It is generally possible to use our website without providing personal information. Insofar as personal information (such as name, address or email address) is gathered on our website, this is always done on a voluntary basis if at all possible. This information will not be passed on to third parties without your express permission.
We wish to point out that data transmission via the Internet (e.g. communication via email) may be subject to security loopholes. It is not possible to ensure that data is completely secured against access by third parties.
We hereby expressly object to the use by third parties of contact details published within the scope of our statutory legal notice obligations for the purpose of providing advertising and information material which has not been expressly requested. The operators of the website expressly reserve the right to take legal action in the event of the sending of unsolicited advertising information, for example by way of unsolicited spam emails.
Calling up the website
When you access our website, information of a general nature is automatically collected. This information (so-called server log files) includes, for example, the type of web browser, the operating system used, the domain name of your internet service provider, your IP address and similar. This automatically transmitted information is processed in particular for the following purposes:
- Ensuring a problem-free connection of the website
- Ensuring the smooth use of our website and
- Evaluation of system security and stability.
The provision of this data is neither legally nor contractually required. However, without the IP address and the cookie identifier, the use and functionality of our website is not possible or guaranteed. In addition, individual services may not be available or may be limited.
In principle, this data is automatically deleted as soon as it is no longer required for the purpose for which it was collected. In some cases, this is already the case after the end of each session. However, in the event of concrete indications of illegal use, we reserve the right to subsequently check the server log files via our hosting provider. For the operation and maintenance of our website, we use technical service providers who act as our order processors in accordance with Art. 28 DSGVO.
The processing around the technical provision of our website is carried out in accordance with Art. 6 para. 1 lit. f DSGVO on the basis of our legitimate interest in the presentation of the company and the associated improvement of the stability and functionality of our website.
We use a specialized software provider to handle the application process. The applicant portal is operated by Personio, whom we have contracted to process applications. Detailed data protection information for applicants is available here: thjnkag-jobs.personio.de/privacy-policy
Should you choose to send us your application by e-mail using the address firstname.lastname@example.org, please be aware that in the interests of maintaining the confidentiality of your documents, only a limited, authorized group of employees has access to this mailbox. Also, we process the data you transmit to us solely for the purpose of your application.
However, adherence to the deletion deadlines for applications received by e-mail is limited by the legal requirements for audit-proof storage of business communication, including e-mails, applicable in Germany.
We would also like to point out that unencrypted e-mails sent via the Internet are not sufficiently protected against unauthorized access by third parties.
Our application portal is available for the secure transmission and processing of your application documents in accordance with the requirements of the GDPR: thjnkag-jobs.personio.de
The Data Controller within the meaning of data protection law, particularly the EU General Data Protection Regulation (GDPR), is:
Your rights as the Data Subject
You may contact our Data Protection Officer using the details provided at any time to exercise your right to:
information about the data we have about you and how it is processed,
rectification of inaccurate personal data,
deletion of the data we have about you,
restriction of data processing if we are not yet able to delete your data due to legal obligations,
objection to the processing of the data we have about you, and
data portability, provided that you have consented to the data being processed or entered into a contract with us.
If you have given us consent, you can revoke it at any time with effect for the future.
You may register a complaint with the competent supervisory authority at any time. The competent supervisory authority is determined based on the German state in which you live, work, or in which the alleged breach occurred. A list of supervisory authorities (for the private sector) and their addresses can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
Purposes for which data is processed by the Data Controller and third parties
you have expressly consented to us doing so,
the data must be processed for the performance of our obligations under a contract with you,
the data must be processed in order to meet a legal obligation,
the data must be processed in order to protect legitimate interests and there is no reason to believe that you have an overriding interest in the non-disclosure of your data.
Recipients of the data and any associated processing outside the EU or in so-called "third countries"
We use commissioned service providers for individual processing operations. This includes, for example, hosting, maintenance and support of IT systems, marketing measures or file and data media destruction. These service providers only process data according to explicit instructions and are contractually obliged to ensure appropriate technical and organisational data protection measures. In addition, we may transmit personal data of our customers to bodies such as postal and delivery services, payment and information services, house bank, tax advisor/auditor or the tax authorities.
In the process, personal data may be transferred to third countries or to international organisations that have a subsidiary in Europe but, due to your global organisation with, for example, a headquarters in the USA, access to your data cannot be ruled out.
In principle, the processing of personal data outside the EEA is possible with appropriate safeguards for the processing of personal data. These appropriate safeguards can, for example, be based on an adequacy decision of the EU Commission, or be brought about by exercising further possibilities such as internal data protection regulations, approved codes of conduct, standard data protection clauses or an approved certification mechanism pursuant to Art. 46 (2) lit. a) - f) GDPR.
Despite possible measures to establish legally compliant processing of personal data in a third country, there are risks in some third countries regarding the effective protection of EU fundamental rights through the use of surveillance laws (for example, the US).
Where a transfer to a third country is necessary, we will internally assess the risks in cooperation with our Data Protection Officer and take all reasonable steps to ensure that the protection of your personal data in such transfers complies with the legal requirements and the appropriate safeguards provided.
To the extent that these transfers are not based on a legal basis or are made to a country for which there is no adequacy decision issued by the EU Commission, we use the EU standard contractual clauses. Information on EU standard contractual clauses can be found on the European Union website.
Deletion and blocking of data
Security and integrity of the data
Protecting the personal data and information you give us or that we receive about you is a priority for us. We take appropriate security measures to protect your data from loss, misuse and unauthorised access, alteration, disclosure or destruction. To this end, we take organisational measures, such as training and commitment of employees, as well as technical measures to ensure the confidentiality, integrity, availability and resilience of systems and services that process personal data, and will restore availability and access to information in a timely manner in the event of a physical or technical incident.
Managing consent and web tracking technologies
We use the consent management platform of Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, to manage all cookies, website and tracking technologies that require consent or opt-out in a data protection-compliant manner.
Like many other websites, we also make use of “cookies”. Cookies are small text files transferred to your hard drive by a website server. This allows us to automatically receive certain data regarding, for example, your IP address, browser used, operating system and Internet connection.
Cookies cannot be used to start programs or infect a computer with a virus. The information contained in the cookies enables us to correctly display our web pages and make it easier for you to navigate them.
At no time will we ever provide the data we collect to third parties or link this data to your personal details without your consent.
Web analysis with the help of Google Analytics
For the purpose of range measurement and web analysis, anonymous user profiles are usually created and stored in a file (so-called "cookie") or similar procedures with the same purpose are used. The stored/analysed information and content may include, for example, content viewed, websites visited and elements used there and technical information such as the browser used, the computer system used and information on usage times.
The IP addresses of the users are also stored. However, we use an IP masking procedure (i.e. pseudonymisation by shortening the IP address) to protect users, whereby the IP address is shortened beforehand by Google within the European Union or in other contracting states of the Agreement on the European Economic Area. In general, no clear user data (such as e-mail addresses or names) is stored in the context of web analysis and optimisation, but pseudonyms. This means that we as well as the providers of the software used do not know the actual identity of the users, but only the information stored in their profiles for the purpose of the respective procedures.
The collection of data for web analysis is based on your consent in accordance with Art. 6 Para. 1 lit a DSGVO, which you can revoke at any time with effect for the future: www.thjnk.de/en/privacy/
In order to ensure your data is protected during transfer, we use the latest encryption technology (e.g. SSL) via HTTPS.
Use of YouTube in extended data protection mode
Based on our legitimate economic interest pursuant to Art. 6 para. 1 lit. f for the appealing design of our website, as well as for the optimisation of user-friendliness, we integrate videos of the company YouTube , LLC 901 Cherry Ave., 94066 San Bruno, CA, USA (hereinafter: "YouTube"), a company of Google Inc, Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter: "Google"). The integration of a CDN requires that the respective provider processes the IP address of the user, as without the IP address they would not be able to send the content to their browser. This means that when you call up a page that has an embedded video, a connection is established to the YouTube servers and the content is displayed on the website by informing your browser.
We use the YouTube services in the so-called "extended data protection mode" option provided, whereby no cookies are collected on user activities in order to personalise the video playback. Nevertheless, information on user interaction with the video (e.g. remembering the last playback point) may be stored. If you are logged in to YouTube at the same time, the information related to the use may be assigned to your YouTube member account. You can prevent this by logging out of your member account before visiting the website.
Questions for the Data Protection Officer
If you have any questions regarding data protection, please send us an e-mail or contact our Data Protection Officer directly: