website,
  • To ensure convenient use of our website,
  • Evaluation of system security and system stability,
  • Clarification of possible abusive page accesses (DoS/DDoS attacks or similar), and
  • for other administrative purposes.

An evaluation of the data for marketing purposes does not take place in this context. We reserve the right to draw conclusions about your person in the event that this becomes necessary in order to clarify abusive page access.

These purposes also include our legitimate interest in data processing in accordance with Article 6 (1) (f) of the GDPR.

Duration of storage

Data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session is ended.

In the case of data storage in log files, this is the case after no more than seven days. Storage beyond this is possible In this case, the IP addresses of the users are deleted or anonymised so that an assignment of the calling client is no longer possible.

Use of cookies

Registration

Description and scope of data processing

Via our website you can register as a user with GECO and enter your profile in our database. As a registered user, you can log in repeatedly and maintain your profile as needed. After logging in, you can apply without obligation for concrete project or job offers, however, this is also possible without registration, by using e-mail.

Data for the purpose of registration will only be transmitted to us if you have declared by clicking the corresponding checkbox (opt-in) that you consent to the collection, storage, processing, use and transmission of your data in accordance with this policy.

The following data is collected during the registration process:

  1. Company
  2. Salutation
  3. Title
  4. First name
  5. Last name
  6. Date of birth
  7. Nationality
  8. Mother tongue
  9. Street, house number
  10. Address suffix
  11. Place
  12. Postcode
  13. Country
  14. Phone number
  15. Mobile phone number
  16. Fax number
  17. E-mail address
  18. Homepage
  19. Desired employment relationship
  20. Hourly rate
  21. Date of availability
  22. Project preference (here up to 5 groups can be selected)
    1. Consultant
    2. Administrator
    3. Developer
    4. Project Manager
    5. Project Manager
    6. System engineer
    7. Test manager
    8. Business analyst
    9. Sub-project manager
    10. Trainer
    11. Coach
    12. Technical support/technician
    13. Architect
    14. Interim manager
    15. Service manager
  23. Information where else your profile can be found
  24. Certifications
  25. Details of how you became aware of us
  26. Consent to the general terms and conditions and privacy policy and the collection of data

Please note that in particular CVs, certifications, cover letters or other data provided by you for introductory purposes may regularly contain information on "special categories of personally identifiable data" as defined by Article 9 of the GDPR (e.g. a photograph making a person’s ethnicity apparent, information on severe disabilities, etc.). GECO would like to evaluate all candidates only according to their qualification and therefore requests that such information or "special categories of personally identifiable data" are not, as far as possible, included. If you nevertheless provide us with any information of this nature, you agree that we may process this information and transfer it to third parties in accordance with this privacy policy.

At the time of registration, the following data is also stored:

  1. The IP address of the user
  2. Date and time of registration

During the registration process, the user's consent to the processing of this data is obtained.

E-mail contact

Description and scope of data processing

It is possible to contact us via a provided e-mail address or by telephone. In this case, the personally identifiable data of the user transmitted by e-mail or telephone will be stored.

In this context, the data will not be passed on to third parties. The data will be used exclusively for processing the conversation.

Legal basis for data processing

The legal basis for the processing of the data is the consent of the user in accordance with Article 6 (1) (a) of the GDPR.

If the contact aims at the conclusion of a contract, Article 6 (1) (f) of the GDPR is an additional legal basis for the data processing.

Purpose of data processing

The processing of personally identifiable data serves us only to process the contact.

Any other personally identifiable data processed during the sending process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

Duration of storage

Data will be deleted as soon as they are no longer necessary for the purpose for which they were collected. This is the case when the respective conversation with the user is finished. The conversation ends when it is clear from the circumstances that the matter in question has been finally clarified.

Possibility of objection and removal

The user has the possibility to revoke his consent to the processing of personally identifiable data at any time. In such a case, the conversation cannot be continued.

If you would like to make use of your right of revocation, an e-mail to datenschutz@geco-group.com or a phone call to 040-764007 0 is sufficient.

In this case, all personally identifiable data stored in the course of the contact will be deleted.

Web analysis

We do not use cookies or other tracking methods to evaluate the use of this offer.

Matomo (formerly Piwik)

This website uses the open source web analysis service Matomo. Matomo uses technologies that enable the recognition of the user across pages for the analysis of user behaviour (e.g. cookies or device fingerprinting). The information collected by Matomo about the use of this website is stored on our server. The IP address is anonymised before being saved.

This analysis tool is used on the basis of Article 6 (1) (f) of the GDPR. The website operator has a legitimate interest in the anonymised analysis of user behaviour in order to optimise both his website and his advertising. If a corresponding consent has been requested (e.g. consent to the storage of cookies), the processing is carried out exclusively on the basis of Article 6 (1) (a) of the GDPR; the consent can be revoked at any time.

The information collected by Matomo about the use of this website will not be disclosed to third parties.

 

Rights of the data subject

Right of access to information

You can request confirmation from the controller as to whether personally identifiable data concerning you is being processed by us.

If such processing is taking place, you may request the following information from the data controller:

  1. the purposes for which the personally identifiable data are being processed;
  2. the categories of personally identifiable data which are being processed;
  3. the recipients or categories of recipients to whom the personally identifiable data concerning you have been or will be disclosed;
  4. the planned duration of storage of the personally identifiable data relating to you or, if it is not possible to give specific details, criteria for determining the duration of storage
  5. the existence of a right of rectification or deletion of personally identifiable data concerning you, a right to have the processing limited by the controller, or a right to object to such processing
  6. the existence of a right of appeal to a supervisory authority;
  7. all available information on the origin of the data, if the personally identifiable data have not been collected directly from the data subject;
  8. the existence of automated decision making, including profiling, in accordance with Article 22 (1) and (4) of the GDPR, and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such processing on the data subject.

You have the right to request information as to whether personally identifiable data concerning you is being transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate guarantees pursuant to Article 46 of the GDPR in connection with the transfer.

Right to rectification

You have the right to ask the data controller to rectify and/or complete the data if the personally identifiable data processed concerning you is incorrect or incomplete. The controller shall make the correction without delay.

Right to limit processing

Under the following conditions, you may request the restriction of the processing of personally identifiable data concerning you:

  1. if you dispute the accuracy of the personally identifiable data concerning you for a period that allows the person responsible to verify the accuracy of the personally identifiable data;
  2. the processing is unlawful and you object to the deletion of the personally identifiable data and request instead the restriction of the use of the personally identifiable data;
  3. the controller no longer needs the personally identifiable data for the purposes of the processing, but you need it in order to exercise or defend your rights, or
  4. if you have lodged an objection to the processing pursuant to Article 21 (1) of the GDPR, and it has not yet been established whether the legitimate reasons given by the controller outweigh your reasons.

Where the processing of personally identifiable data relating to you has been restricted, such data may be processed, with the exception of storage, only with your consent or for the purpose of pursuing, exercising or defending legal claims or protecting the rights of another natural or legal person or on grounds of an important public interest of the Union or of a Member State.

If the restriction on processing has been restricted in accordance with the above conditions, you will be informed by the controller before the restriction is lifted.

Right of cancellation

Obligation to delete

You may request the controller to delete personally identifiable data concerning you without delay and the controller is obliged to delete such data without delay if one of the following reasons applies:

  1. The personally identifiable data concerning you are no longer necessary for the purposes for which they were collected or otherwise processed.
  2. You revoke your consent on which the processing was based pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR, and there is no other legal basis for the processing.
  3. You object to the processing pursuant to Article 21 (1) of the GDPR, and there are no legitimate reasons for the processing, or you object to the processing pursuant to Article 21 (2) of the GDPR.
  4. The personally identifiable data concerning you have been processed unlawfully.
  5. The deletion of personally identifiable data concerning you is necessary to comply with a legal obligation under Union law or the law of the Member States to which the controller is subject.
  6. The personally identifiable data concerning you has been collected in relation to information society services offered in accordance with Article 8 (1) of the GDPR.

Information to third parties

If the controller has made public the personally identifiable data concerning you and is obliged to delete them pursuant to Article 17 (1) of the GDPR, he shall take reasonable measures, including technical measures, taking into account the available technology and the implementation costs, to inform data controllers who process the personally identifiable data that you, as a data subject, have requested them to delete all links to these personally identifiable data or copies or replications of these personally identifiable data.

Exceptions

The right of deletion does not exist insofar as the processing is necessary

  1. for the exercise of the right to freedom of expression and information;
  2. in order to comply with a legal obligation to which the processing relates under Union or member state law to which the controller is subject, or in order to perform a task carried out in the public interest, or in the exercise of official authority vested in the controller;
  3. for reasons of public interest in the field of public health pursuant to Article 9 (2) (h) and (i), and Article 9 (3) of the GDPR;
  4. for archiving, scientific or historical research purposes in the public interest, or for statistical purposes pursuant to Article 89 (1) of the GDPR, insofar as the law referred to in section a) is likely to render impossible or seriously prejudice the attainment of the objectives of such processing, or
  5. to assert, exercise or defend legal claims.

Right to information

If you have asserted the right to rectify, erase or limit the processing vis-à-vis the controller, the controller is obliged to notify all recipients to whom the personally identifiable data concerning you have been disclosed of this rectification, erasure or limitation of processing, unless this proves impossible or involves a disproportionate effort.

You have the right to be informed of these recipients by the controller.

Right to data transferability

You have the right to receive the personally identifiable data concerning you that you have provided to the data controller in a structured, common and machine-readable format. Furthermore, you have the right to have this data communicated to another controller without interference from the controller to whom the personally identifiable data has been made available, provided that

  1. the processing is based on a consent pursuant to Article 6 (1) (a) or Article 9 (2) (a) of the GDPR,or on a contract pursuant to Article 6 (1) (a) of the GDPR, and
  2. the processing is performed by means of automated procedures.

In exercising this right, you also have the right to insist that the personally identifiable data concerning you be transferred directly from one controller to another, as far as this is technically feasible. The freedoms and rights of other persons may not be impaired thereby.

The right to data transferability shall not apply to processing of personally identifiable data which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right of objection

  1. You have the right to object at any time, for reasons arising from your particular situation, to the processing of personally identifiable data concerning you, which is carried out on the basis of Article 6 (1) (e) or (f) of the GDPR.
  2. The controller shall no longer process the personally identifiable data concerning you, unless he can demonstrate compelling reasons for processing which are justified on grounds of protection of your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
  3. If the personally identifiable data concerning you are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personally identifiable data concerning you for the purpose of such marketing, insofar as it is connected with such direct marketing.
  4. If you object to processing for direct marketing purposes, the personally identifiable data concerning you will no longer be processed for these purposes.
  5. You may exercise your right of objection in connection with the use of information society services – without prejudice to Directive 2002/58/EC – by means of automated procedures involving technical specifications.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your data protection declaration of consent at any time. Revocation of consent shall not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are resident, your place of work, or the place of the alleged infringement, if you consider that the processing of personally identifiable data concerning you is in violation of the of the GDPR.

The supervisory authority to which the complaint has been lodged shall inform the complainant of the status and the results of the complaint, including the possibility of a judicial remedy under Article 78 of the GDPR.