Data Protection: Careers


1. What is the reason for this information?

The protection of your personal data is important to us. Transparency around data processing is a central principal of the EU General Data Protection Regulation (EU GDPR), which applies from 25th May 2018. In the context of filling vacancies, we process your data in accordance with the EU GDPR and further legal regulations concerning data protection. The term ‘processing’ encompasses, amongst other things, the collection, retention, use, alteration and deletion of data.

2. Who is responsible for your data?

The entity responsible for your data is CAYAGO AG, Flachter Str. 32, 70499, Stuttgart.

3. Who is the relevant contact person?

The person that you know from the job posting or the application process.

4. Who is the relevant contact person for data protection within the company?

Pascal Wizenti
Flachter Str. 32
70499 Stuttgart

5. Who is the relevant supervisory body?

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (The State Representative for Data Protection Baden-Wuerttemberg)
Postfach 10 29 32, 70025 Stuttgart
Königstraße 10a, 70173 Stuttgart
Tel. +49 711 615541-0
Fax +49 711 615541-15

6. How do we use your data?

Your data is used solely for the purpose of making contact with you and for making decisions about filling vacancies within our company.

a. Speculative applications

If you submit an application to us without referring to a specific job vacancy, we assume that all relevant companies within our group of companies may use your data to offer you suitable job vacancies. For this purpose, your data will be retained in an IT system. The individual companies in our group of companies will use this data when searching for suitable candidates for current or future advertised positions. You can withdraw your speculative application at any time by informing us of this.

b. Transfer within the group of companies in the event of a specific job application

Should you apply for a specific job vacancy in a company within our group of companies, we will only share your data with other companies in the interest of filling vacant positions there if you have granted us your consent in this respect. You can withdraw this consent or restrict the sharing of information at any time.

c. Data verification for counter-terrorism purposes

As we are legally obliged to ensure that we do not provide financial resources to any recipients who have been sanctioned according to EU anti-terrorism laws and the German Foreign Trade and Payments Act, we compare the core data of our applicants against the respective current relevant lists, where applicable. When you apply for a job with us, you consent to this process.

7. How do we collect your data? 

Usually, you send us your data yourself by email and automatically receive further information on the processing of your data. Should you send us your application in another way (e.g. by post), we will usually retain your data in our IT system. If you have provided data about yourself on networks that are publicly accessible or platforms with a professional focus, we may also process this in accordance with the respective operator’s terms of use. If we work with recruiters, we assume that they are passing your data to us with your consent. In all cases, the data originates directly from you (direct collection).

8. What data do we collect from you?

• Where applicable, login data for the careers platform: Username and password
• Core data (surname, first name, date of birth)
• Contact data (address, telephone number, email address, etc.)
• Where applicable, nationality, work permit, data about medical fitness
• Application data such as CV, cover letter, references, letter of recommendation and where applicable, anything further that you provide to us and share with us in job interviews.
• Application photo
• Criminal record, if this is necessary for the work advertised, e.g. for drivers
• Account data in the event of compensation of travel costs
• Data about you that you have provided in online networks that are publicly accessible or platforms with a professional focus, in accordance with the relevant operator’s terms of use

9. Which data do you have to provide?

In order to be able to consider your application, in addition to your core data and contact data, we will always need personal data from you that gives information about your eligibility for a specific position (application data). As long as there is no exceptional legal obligation (e.g. medical certification as per the German Youth Employment Protection Act), you decide which data you provide to us. If you would like to make use of the particular rights for those with severe disabilities in the application process, you can state your disability in the application letter.

10. On what legal basis do we process your data?

We process your data in order to reach a decision regarding starting an employment relationship with you. The relevant legal basis is Art. 6, para. 1, letter b (the potential employment contract), letter c (our legal obligation) and letter a (your consent) of the EU General Data Protection Regulation (GDPR). The current Data Protection laws also allow us to process data on the grounds of legitimate interest, in certain individual cases. If we use this to justify the processing of data, we will inform you of this and of your right to object to this. Further legal bases for Germany can be found in Article 88 of the EU General Data Protection Regulation (EU GDPR) in conjunction with Section 26 of the German Federal Data Protection Act (BDSG).

11. Who has access to your data?

Your data is always only made available to authorized employees. In the event that data is shared within the group of companies, the conditions highlighted in 6a and 6b apply. The group-wide process of filling vacancies may also provide for recruiters and technical service providers, both from other companies within the group of companies and from external companies, having access to your data, in addition to the supervisor and the human resources department of the company that is hiring for the position. Processes that take place across the group of companies, for example in the area of outsourced IT, can provide for employees from various companies within our group of companies having authorized access to your data.

12. How is access to your data protected?

Should you apply for, or share your data for, a position outside of the European Union, companies within the group of companies in so-called third-party countries also have access to your data. If personal data is shared with other companies from the group of companies in so-called third-party countries, this takes place in accordance with the data protection guidelines of the group of companies. This guarantees that our companies process personal data worldwide in accordance with standards that ensure a level of data protection that is suitable and stipulated under European data protection law. If another company from the group of companies, or an external company, operates as a (technical) service provider, this is ensured through contractual agreements and obligations to maintain European standards for data protection. We do not transmit data to international organizations.

13. How long is your data stored?

We store your data until you withdraw your (speculative) application or revoke your consent to be included in our pool of applicants that had been given in connection with your application for a specific vacancy. Should your application be unsuccessful by the end of the application process, we will store your data for six more months. If you are accepted for a position with us, we will transfer your application data to your personnel file. 

14. What applies for automated decision-making?

If it is permissible for decisions to be made automatically or for automatic processing, evaluation and forecasting of certain personal aspects relating to you (profiling) to be carried out, and this is performed by your company within the group of companies, we will inform you about your right to be heard and to object in this respect.

15. What rights do you have?

In accordance with the applicable legal provisions, you have the right
• To obtain information about the data that we have stored relating to you
• To request the correction of incorrect data that we have stored relating to you
• To request the deletion of the data that we have stored relating to you that we are no longer authorized to store about you
• In the event of automated decision-making, to be heard and to object in this respect,
• To object to the processing of your data in order to protect our legitimate interests,
• To withdraw your consent,
• To obtain a copy of the data that we have stored relating to you (where applicable, in electronic form)

16. How do you exercise your rights?

Please make yourself aware of your rights through your respective contact person during the application process. In the event of correction or deletion, we will also inform the recipients of your data in this respect. Should you have any further questions, the relevant contact person for data protection will be happy to hear from you. Should you believe that your rights have not been adequately observed, you have the option to file a complaint with the relevant regulatory body.

17. Changes to this information

If the content of this information changes, we will make the new version available to you via this link or via your contact person.