Data Protection Information for Applicants (according to Art. 13 Para.3 GDPR)

Principles of Data Processing 

As part of the application process, your personal data will be processed by the responsible person and stored for the period necessary to fulfill the specified purposes and legal obligations. In the following, we will inform you about what kind of data it is, how it is processed and what rights you have, in particular with regard to the General Data Protection Regulation (GDPR).


Who is Responsible for Data Processing?

The responsible in terms of data protection law is:
aumentoo GmbH, Heisinger Straße 12, 87437 Kempten.

Which of Your Personal Data is Processed by Us? And for What Purposes?

We only process personal data that is necessary to fulfill the specified purposes (application process) and legal obligations. This may include the following personal data:

  • personal details (e.g. name, address, contact details, birthday, place of birth, nationality)
  • family data (e.g. marital status, information on children)
  • qualifications (e.g. education, professional experience, language skills, advanced training)
  • references, certificates
  • image and audio data (e.g. ID photo, video recordings, audio recordings, other photo recordings)
  • and possibly other data comparable to the categories mentioned.

If we have received data from you, we will only process it for the purposes for which we have received or collected it e.g. 

  • for correspondence with you
  • to fulfill legal and statutory obligations
  • to defend against asserted claims

In this case, we will of course observe any information obligations pursuant to Art. 13 Para. 3 GDPR and Art. 14 Para. 4 GDPR. 

If you are hired, you will be informed separately about the applicable regulations for handling your personal data, in particular with regard to the creation of personnel files.


What is the Legal Basis for This?

The legal basis for the processing of personal data is – as long as there are no specific legal provisions – the General Data Protection Regulation and the Federal Data Protection Act.

The following options in particular come into consideration here:

  • Consent (Art. 6 Para. 1 (a) GDPR): If you have given your consent to the processing of personal data, the data will only be processed for the purpose stated in the consent. Example: Pictures of employees
  • Data processing for the fulfillment of contracts (Art. 6 Para. 1 (b) GDPR and § 26 BDSG): Your personal data is processed for the establishment, implementation or termination of the employment relationship within the framework of the existing contract or for the implementation of pre-contractual measures.
  • Data processing based on a weighing of interests (Art. 6 Para. 1 (f) GDPR): If necessary, your personal data will be processed beyond the actual fulfillment of the contract. This processing serves to safeguard the legitimate interests of aumentoo GmbH or third parties. Examples: Personnel development planning, publication of business contact details on the website, recording of employee interviews, 
  • Data processing to fulfill a legal obligation (Art. 6 Para. 1 lit. c) GDPR and Art. 88 GDPR and Section 26 BDSG): aumentoo GmbH is subject to various legal obligations or statutory obligations (e.g. social security law, occupational safety, if applicable professional law of lawyers, tax laws), as well as regulatory requirements (e.g. bar associations). If special categories of personal data are processed in accordance with Art. 9 Para. 1 GDPR, this serves to exercise rights or fulfill legal obligations from labor law, social security law and social protection (e.g. providing health data to the health insurance, recording of the severe disability for additional vacation, determination of the severely handicapped tax). Processing takes place on the basis of Art. 9 Para. 2 b GDPR in conjunction with § 26 Para. 3 BDSG. In addition, the processing of health data may be necessary to assess your ability to work in accordance with Art. 9 Para. 2 h GDPR in conjunction with § 22 Para. 1 b BDSG. In addition, the processing of special categories of personal data can be based on consent in accordance with Art. 9 Para. 2 a GDPR in conjunction with § 26 Para. 2 BDSG (e.g. operational integration management).

If personal data is processed on the basis of your consent, you have the right to revoke your consent to us at any time with effect for the future. If we process data on the basis of a balancing of interests, you as the person concerned have the right to object to the processing of personal data, taking into account the requirements of Art. 21 GDPR.


How Long Will the Data be Stored?

We process the data as long as it is necessary for the respective purpose. Insofar as there are statutory retention requirements – e.g. through the Social Security Code, Commercial Code and Tax Code – the relevant personal data will be stored for the duration of the retention requirement (10 years). After the retention period has expired, it is checked whether there is any further requirement for processing. If there is no longer any need, the data will be deleted. The general storage period for personal data can exceptionally be up to 30 years if this is necessary for the establishment, exercise or defense of legal claims.

Of course, you can request information about the personal data we have stored about you at any time (see below) and, in the event that this is not necessary, request the deletion of the data or restriction of processing.


To Which Recipients Will the Data be Passed On?

Your personal data will only be passed on to third parties if this is necessary for the execution of the contract with you, the passing on is permitted on the basis of a balancing of interests within the meaning of Art. 6 Para. 1 (f) GDPR, we are legally obliged to pass it on or you have given your consent in this regard.

Your personal data can be passed on to the following recipients, for example:

  • HR department
  • head of department
  • jointly responsible with us


Transfer of Personal Data to a Third Country

It is not planned to transfer your personal data to a third country or an international organization, unless this is required for the execution of the contract with you. If required by law, you will be informed separately about the details. 

Where is the Data Processed?

We process your personal data in German data centers.

Google Workspace

As a collaboration tool we use Google Workspace from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

We use the Gmail server for e-mail communication with you and, if necessary, other tools from the package to work with you and exchange information / data. The processing is based on a contractual or pre-contractual measure according to Article 6 (1) (b). The storage takes place in accordance with the statutory retention requirements.

In the case of surveys or other forms of data exchange, the legal basis is based on your consent in accordance with Article 6 (1) (a). You can revoke this consent at any time. The legality of the data processing operations that have already taken place remains unaffected by the revocation.

The data will not be passed on unless this is required by the contractual relationship or has been agreed with you.

Audio and Video Conferences

Data processing

To communicate with our customers we use online conference tools. The tools we use are listed below. If you communicate with us via video or audio conference via the Internet, your personal data will be recorded and processed by us and the provider of the respective conference tool.

The conference tools collect all data that you provide / use to use the tools (email address and / or your telephone number). The conference tools also process the duration of the conference, start and end (time) of participation in the conference, number of participants and other “context information” in connection with the communication process (metadata).

Furthermore, the provider of the tool processes all technical data that are required to handle online communication. This includes in particular IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or loudspeaker as well as the type of connection.

If content is exchanged, uploaded or made available in any other way within the tool, it is also stored on the servers of the tool provider. Such content includes in particular cloud recordings, chat / instant messages, voicemails, uploaded photos and videos, files, whiteboards and other information that is shared while using the service.

Please note that we do not have full influence on the data processing operations of the tools used. Our options are largely based on the company policy of the respective provider. Further information on data processing by the conference tools can be found in the data protection declarations of the tools, which we have listed under this text.

Purpose and legal basis

The conference tools are used to communicate with prospective or existing contractual partners or to offer certain services to our customers (Art. 6 Para. 1 S. 1 (b) GDPR). Furthermore, the use of the tools serves to generally simplify and accelerate communication with us or our company (legitimate interest within the meaning of Art. 6 Para. 1 (f) GDPR). If consent has been requested, the relevant tools are used on the basis of this consent; the consent can be revoked at any time with effect for the future.

Storage period

The data collected directly by us via the video and conference tools will be deleted from our systems as soon as you ask us to delete them, revoke your consent to store or the purpose for data storage no longer applies. Saved cookies remain on your device until you delete them. Mandatory statutory retention periods remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the conference tools for their own purposes. For details, please contact the operators of the conference tools directly.

Used conference tools

We use the following conference tools:

Google Meet

We use Google Meet. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on data processing can be found in Google’s privacy policy https://policies.google.com/privacy?hl=de and Google Cloud https://cloud.google.com/security/privacy 

Data Processing Addendum

We have signed a data processing addendum with the above-mentioned provider to fully implement the strict requirements of the German data protection authorities when using it.

Your Rights as a “Data Subject” – You Have the Right:

  • according to Art. 15 GDPR you have the right to inform yourself about your personal data processed by us. In particular, you can obtain information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of the right to complain, the origin of your data, if it was not collected from the person responsible, as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details;
  • in accordance with Art. 16 GDPR, to immediately request the correction of incorrect personal data or the completion of your personal data stored by the person responsible;
  • in accordance with Art. 17 GDPR, to request the deletion of your personal data stored by the person responsible, unless processing to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims is required;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the correctness of the data, the processing is unlawful, but you refuse to delete it, the person responsible no longer needs the data, but you need it to assert it, need to exercise or defend legal claims or you have objected to processing in accordance with Art. 21 GDPR; 
  • in accordance with Art. 20 GDPR, to receive your personal data, which you have provided to the person responsible, in a structured, common and machine-readable format or to request the transfer to another person responsible; 
  • in accordance with Art. 7 Para. 3 GDPR, to revoke your once given consent to the person responsible at any time. This has the consequence that the person responsible is no longer allowed to continue the data processing based exclusively on this consent in the future and
  • to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or work or our company headquarters.

In the event of a request for information that is not written, we ask for your understanding that we may then request evidence from you that proves that you are the person you are claiming to be.

Right of objection: In particular, you have a right of objection according to Art. 21 Para. 1 and 2 GDPR to the processing of your data in connection with direct advertising, if this is based on a weighing of interests.


Our Data Protection Officer
We have appointed a data protection officer. You can reach them at the following contact:

IDKOM Networks GmbH – Data Protection Officer, Dieselstrasse 1, 87437 Kempten 

Mr. Thomas Hug, E-Mail: datenschutz@idkom.de

The Right to Appeal
You have the right to complain at a supervisory authority of data protection about us for the processing of personal data:

Bavarian State Office for Data Protection Supervision, Promenade 27, 91522 Ansbach, Telephone 0981 531300, Fax 0981 53981300, E-Mail: poststelle@lda.bayern.de, Internet: www.lda.bayern.de