For reasons of better readability, the following declaration does not use the language forms male, female or diverse at the same time. Personal designations apply equally to all genders. The protection of your privacy when processing personal data and the security of this data is an important concern for us, which we take into account accordingly in our business processes and take the necessary organizational and technical measures.
We attach great importance to making the processing and use of your personal data transparent and would like to inform you in this privacy policy about our handling of your data and your rights in this context.
Unless expressly described otherwise below, we perform the role of data controller for the processing of your personal data jointly with
Pronovum Betriebs GmbH
Stadlauer Straße 60/1/3, 1220 Vienna, Austria
T +43 1 3619895
office@clickmasters.info
Each time our application is accessed, our system automatically collects the following data and information from the system of the accessing end device: type and version of the browser used; operating system of the accessing end device; IP address; Internet service provider of the accessing system; date and time of access; websites from which the user's system accesses our website (referrer, URL); amount of data transferred; websites accessed by the user's system via our website.
The processing of the aforementioned data, including the IP address, by the system is necessary to enable the content to be delivered to the user's device. We also process this data in order to detect, prevent and investigate technical faults or misuse of our application.
In addition, the data record described above is stored in log files for a limited period of time in order to ensure the functionality of the application and to optimize it.
The temporary processing and storage of the data mentioned in point 3.1.1. is necessary for the security of our IT systems and to be able to offer you a high-performance application. The legal basis for the processing is our legitimate interest within the meaning of Art. 6 para. 1 lit. f of the General Data Protection Regulation (hereinafter referred to as GDPR).
We use IT service providers to operate and manage the application, who may also gain access to personal data on our behalf and in accordance with our instructions in order to provide the commissioned IT services. Your data will not be passed on to other third parties for their own purposes without your consent.
The session data of the application is automatically deleted at the end of your visit. The data stored in the log files are generally deleted automatically after seven days. If this data is required for the prevention or prosecution of abusive access, the storage period is extended until the final clarification or until the legally binding conclusion of any official proceedings.
Our application collects relevant information about applicants by means of questions specifically tailored to a vacant position. For this purpose, we essentially process the following categories of data Contact details, professional experience, professional training, special knowledge, age group, language skills, willingness to travel, certificates and proof of examinations, social skills, salary level, availability.
The data processing as a result of your use of our application is a necessary pre-contractual measure for which we can rely on the legal basis of Art. 6 para. 1 lit. b GDPR. For a storage period exceeding the usual application procedure, we rely on your consent, if given, in accordance with Art. 6 para. 1 lit. a GDPR. The same applies to the use of your data to fill positions other than those for which you have applied.
In principle, only the company advertising the position will have access to the information you provide. We will only make your application data available to other interested companies with your consent.
If you are not shortlisted as an applicant, your data will be deleted after six months. If you give your consent, we will keep your data on file for a period of two years in order to be able to make you alternative offers that match your qualifications.
Cookies are small text files that are stored (set) on the user's end device by means of the web browser used when visiting a website in order to recognize the user. Technically necessary cookies” are primarily those that are automatically set in response to a service request by the user (e.g. filling out an online form as part of the application).
When you use our application for the first time, a cookie banner automatically appears in which you can accept the use of cookies for the listed analysis services in principle, reject them in principle or allow them individually. If you continue to use our application without consent, only those cookies that guarantee the basic technical function of our application will be stored on your end device. No such cookies are transmitted to third parties.
For the use of technically necessary cookies, we rely on our legitimate interest in the proper operation of the application (Art. 6 para. 1 lit. f GDPR).
The storage period on the website visitor's device is generally limited to the duration of a session, i.e. a visit to the website.
We use so-called web fonts provided by Google for the uniform display of digitized fonts on our website. However, these are hosted by us locally on a web server located in the EU, which is why their integration into the website does not trigger any data exchange with Google servers located in third countries (USA).
When a user's browser requests a font used on our website, the following data in particular is processed: Language settings of the end device, screen resolution on the end device used, IP address assigned to the user and type and version of the web browser used during access.
For the processing of personal data (IP address) when using the locally integrated Google Fonts, we can rely on our legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR in the correct display of digitized fonts on the user's terminal device.
The data required by the user's browser when requesting fonts from Google Fonts will only be processed for as long as is necessary for the purpose of displaying the fonts. This is to be distinguished from the storage of log files that are created when accessing the servers on which Google Fonts are hosted (see points 3.1.1. and 3.1.4.).
If you give your consent by clicking the button in the cookie banner, our application collects data about your use of the application (so-called “click behavior”; e.g. time spent in the application, visits to individual sub-pages, immediately previously used application such as search engine or link) by means of third-party services (Google Analytics, meta pixels).
Technically, the recording of user behavior is implemented by embedding so-called codes, more precisely code fragments (also “tags”), in the application. These code fragments are - again in simplified terms - instructions in text form that a computer or software can understand and process. By linking them to certain content in the application, previously defined user actions (so-called “events” such as clicking on a button or photo, etc.) trigger automated messages to the respective analytics service provider, whereby a whole range of other information is transmitted (see below). The codes are integrated and controlled both in the case of Google Analytics and in the case of the meta pixel using the “Google Tag Manager” (GTM) service. Further information on GTM can be found in the relevant cookie information, which is provided via the cookie banner.
Irrespective of the click behavior addressed, the user's browser is prompted by the codes of the analysis services to call up defined servers, which results in the setting of a permanent (persistent) cookie in the user's end device, which takes on the function of a user ID (also: client ID). This user ID enables the analysis services to recognize a user of this application and other websites at a later date. If a user is registered with Meta or Google services and is logged in at the time of visiting our application, Meta or Google will link the data collected when using our application to the user account with Meta or Google.
The integration of the meta pixel and the Google Tag Manager (GTM) in our application leads to the automatic transmission of the following data in particular to Meta and Google:
As a result of the use of the IP address and the aforementioned user ID, pseudonymous user data is transmitted to Meta and Google, which is generally subject to the General Data Protection Regulation (GDPR).
The purpose of the transmission is to evaluate the usage data on the basis of marketing-relevant criteria. The result is made available to us in the form of retrievable reports. The aim of this is not to track the behavior of a specific user, but to obtain statistics on the general use of the application.
In accordance with the principle of data minimization, we have configured the service offered by Google Analytics to shorten the user's IP address before it is transmitted to the USA or other third countries. According to the prevailing opinion, however, this does not mean anonymization of the associated data in the strict sense, which is why the requirements of the GDPR for transfers of personal data to recipients in countries outside the EU and EEA (so-called third countries) remain applicable (more details below in point 3.5.3).
In addition, we have configured Google Analytics in such a way that the user data collected when using the application is not linked to data from other Google services.
Data processing for the analysis of user behavior is generally based on our legitimate interest in the target group-specific design and implementation of recruiting campaigns (Art. 6 para. 1 lit. f GDPR). With regard to the use of specific technologies for user tracking by means of cookies, we rely on the legal basis of the consent of the users of the application pursuant to Section 165 (2) TKG 2021 BGBl. I No. 190/2021 as amended by BGBl. I No. 47/2023 (or for Germany pursuant to Section 25 TTDSG dBGBl. I p. 1982 as amended by BGBl. I p. 3544), whereby Art. 5 (3) of Directive 2002/58/EC was implemented, in conjunction with Art. 4 No. 11 GDPR. With regard to the transfer to third countries, see below in point 3.5.3.
If you consent to the use of third-party analytics services (Google Analytics, Meta) via the cookie banner (see sections 3.3.1 and 3.5.1 above), data may be transferred to servers located in third countries operated by Alphabet, Inc., Google LLC and Meta Platforms, Inc. These servers are primarily located in the United States of America, the United Kingdom and - in the case of Meta - also in Singapore.
With regard to the legal basis for these transfers, reference should be made to the EU Commission's adequacy decision of July 10, 2023, C(2023) 4745 final, OJ EU No. L 231, 20.9.023, p. 118 (169). With this decision, it was determined that the USA guarantees an adequate level of data protection if the conditions described in the Annex to this decision are met by companies based in the USA that have submitted to these conditions by notifying the US Department of Commerce (Federal Trade Commission [FTC]). Google LLC, USA, and Meta Platforms, Inc. have submitted corresponding notifications to the FTC. In this respect, no additional user consent is required for the transfer of the relevant data.
For the United Kingdom, the adequacy decision of the EU Commission of June 28, 2021, C(2021) final, OJ EU No. L 360 of October 11, 2021, p. 1 (67), which came into force on October 11, 2021 and remains valid until June 27, 2025, is decisive. Here too, user consent is therefore not required.
With regard to Singapore, the transfer is based on the consent of the users in accordance with Art. 49 para. 1 lit. a GDPR.
In the case of Google Analytics, the data collected and transmitted by visitors at user level is deleted after 14 months at the latest. A distinction must be made between this and data that can be assigned to and linked to a Google user account. In this regard, please refer to Google's privacy policy, which you can access via the cookie information provided in the cookie banner.
The data collected from visitors at user level and transmitted to Meta for processing for marketing purposes is generally deleted by Meta after 24 months. This does not include data that Meta can assign to and link to a user account with Meta. Again, please refer to Meta's privacy policy, which you can also access via the cookie information provided in the cookie banner.
Responsibility under data protection law is determined by who determines the purposes and means of processing personal data (Art. 4 No. 7 GDPR). Applying these criteria, we and Pronovum Betriebs GmbH are jointly responsible for the processing mentioned in points 3.1 (access data), 3.2 (applicant data) and 3.3 (technically necessary cookies).
From the point at which we export your personal data from this application for further processing in our own specific applicant files, we are solely responsible under data protection law.
Pronovum Betriebs GmbH is solely responsible under data protection law for data processing resulting from the use of Google Fonts (see point 3.4 above).
If you consent to your data being used to fill positions other than those for which you have applied (see points 3.2.2. to 3.2.4.), Pronovum Betriebs GmbH will initially act as the sole data controller under data protection law with regard to the extended storage of this data.
If we commission Pronovum Betriebs GmbH to make initial contact with you by telephone, Pronovum Betriebs GmbH acts for us as a processor within the meaning of Art. 4 No. 8 GDPR. However, the role of data controller for this processing step lies with us.
On the basis of a corresponding agreement between us and Pronovum Betriebs GmbH, the latter assumes the function of a single point of contact with regard to all rights to which you are entitled as a data subject, including the right to information in accordance with Art. 12 et seq. of the GDPR (see point 5).
With regard to the collection and evaluation of user behavior in the context of our application through the use of analysis services (Google Analytics, meta pixels), there is an additional joint responsibility within the meaning of Art. 26 para. 1 GDPR with the aforementioned service providers. This essentially extends to the provision of statistical evaluations of the use of our website.
On the other hand, all further processing by Google LLC and Meta Platforms, Inc. for their own marketing purposes is the sole responsibility of each of them under data protection law. For further information, please refer to the privacy policies of the aforementioned providers, which you can access via the cookie information provided in the cookie banner.
According to the GDPR, as a user you have the right to receive free information on request about which personal data about you is currently stored or processed. If we process data concerning you on the basis of your consent, you have the option to withdraw this consent at any time. A revocation has no effect on the legality of the processing carried out up to this point in time. You also have the right - where applicable in individual cases - to correct incorrect data, restrict processing or delete unlawfully processed data. If applicable, you can also assert your right to data portability.
In the event of a violation of your aforementioned rights, you can lodge a complaint in Austria with the competent data protection authority, Barichgasse 40-42, 1030 Vienna (telephone: +43 1 52 152-0; e-mail: dsb@dsb.gv.at). If you are from another EU or EEA member state, you can also lodge a complaint with the competent supervisory authority of your habitual residence.
For actions brought by natural persons in Austria for compensation for damage culpably caused by a data breach, the court of first instance is the provincial court in whose district the plaintiff has his habitual residence and which is responsible for exercising jurisdiction in civil law matters. However, actions may also be brought before the provincial court in whose district the defendant has its registered office or a branch office (see Section 29 (2) of the Data Protection Act [DSG]).
The local and substantive jurisdiction for claims for damages due to data protection violations by natural persons outside Austria is governed by the law of the country of residence or domicile. Within the European Union, natural persons generally have the option of bringing an action before the court of the place where they have their habitual residence or where the registered office of the data controller or processor is located (see Section 44 (1) of the Federal Data Protection Act [BDSG] for Germany).
In data protection matters and to exercise your rights under point 5.1 (to revocation, information, data portability, restriction, correction or deletion), please contact us at the following e-mail address: datenschutz@pronovum.at
If your requests in accordance with this privacy policy are not complied with within one month, you have the right to lodge a complaint with the data protection authority (see point 5.2).
Parts of this Privacy Policy may be changed or updated by us for technical or legal reasons without prior notice to you. Therefore, please check the current privacy policy at regular intervals to keep up to date with any changes or updates.
Vienna, July 2024