Data Privacy Policy

Users of the ALS Customs Services website

data protection policydata protection policy

Introduction

Your privacy and data security are our top priorities. Explore our website Data Protection Policy to understand how we collect, use, and safeguard your information in compliance with GDPR.

I.  Name and address of the responsible person
The responsible party within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is:

ALS Holding GmbH
Nikolaus-Otto-Straße 2
40721 Hilden
Germany
E-Mail: info@als-cs.com
Website: www.als-cs.com


II. Name and address of the data protection officer

The data protection officer of the data controller is:

Montaser Tawalbeh
Nikolaus-Otto-Straße 2
40721 Hilden
Germany
E-mail: GDPR@als-cs.com
Website: www.als-cs.com


In order to carefully protect your privacy and to ensure comprehensive confidentiality in the handling of your data, we would like to provide you with some notes and information below:

 

Anonymous data collection

In principle, you can use our websites without informing us who you are. We only learn about technical data like the name of your Internet service provider, the website from which you are coming and the websites that you are visiting within our domain. This information is evaluated with the date and time details for internal statistical purposes that are related to advertising and website analysis and it also enables us to design our websites to meet requirements. You remain completely anonymous as the user in this process. We do not draw up any user profiles with pseudonyms. 

Data protection declaration by ALS Holding GmbH

We would like to provide you with the following facts and information about the care that we take to protect your private sphere and our extensive degree of confidentiality when handling your data:

 

Customer data

As soon as you become a customer of ALS Holding GmbH, we store your data in line with the legal stipulations in the German Federal Data Protection Act, the German Commercial Code and the German Revenue Code. We also use your data in this case within the constraints set by German legislation to send you advertising on other products. Of course, you may cancel any such promotional use of your customer data by phone, mail or letter at any time.

 

Using cookies

We use cookies in order to improve the quality of the structure and content of our web material and to enable users to find their way around easily and as smoothly as possible. We use so-called session cookies that are restricted to the period of your visit. They help us to establish which materials were viewed from your PC as you continue to surf and also help increase your security while surfing. If you leave our website or do not click on it for some time, these transient cookies are deleted again.

Cookies cannot cause any damage to your PC. They do not pose any security risks similar to a virus or spyware. You can determine how your computer handles cookies yourself. Please use the “Help” function on your browser to allow, reject, view and delete them.

Cookie Management Platform Usercentrics (used as part of our Workday platform)

We use the cookie management platform Usercentrics on our website to obtain your consent for cookies and services requiring consent and to document these in compliance with data protection regulations. The provider is Usercentrics GmbH (hereinafter “Usercentrics”), Sendlinger Str. 7, 80331 Munich, Germany.

By integrating a JavaScript code, a banner is displayed to users when they access the page, giving them the option of granting or rejecting their consent for individual purposes or individual functions of our website. The tool blocks the setting of all cookies or services requiring consent until the respective user grants the corresponding consent. This ensures that cookies requiring consent are only set on the user's device or services requiring consent are only used if there is a legal basis for doing so.

The following personal data is processed:

  • Opt-in and opt-out data
  • Referrer URL
  • user agent
  • User settings
  • Consent ID
  • Time of consent
  • Type of consent
  • Template version
  • Banner language
  • IP address
  • Geographical location

Usercentrics is used to obtain the legally required consent for the use of cookies or services requiring consent. The legal basis is Art. 6 para. 1 lit. c GDPR.

We have concluded a data processing agreement with Usercentrics. This is an agreement required by data protection law, which ensures that Usercentrics processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR. The collected data is processed in the European Union.

The consent data (consent given and withdrawal of consent) is stored for one year and then deleted immediately. The statutory retention periods remain unaffected by this.

You can find more details about data processing by Usercentrics here: How we protect your privacy | Usercentrics Privacy Policy.

 

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (“Google”). Google Analytics uses so-called “cookies”, text files, which are stored on your computer and enable you to analyse the use of the website. The information generated by the cookie about your use of this website is normally transferred to a Google server in the USA and stored there. If IP anonymization has been activated on this website, your IP address will first, however, be abbreviated by Google within the member states of the European Union or in other countries that are signatories to the Agreement on the European Economic Area. The full IP address will only be transferred to a Google server in the USA in exceptional cases and then abbreviated there. Google will use this information on behalf of the operator of this website to analyse your use of the website in order to compile reports about website activities and provide other services associated with the use of the website and the Internet for the website operator. The IP address communicated by your browser for the purposes of Google Analytics is not combined with any other data held by Google. You can prevent the storage of cookies by adopting the relevant setting on your browser software; however, we would point out that you may not be able to use all the functions on this website if you do so. You can also prevent the collection of the data generated by the cookie and related to your use of the website (including your IP address) being sent to Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

 

Google Ads

Google Ads is an online advertising platform provided by Google that allows ALS to display targeted advertisements to our website visitors. When you visit our website, Google Ads may collect certain information for the purpose of serving relevant ads. This information may include: 

  • IP address
  • Browser type and version
  • Device type
  • Operating system
  • Referring website
  • Pages visited on our website 

The information collected by Google Ads is used to tailor advertisements to your interests and to measure the effectiveness of our advertising campaigns. This data is collected through the use of cookies and similar technologies.

For more information about how Google Ads collects and uses data, please refer to the Google Privacy Policy at:  https://policies.google.com/privacy?hl=en

 

Google Search Console 

Google Search Console is a web service provided by Google that enables us to monitor and optimise the performance of our website in Google search results. Whem you visit our website, Google Search Console may collect certain information for analysis and reporting purposes. 

This information may include:

  • Search queries that lead users to our website
  • Pages on our website that appear in search results
  • Clicks on our website's search results
  • Website performance metrics (e.g., loading speed, crawl errors)

The information collected by Google Search Console helps us improve the visibility and accessibility of our website in search engines. It is collected through the use of cookies and similar technologies. For more information about how Google Search Console collects and uses data, please refer to the Google Privacy Policy at:  https://policies.google.com/privacy?hl=en

 

Google Tag Manager

Our website uses functions of "Google Tag Manager," provided by Google Inc. For the European region, responsibility for all Google services lies with Google Ireland Limited, located at Gordon House, Barrow Street Dublin 4, Ireland. Google Tag Manager is an organizational tool that enables us to centrally integrate and manage website tags via a user interface. We have entered into an agreement for order processing with Google. Google Tag Manager is a supplementary service that processes personal data only for technically necessary purposes. It does not store any data itself but facilitates the loading of other components that may collect data. Google Tag Manager does not access this data directly.

It's important to note that under American laws, including provisions for intelligence agencies, American authorities could potentially access personal data. For more details about Google Tag Manager, please refer to Google's Privacy Policy: Google Privacy Policy.

This data processing is necessary for the legitimate interests pursued by the controller (Art. 6 (1) lit. f GDPR), which includes managing and optimizing website performance.

If you have any concerns or inquiries regarding data processing through Google Tag Manager, please contact Google directly.

 

LinkedIn

Our website utilises features of the LinkedIn network to enhance your experience. The service provider for these features is LinkedIn Ireland Unlimited Company, located at Wilton Plaza, Wilton Place, Dublin 2, Ireland (referred to as "LinkedIn" hereafter). We share joint responsibility for data processing with LinkedIn. Details of this agreement under Art. 26 of the General Data Protection Regulation (GDPR) can be found here: LinkedIn's Joint Controller Addendum. For inquiries regarding LinkedIn's data protection practices, you may contact their Data Protection Officer through this link: LinkedIn Data Protection Officer. Details of our Data Protection Officer can be found in section II of this privacy policy.

When you visit our website, even without a LinkedIn account, personal data is processed and stored on the LinkedIn platform. This may include your IP address, browser type, operating system, previously accessed websites, location, mobile service provider, device information, search terms, and cookie data. LinkedIn may also transfer data to third countries, primarily the USA. This data transfer is secured by standard contractual clauses issued by the EU Commission.

1. LinkedIn Company Profile

We maintain a LinkedIn company profile, accessible to all internet users, whether or not they have a LinkedIn account. If you are logged into LinkedIn, your activity may be associated with your account. Regardless, LinkedIn processes your data. We want to clarify that as the page provider, we do not have access to the content of transmitted data or its usage by LinkedIn. Any data you publicly share or comment on within our LinkedIn profile may be viewed globally by other visitors, registered or not.

On our LinkedIn company profile, you can interact by reacting to posts, commenting, posting on our page, or sending private messages. Any data you provide in these interactions will be processed by us. We process your personal data based on our legitimate interest in responding to your requests (Art. 6 (1) lit. f GDPR) and, if applicable, to fulfill a contract (Art. 6 (1) lit. b GDPR).

We typically receive the following data:

  • User profile information
  • Information provided in messages or comments
  • Details of your interactions with our posts
  • Type and manner of interaction

Data will be deleted when it's no longer necessary for the purpose it was collected for and when no legal retention obligations exist. For personal data from messages, this occurs when the respective conversation ends.

2. LinkedIn Insight Tag

We utilise the LinkedIn Insight Tag, a JavaScript code snippet on our website, to collect data on visits. This includes URL, referrer URL, IP address, device/browser properties, timestamps, and page views. LinkedIn provides us with aggregated page insights, which do not reveal individual identities. We may receive information such as industry, job title, company size, career level, and location of website visitors.

This data processing is conducted jointly by LinkedIn and us as controllers under GDPR. The purpose is to evaluate and analyse actions on our LinkedIn profile for improvement purposes. Processing is based on consent (Art. 6 (1) lit. a GDPR).

Data is encrypted, anonymized within 7 days, and anonymized data is deleted within 90 days.

3. Opt-Out and Data Subject Rights

LinkedIn members can manage their personal data usage for advertising in their account settings. If you're a LinkedIn member and wish to avoid data collection via our website, you can log out of LinkedIn before visiting. Additionally, you can independently deactivate cookies, regardless of LinkedIn membership, here.

In the context of joint responsibility with LinkedIn, you can exercise your data subject rights (Art. 15, 16, 17, 18, 20, 21 GDPR) with both LinkedIn and us. LinkedIn is responsible for fulfilling GDPR obligations related to Insights data, including safeguarding data subject rights. For data protection inquiries, please contact LinkedIn directly.

For further information, refer to LinkedIn's privacy policy: LinkedIn Privacy Policy.

 

Using Facebook plugins

Our Internet site uses social plugins (“Plugins”) related to the facebook.com social network, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). The Plugins are marked by a Facebook logo or the additional phrase, “Facebook social plugin”. If you call up a website on our Internet domain, which contains one of these Plugins, your browser will establish a direct link to the Facebook servers. The content in the Plugin will be sent by Facebook directly to your browser and integrated in the ALS website. By integrating the Plugins, Facebook obtains the information that you have accessed the relevant page on our Internet site. If you are logged on at Facebook, Facebook can assign the visit to your Facebook account. If you interact with the Plugins, for example, by activating the “I like” button or leaving a commentary, the relevant information will be transferred directly to Facebook from your browser and stored there. You can obtain the purpose and scope of the data collection process and the ongoing processing and use of the data by Facebook and your rights and options to make settings to protect your private sphere from Facebook’s data protection guidelines. If you do not wish Facebook to gather any data about you via our Internet site, you must log out of Facebook before visiting our Internet site.

 

Microsoft Bookings - Making Appointments

Our website utilises Microsoft Bookings, herein referred to as "MS Bookings," to facilitate online appointment scheduling. Provided by Microsoft Corporation ("Miscrosoft"), MS Bookings integrates with Outlook and features a web-based booking calendar, allowing customers to conveniently select their preferred appointment times. As a Microsoft 365 app, all data associated with MS Bookings is stored within the Microsoft 365 platform and Exchange.

When booking an appointment through MS Bookings on our website, users can view available slots and provide necessary information to confirm the appointment. Following confirmation, users receive both a confirmation email and a calendar invitation. Each Bookings calendar operates as a mailbox within Exchange Online, facilitating storage and retrieval of files via Exchange. Virtual appointments booked through MS Bookings are conducted using Microsoft Teams ("MS Teams"), with each appointment generating a unique meeting link sent to attendees, enabling participation via web browser, phone dial-in, or the Teams app.

In the process of booking appointments through MS Bookings, we collect certain personal data from users, including the date and time of the appointment, name, email address, phone number, and optional information such as notes, company, and zip code. This data is processed to confirm appointments and facilitate communication.

When using MS Teams, additional data is processed, including name, email address, optional profile picture, preferred language, and meeting metadata such as date, time, meeting ID, and location. Text entries made in the chat function during online meetings are also processed to display them within the appointment. To enable video display and audio playback, data from the microphone and video camera of the user's device are processed during online appointments. Users have the ability to control their camera and microphone settings within MS Teams.

The legal basis for processing user data is their consent under Art. 6 para. 1 lit. a GDPR, with the option to revoke consent at any time. Users are not obligated to use MS Bookings and can choose alternative contact options for appointment scheduling.

Personal data is deleted once it is no longer necessary for the intended purpose, and retention obligations are fulfilled. If there is no interest in collaboration following an online appointment, personal data is deleted thereafter.

User data for appointment scheduling is transferred to Microsoft, primarily hosted in Germany. During processing by Microsoft, data may be transferred to the USA. To safeguard data transfer, standard contractual clauses are employed to ensure GDPR-equivalent security levels.

Further details regarding data handling can be found in the privacy policy.

 

Microsoft Clarity

This website employs the features of the "Microsoft Clarity" service, provided by Microsoft Corporation, located at One Microsoft Way, Redmond, WA 98052-6399, USA (referred to as "Microsoft" hereafter). MS Clarity is a tool designed for analysing user behavior on this site. Specifically, it records mouse movements and generates graphical representations, such as heat maps, highlighting the most frequently scrolled-to areas of the website. Additionally, Clarity has the capability to record sessions, enabling the viewing of page usage through videos. General user behavior information within our website is also obtained. The recorded data is retained for a period of up to 30 days.

Upon accessing our website through a Microsoft advertising advert, Microsoft places a cookie on your computer. The following data is collected and processed as part of MS Clarity usage:

  • IP address
  • Location
  • Browser information
  • Screen resolution
  • Language settings
  • Visited website/subpages
  • Date/time of website access
  • Clicks, scrolls, mouse movements

The utilisation of MS Clarity relies on your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG. You have the option to withdraw your consent at any time by adjusting your preferences in the "Cookie preferences" section.

It is important to note that Microsoft may transfer personal data to the USA. The European Commission approved its adequacy decision for the USA on July 10, 2023. Microsoft Corporation holds certification under the EU-US Privacy Framework, confirming adherence to necessary data protection regulations and practices. Microsoft employs the collected data to enhance its advertising and other services, with the possibility of linking the data to your Microsoft account if applicable. Microsoft may also recognize and store your IP address. Data transfer to the USA as part of MS Clarity processing is secured through standard contractual clauses.

To learn more about how Microsoft handles and utilizes your data, please refer to the Microsoft Privacy Statement.

 

The Rights of the Data Subject

1. Right of access

You can request confirmation from us as to whether personal data concerning you is being processed by us. If such processing has taken place, you can request information from us about the following:

(1) the purposes for which the personal data is being processed;

(2) the categories of personal data that are being processed;

(3) the recipients or the categories of recipients to whom the personal data related to you has been disclosed or is still being disclosed;

(4) the planned time span for storing the personal data related to you or, if specific details on this are not possible, the criteria for determining the time span for storage;

(5) the existence of any right to correct or delete the personal data related to you, a right to restrict the processing of the data by the controller or a right to object to this processing of data;  

(6) the existence of a right to make a complaint to a supervisory authority;

(7) all the information that is available about the origin of the data, if the personal data is not being gathered from the person involved;

You can receive a free copy of your data from us. If you are interested in further copies, we reserve the right to charge you for the additional copies.

2. Right to rectification

You have the right to have the controller correct and/or complete any data, if the personal data that is being processed and concerns you is incorrect or incomplete. The controller must make the correction immediately.

3. Right to restriction of processing

You may demand restrictions on the processing of the personal data related to you in the following situations:

(1) if you dispute the correctness of the personal data related to you for a period that enables the controller to check the correctness of the personal data;

(2) if the processing of the data is illegal and you reject any deletion of your personal data and demand that restrictions are placed on the use of your personal data instead;

(3) if the controller no longer requires the personal data for the purposes of processing it, but you require it to assert, exercise or defend legal claims; or

(4) if you have lodged an objection to the processing according to Article 21 Para. 1 of the GDPR and it is not yet clear whether the legitimate reasons presented by the controller override your reasons.

4. Right to erasure

You may demand from the controller that the personal data related to you is deleted immediately and the controller shall be obliged to delete this data immediately if one of the following reasons applies:

(1) the personal data related to you is no longer required for the purposes for which it was gathered or processed in some other way;

(2) you withdraw your consent, on which the processing of the data was based according to Article 6 Para. 1 a) or Article 9 Para. 2 a) of the GDPR, and there is no other legal basis for processing the data;

(3) you lodge an objection against any processing of the data according to Article 21 Para. 1 of the GDPR and there are no overriding legitimate reasons for the processing of the data or you lodge an objection to the processing of the data according to Article 21 Para. 2 of the GDPR;

(4) the personal data related to you has been processed illegally;

(5) the deletion of the personal data related to you is necessary to fulfil a legal obligation according to the laws of the Union or the law of the member states, to which the controller is subject;  

(6) the personal data related to you was gathered in relation to information society services according to Article 8 Para. 1 of the GDPR.

a) Exceptions

There is no right to have the data deleted if the processing of the data is required:

(1) to exercise the right of free expression and information;

(2) to meet a legal obligation, which requires the processing of the data according to the laws of the Union or the member states, to which the controller is subject, or to perform a task that is of public interest or takes place in connection with exercising any state authority that has been transferred to the controller;

(3) for reasons of public interest in the field of public health according to Article 9 Para. 2 h) and i) as well as Article 9 Para. 3 of the GDPR;

(4) for archiving purposes that are in the public interest, scientific or historical research purposes or for statistical purposes according to Article 89 Para. 1 of the GDPR, if the right cited in paragraph a) will probably make the achievement of the goals of this processing of data impossible or will serious impair it; or

(5) to assert, exercise or defend legal claims.

5. Right to data portability

You have the right to receive the personal data related to you, which you have made available to the controller, in a structured, conventional and machine-readable format. You also have the right to transfer this data to a different controller without any obstruction by the first controller, to which the personal data was made available, if

(1) the processing of the data is based on consent in line with Article 6 Para. 1 a) of the GDPR or Article 9 Para. 2 a) of the GDPR or on a contract according to Article 6 Para. 1 b) of the GDPR and

(2) the processing of the data takes place using automated procedures.

When exercising this right, you also have the right to ensure that the personal data related to you is directly transferred from one controller to a different controller, if this is technically feasible. The freedoms and rights of other persons may not be impaired by this process.

The right to data portability shall not apply to any processing of personal data that is necessary to perform a task that is in the public interest or takes place in connection with exercising any state authority that has been transferred to the controller.

6. The right to object

You have the right to lodge an objection at any time to the processing of the personal data related to you, if this takes place according to Article 6 Para. 1 e) or f) of the GDPR, for reasons arising from your particular situation; this shall also apply to any profiling supported by these stipulations. In this case we will no longer process your data. The latter does not apply if we can prove that there are compelling reasons for processing worthy of protection which outweigh your interests or if we need your data to assert, exercise or defend legal claims.

If the personal data related to you is processed to provide direct marketing, you have the right to lodge an objection to the processing of the personal data related to you for the purpose of this kind of advertising at any time; this shall also apply to profiling, if it is connected to this kind of direct marketing. If you object to the processing of the data for the purposes of direct marketing, the personal data related to you will no longer be processed for these purposes.

7. The right to cancel the declaration of consent under data protection law

You have the right to cancel your declaration of consent provided under data protection law at any time. By cancelling your consent, the legitimacy of the processing of the data that was performed on the basis of your consent until your cancellation shall not be affected.

8. The right to lodge a complaint to a supervisory authority

Regardless of any different administrative law or judicial remedy, you have the right to lodge a complaint with a supervisory authority, particularly in the member state of your place of residence, your place of work or the place of the alleged breach, if you believe that the processing of the personal data related to you breaches the GDPR.

 

Use of SalesViewer® technology



This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator`s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally

The data stored by SalesViewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

 

Youtube (including Google Fonts)

 

We embed YouTube videos on some of our websites. The operator is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA, a subsidiary of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter referred to as "Google").

We use YouTube in extended data protection mode. According to YouTube, this mode means that YouTube does not store any information about website visitors before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.

As soon as you start a YouTube video on our website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube can save various cookies on your end device after starting a video. With the help of these cookies, YouTube can obtain information about visitors to our website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. Cookies remain on your device until you delete them. If necessary, further data processing processes may be triggered after the start of a YouTube video, over which we have no influence.

YouTube uses Google Fonts, which are provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, for the uniform display of fonts. When you call up a page, your browser loads the required Google Fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google's servers. This informs Google that our website has been accessed via your IP address. Google Fonts are used in the interest of a uniform and appealing presentation of YouTube. These processing operations are only carried out after you have given your express consent in accordance with Art. 6 (1) lit. a DSGVO when you activate the YouTube video on our website. You can revoke your consent in the cookie settings at any time.

Further information on Google Fonts can be found at  https://developers.google.com/fonts/faq.

For more information on the handling of user data, please visit  https://www.google.de/intl/de/policies/privacy. Information on how to change your privacy settings at Google can be found at  https://privacy.google.com/take-control.html?categories_activeEl=sign-in.

 

Workday

The ALS Group takes the protection of your personal data very seriously. We would, therefore, like to let you know about the details of our Privacy Policy which we always adhere to during an application process.

What information is recorded?

You can apply for advertised positions or submit a speculative application via our careers page.

The following categories of your personal data may be processed:

  • Contact details: First and last name, title if applicable, address data, date of birth, language, e-mail address and telephone number (including mobile number);
  • Information on motivation questions, desired place of work;
  • Application documents: all data provided as part of the application process, in particular data from the cover letter, CV, certificates submitted or completed applicant questionnaires;
  • Data from job interviews and tests: All personal data that may have been provided during a job interview or as part of a test in the application process.

If you send us your application documents in person or by post, we will first digitize them and then also record them in our applicant management system. We will return the original documents to you immediately.

You can update or correct your documents at any time. To do this, please send us the new documents or change requests by e-mail to: HRGlobal@als-cs.com.

What is the personal data collected used for?

We process the data transmitted by you for the purpose of carrying out the application procedure. The processing of your personal data to carry out the application procedure is based on Art. 6 para. 1 lit. b GDPR in conjunction with § 26 para. 1 sentence 1 BDSG.

Furthermore, we may be subject to legal obligations in accordance with Art. 6 para. 1 lit. a GDPR and process data to protect our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, for example to assert and defend claims and optimize applicant management.

If you have also given us your consent, e.g. for the applicant pool, we process this data based on Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by contacting us as described above.

In the case of an application from a severely disabled person, we are also obliged under Section 164 of the German Social Security Code (SGB) IX to inform the representative body for severely disabled persons immediately after receiving the application. The representative body for severely disabled persons may inspect all necessary documents.

How do we guarantee the security of your data?

Your application documents and the personal data contained therein will be used exclusively for the respective application process and the associated company of the Rhenus Group for decision-making in the application process. All persons who need access to your personal data for the stated purposes and who are directly involved in the application process (HR departments, specialist departments, works councils) have access to your personal data.

The applicant management system is operated by a contractor as part of a contract agreement in accordance with Art. 28 GDPR. We use the tool Workday, a service of Workday Limited, The King's Building, May Lane, Dublin 7, Ireland (“Workday”). Your personal data is stored by this processor on a server in Germany. When your data is transferred to the Rhenus Group, it is automatically encrypted (SSL encryption). The precautions for data security always correspond to the current state of the art.

How long do we store your data?

After completion of the application process, your documents will be archived for 6 months and then automatically and completely deleted. You will receive confirmation of this by e-mail.

What does inclusion in the applicant pool mean?

Inclusion in the Rhenus Group applicant pool is voluntary and is by separate invitation. If you decide to join our applicant pool, your personal data may be viewed by the decision-makers of the Rhenus Group for the purpose of possible job placements. Your data will not be passed on to third parties outside the Rhenus Group.

The retention period in the applicant pool is initially 180 days. After that, you will receive an e-mail from us with an extension option. If you do not confirm this within 14 days, your data will be duly deleted.

If you wish to be removed from the applicant pool prematurely, please send us a brief note by e-mail to: HRGlobal@als-cs.com. We will then delete your data immediately. 

What happens with parallel application procedures in the Rhenus Group?

If you have applied for several positions within the Rhenus Group at the same time, the departments in which you are taking part in the application process will become aware of this.

The same applies if you apply for another position in the Rhenus Group after a rejection within the 6-month retention period for your documents.

Selection for forwarding your data in the application form

When you apply, you can decide whether or not your data may be passed on to other ALS companies.

As a global company, we offer exciting job opportunities in various countries and business areas. With your consent, we will be happy to check whether your profile is also suitable for other job advertisements!

You have the following options to choose from:

  • If you select “national within the business unit”, your application may only be shared with employees in recruiting within the country and business unit in which the advertised position is located or which you selected in your unsolicited application.
  • If you select “national within the Rhenus Group”, your application may only be shared with employees of the Rhenus Group in recruiting within the country in which the advertised position is located or which you have indicated as your preferred country in an unsolicited application.
  • If you select “international within the business unit”, your application may be shared internationally with employees in recruiting within the business unit in which the advertised position is located or which you selected in your unsolicited application.
  • If you select “International within the Rhenus Group”, your application may be shared within the recruiting departments of the entire Rhenus Group.
  • If you select “None of the specified options”, your application will only be considered in the context of the vacancy for which you have applied.

You have the right to withdraw your consent at any time with effect for the future without giving reasons. The data will be deleted upon receipt of the declaration of revocation. The effectiveness of the data processing carried out prior to the withdrawal of consent remains unaffected.

Your rights as a data subject

Right of access by the data subject (Art. 15 DSGVO)

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have a right to information about this personal data and to the information listed in detail in Art. 15 GDPR.

Right to rectification (Art. 16 GDPR)

You have the right to obtain without undue delay the rectification of inaccurate personal data concerning you and, where applicable, to have incomplete personal data completed.

Right to erasure (Art. 17 GDPR)

You have the right to demand that personal data concerning you be deleted immediately if one of the reasons listed in Art. 17 GDPR applies.

Right to restriction of processing (Art. 18 GDPR)

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 GDPR is met, e.g. if you have objected to the processing, for the duration of the examination by the controller.

Right to data portability (Art. 20 GDPR)

In certain cases, which are listed in detail in Art. 20 GDPR, you have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format or to request the transmission of this data to a third party.

Right to object (Art. 21 GDPR)

If data is collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR (data processing to protect legitimate interests) or on the basis of Art. 6 para. 1 sentence 1 lit. e GDPR (data processing to protect the public interest or in the exercise of official authority), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

Right to withdraw consent (Art. 7 GDPR)

If the processing of data is based on your consent, you are entitled to withdraw your consent to the use of your personal data at any time in accordance with Art. 7 para. 3 GDPR. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.

Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority if you believe that the processing of data concerning you violates data protection regulations. The right to lodge a complaint can be exercised in particular with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement.