[Last Updated: August 8, 2023]
1. Introduction
We are dedicated to safeguarding your privacy and personal information. Our Data Protection Policy outlines how we manage data in adherence to stringent regulations like the GDPR. Committed to upholding your data security and adhering to the law, particularly the GDPR, we present this policy to illuminate the utilization of your information on our website and services. Kindly peruse this document carefully. If you have queries regarding your data handling, please reach out to us at [email protected]. Additional privacy notices may be provided when necessary, and these notices complement this Privacy Policy, offering a comprehensive understanding.
1.1. Scope and Handling of Personal Data
This Privacy Policy aims to elucidate the handling of personal data by EDI Jobs and EDI@Work, platforms provided by MIG Media UG, located at Metzer Str. 45, 10405 Berlin, Germany (referred to as „EDI Jobs,“ „EDI @Work“, „we,“ „us,“ „our“ or „platform“). Personal data encompasses information directly or indirectly linked to an individual. The guidelines delineated in this Privacy Policy govern the handling of your personal data while using our Platform.
2. Visit of Our Website
Upon accessing our website, especially our platform, certain information is automatically conveyed to our servers through the platform and your device’s browser. This data is temporarily stored in a log file. The following details are collected without your input and remain in the log file until deletion:
- IP address of the device used
- Device type
- Date and time of access
- Name and URL of the accessed file
- Referrer URL (website from which you arrived)
- Unique identifier of your browser
This data processing is founded on our legitimate interest as stipulated in Article 6(1)(f) of the GDPR. Our interest stems from the purposes outlined below. It’s crucial to note that this collected data doesn’t reveal your identity, nor is that our intent. The IP address and the aforementioned data serve the following purposes:
- Ensuring a seamless platform connection and functionality
- Enhancing user experience of our services
- Evaluating system security and stability
- Performing administrative tasks
In addition, we employ cookies, tracking tools, targeting techniques, and interfaces to other services, such as social media platforms or job boards, as part of our offerings.
3. Conclusion, Implementation, or Termination of User Account Terms for Applicants & Candidates
In essence, we are an innovative job matching and e-learning platform with an AI powered plugin integration and the objectives of providing
- matching job opportunities to users,
- linking job seekers with inclusive employers,
- offering education on Equality, Diversity, and Inclusion (EDI) topics, as well as
- supporting resume creation and communication, specifically aiming to craft gender-neutral text with our AI-driven tool.
When you register on our platform and create a user account, including your basic information and ongoing/completed applications, we utilize your data for the following purposes:
- Facilitating job application through our platform
- Tailoring job offers to your profile, preferences, and needs through job alerts
To achieve this, we organize and enhance your user account with statistical and user-specific data, utilizing your profile and past application data from EDI Jobs. These actions align with the contract under Article 6(1)(b) of the GDPR. If your explicit consent under Article 6(1)(a) or Article 9(2)(a) is required for data handling, we’ll obtain it before gathering your personal data. Remember, you can modify or delete settings and data in your user account and application at any time, though withholding essential data might limit your service utilization.
For a comprehensive overview of data processing purposes and categories, read on if you have an active user account or an ongoing contract with us:
3.1. Data Processing for User Account Creation and Usage
Establishing and managing a user account requires processing the following data:
- Email address (mandatory for account creation)
- Contact details
- First name, last name (mandatory for account creation)
- Resume, if applicable
- Recommendations, if applicable
- Information input/generated while using our services
3.2. Data Processing for Job Applications
When applying for a specific job on our platform, we process and share data with the hiring company:
- Email address
- Contact details
- First name, last name
- Resume, if applicable
- Data input/generated via our services
3.3. Data Processing for Sending Job Offers
We employ your user login data under Article 6(1)(b) of the GDPR to present job opportunities aligned with your interests, minimizing irrelevant offers. To achieve this, we assess your data against vacant job criteria, analyzing factors such as your resume, recommendations, preferences, and usage history. Should a potential match arise, we may contact you via email or our platform, allowing you to apply for the position. You can unsubscribe from notifications at any time, but this might limit access to our services.
4. Conclusion, Execution, or Termination of Service Agreement for Companies & Corporate Customers
Our platform represents a cutting-edge solution for job placement. The aim is to provide you, our valued customers and inclusive employers, including your company, with a platform for posting job ads, including support for gender-neutral language usage, managing application data, and more. To achieve this, both your organization and you need to register with us for the following purposes:
- Posting job ads on our platform, utilizing features like multiposting and/or XML interface
- Managing and receiving applications for vacant positions
- Analyzing registered candidates‘ EDI Jobs profiles and proposing appropriate job ads
- Access to e-learning platform EDI @Work
To fulfill these services, we process personal data provided through the platform.
These actions are firmly rooted in the contract existing between your organization and us, as governed by Article 6(1)(b) of the GDPR. If data processing necessitates consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, explicit consent will be obtained prior to collecting your personal data.
You maintain the capability to modify or delete data and settings within your employee login, company account/profile, and applicant management on our platform at any time. Keep in mind that withholding data essential for the purposes mentioned might limit your ability to fully utilize our services.
4.1. Detailed Breakdown of Processed Data Categories
4.1.1 Data Processing for Company Account Creation and Usage
To access our platform, your company needs to create an account. In this process, we process the following data:
- Email address (mandatory for account creation)
- Contact details for account creation
- First name and last name (mandatory for account creation)
- Information about your company, including its name, address, and contact details
4.1.2. Data Processing for Employee Login Creation
Upon creating a company account, employees can register on our platform, linked to the company account. This allows them to post job ads, manage applications, and interact with candidates. In this context, we process the following data:
- Mandatory email address for employee account creation
- Mandatory first name and last name for employee account creation
- Contact details
4.1.3. Data Processing for Job Advertisement and Company Profile Creation
Generating job advertisements or company profiles requires processing the following data:
- Contact details of the person responsible for the job advertisement in your company
- Contact details of the person receiving applications
- Company information, including name, contact details, number of employees, text, images, graphics, links, logos, etc.
- Other personal data included in the job description, such as job title, department, salary, requirements, etc.
4.1.4. Data Processing for Application Process Management
Processing candidate applications includes the following data:
- Contact details of the candidate and the responsible person in your company
- Documents submitted by candidates through the platform
- Information related to the application process
- Publicly available data about your company
4.1.5. Data Processing for Identifying Suitable Candidates
To match candidates with your company’s needs, we process the following data:
- Your company’s data, including name, address, and contact details
- Company profile data
- Job description details
- Publicly available company data
4.1.6. Data Processing for Invoicing
For chargeable services or products, we process personal data for invoicing based on Article 6(1)(b) and Article 6(1)(c) of the GDPR, including:
- Contact details
- Company information
- Payment information
5. User and Customer Support
For registering on our platform, a double opt-in process is employed. Upon registration, you will receive an email to explicitly confirm your registration. Your account will be activated only after confirmation. Data processed for job offers and user/customer support includes the data you provide, such as name, email address, browser information, IP address, and interactions with emails and our platform.
6. Streak
To effectively manage customer data, we utilize the CRM platform Streak, located at 160 Pine St Ste 250, San Francisco, California, 94111, United States. This platform aids in recording customer information, communicating with customers, documenting interactions, and tailoring offers based on customer preferences.
The following data will be processed via Streak’s servers:
- Name
- E-mail address
- Customer master data
- Data on interactions with emails
This data processing is grounded in Article 6(1)(b) of the GDPR and contributes to the enhancement of our services and customer support. If you have inquiries or concerns, you can directly contact Streak at [email protected].
7. EDI Jobs AI Plugin and Data Processing
Our website incorporates the „EDI Jobs AI“ plugin, leveraging GPT technology to assist users in adopting gender-neutral language. The plugin collects and processes log files and user input data to refine gender-neutral language suggestions and fine-tune the AI model.
7.1. Data Collected and Purpose of Processing:
- Log Files: Technical details like IP addresses, browser information, timestamps, and plugin interactions are gathered for analysis, troubleshooting, and performance improvement.
- User Input Data: Text input from users is collected to enhance the AI model’s language capabilities and personalize suggestions.
This processing is based on our legitimate interests under Article 6(1)(f) of the GDPR, aiming to enhance language suggestions. Data collected is anonymised and proportionate for the intended purposes. Log files and user input data are retained for a reasonable duration, safeguarded against unauthorized access.
Data collected through the plugin is not shared with third parties and is processed internally to ensure data confidentiality.
By using the „EDI Jobs AI“ plugin, you consent to the described data processing activities. If you disagree with these practices, we recommend refraining from using the plugin.
8. Integration of „EDI @Work“ E-Learning Platform and „EDI Jobs“ for Enhanced User Experience
Engaging with „EDI @Work“ grants access to the educational „EDI @Work“ course, fostering understanding of Equality, Diversity, and Inclusion (EDI) principles. Your personalized login credentials offer access to both „EDI @Work“ and „EDI Jobs,“ enhancing the transition from learning to job application.
Synchronization of user data, including:
- First Name
- Last Name
This synchronization is based on Article 6(1)(f) of the GDPR, serving the legitimate interest of providing a seamless user experience. Data rights and privacy are upheld in accordance with applicable data protection regulations.
9. Online Presence and Website Optimization
We prioritize safeguarding your information and ensuring a smooth online experience. Your privacy remains paramount, and we clarify our approach to data sharing, cookies, and analytics.
9.1. Cookies – General Information:
Cookies enhance your browsing experience on our website. These small files, created by your browser, assist in improving user interactions without causing harm to your device. Cookies contain device-specific information and enhance convenience.
- Session cookies remember previous actions and settings for your convenience.
- Temporary cookies enhance user-friendliness and are deleted after leaving our site.
- Statistical analysis and optimization cookies help us tailor our services.
9.2. Google Analytics:
Google Analytics helps enhance our platform’s user experience. Usage profiles generated by pseudonymised cookies aid in evaluating platform usage. Information is sent to Google servers in the USA for analysis.
Google Analytics ensures data protection. IP addresses are anonymized. You can prevent data collection by Google via browser add-ons. If logged into Google while visiting our site, note that Google may use collected data.
For further information, refer to Google Analytics‘ privacy policies.
Your privacy and user experience are our priority, and we’re committed to transparently addressing these aspects.
9.3. Meta | Facebook Pixel
To optimize Facebook campaigns and effectively measure their conversion, we utilize an integration provided by Facebook Ireland Ltd., located at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“). This integration, based on Article 6 (1) (a) GDPR, involves embedding the pixel code within our platform. Our goal is twofold: firstly, we ensure that our Facebook ads target users who exhibit genuine interest, aligning ads with their preferences to enhance user experience. Secondly, the pixel enables us to track user actions after interacting with our Facebook ads, facilitating conversion measurement for statistical, market research, and billing purposes.
The data processed during this integration includes:
- Timestamp
- URL
- Campaign-related information (e.g., impressions, form fields, activated buttons)
Data collected remains anonymous and does not reveal the user’s identity. However, please note that if you log into your Facebook account or visit our website while logged in, Facebook might store and process this data in accordance with its privacy policy. This data may be associated with your Facebook account and used for Facebook’s advertising purposes.
You can control data processing by adjusting your Facebook settings, including opting out of ads served on and off Facebook. Please note that opt-out settings apply to the specific device used. For further details, consult Facebook’s privacy policy and information on protecting your privacy.
10. Stripe Payment Processing Service
When companies opt for our paid job posting services, we transmit necessary data to our payment service provider, Stripe Payments Europe Ltd, located at Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland („Stripe“), for payment processing. This transfer is executed with the consent of the contact person or to fulfill contractual obligations, as per Article 6 (1) (b) GDPR. Information such as name and email address, provided by the individual initiating the payment, is forwarded to Stripe.
By leveraging Stripe’s library, information entered during the order process (e.g., address, account number, bank code, credit card number, invoice details) is directly transmitted to Stripe by your browser, bypassing our processing. Stripe solely uses this data to facilitate secure payment processing via „SSL“ encryption. Stripe’s cookies have a one-year lifespan and are PCI DSS certified. Please be aware that Stripe processes and stores personal data outside the EU. For an in-depth understanding of Stripe’s privacy practices, refer to their privacy policy.
11. Social Login Providers
To simplify the registration process and enhance your user experience, we offer the option to register an account on EDI Jobs and EDI @Work using your existing credentials from various social media platforms. These social login options provide a convenient way to create an account and log in, saving you time and effort. The following social login providers are currently integrated into our platform:
-
Google Single Sign-In (SSO): Simplify registration and login using your Google account credentials through Google Single Sign-In. This feature is facilitated by Google Limited, based at Gordon House, Barrow Street, Dublin 4, Ireland. For more information on data processing, refer to Google’s privacy policy and terms of use.
-
LinkedIn Single Sign-In (SSO): Register and log in seamlessly using your LinkedIn account credentials through LinkedIn Single Sign-In. This integration is provided by LinkedIn, located at LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA. Learn more about data processing from LinkedIn’s privacy policy and terms of use.
-
Facebook Single Sign-In (SSO): Easily create an account using your Facebook account credentials through Facebook Single Sign-In. This integration is facilitated by Facebook Ireland Ltd., situated at 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Check Facebook’s privacy policy and terms of use for details on data processing.
By utilizing these social login options, you can streamline the registration and login processes, making it more convenient to access our services. The data processing associated with these social login providers is carried out in accordance with the relevant provisions of Article 6 (1) (a) or Article 6 (1) (b) GDPR. Whether you have registered accounts with these platforms or not, we prioritize the security and privacy of your data. Please refer to the respective (social media) platforms‘ privacy policies for comprehensive information on data processing, purposes, rights, and privacy settings.
We aim to provide you with a secure and seamless registration and login experience, while ensuring that your privacy and data security remain a top priority.
12. Subsequent Data Utilisation
In cases where the anonymization of data is not feasible, we engage in the processing of your personal information as outlined above to facilitate our business operations. This encompasses activities such as administrative and organizational tasks, evaluation and analysis of our offerings, and enhancement of our services to cater to your needs. Furthermore, we employ your personal data to foster and cultivate our business relationship with you, identify relevant services, execute business development strategies, dispatch publications and communications, and extend invitations to our offers.
The legal foundation for these aforementioned purposes is our legitimate interest in accordance with Article 6 (1) (f) GDPR, contingent upon the condition that your fundamental rights and freedoms are not compromised. You maintain the right to oppose this data processing at any juncture. For such objections, you are encouraged to send us an email at [email protected]. If the processing of data requires your consent as prescribed by Article 6 (1) (a) or Article 9 (2) (a) GDPR, we will explicitly solicit this consent when collecting your personal data. Moreover, we undertake the processing of your personal data if it aligns with legal obligations mandated by Article 6 (1) (c) GDPR.
13. Sharing Your Personal Data
In line with our services and the purposes stipulated in this Privacy Policy, we may disclose your collected personal data to third parties when necessary or appropriate. These parties may include service providers, courts, authorities, and others located within the EU, or other countries. These instances may arise during the provision of our services, when you contact us, or while browsing our website.
Additionally, we have collaborations with third-party service providers who assist us in our operations. Your personal information may be shared with these entities to fulfill the objectives elucidated in this Privacy Policy. Such third parties could include banks, CRM tool providers, payment processing services, and IT providers. They may access your personal data as directed by us or in support of software maintenance.
For detailed insights into the service providers we engage with for user and customer support as well as our online presence and website optimization, please consult the corresponding segments within this privacy policy.
Moreover, the disclosure of your personal data to third parties could occur under the following circumstances:
- Upon obtaining your necessary consent, or in cases where your employing organization has obtained your consent as required.
- When compelled by legal, regulatory, or business obligations.
- In connection with corporate transitions such as company sales, mergers, restructurings, dissolutions, or similar occurrences, including instances of bankruptcy or insolvency.
- In situations linked to legal proceedings or the pursuit or defense of claims.
14. Sharing Your Personal Data with Recipients Outside the EU
There are instances where we may transfer your personal data to recipients situated beyond the European Union („EU“), or the European Economic Area („EEA“). This is especially relevant for processes involving analysis or targeting technologies, which might necessitate data transfer to the servers of service providers. Additionally, affiliated service providers essential for delivering our services—such as hosters, CRM tool providers, analytics service providers, or job posting portals for multi-posting—could also be recipients. It’s important to note that these servers may reside outside the EU or the EEA, notably in the United States.
We take meticulous measures to ensure that our service providers and other recipients of your data adhere to data protection standards equivalent to those set forth in the General Data Protection Regulation (GDPR), and that applicable guidelines are followed. For instance, we exclusively transfer your data to recipients in countries acknowledged by the relevant authorities (the European Commission in the EU) as possessing adequate data protection. In cases where a recipient resides in a country not recognized as having adequate protection—such as the U.S.—we employ additional protective measures in alignment with applicable data protection laws. These measures could involve contractual guarantees from these recipients to ensure compliance with EU standards and the reinforcement of data subject rights. This might encompass utilizing standard contractual clauses of the EU Commission.
15. Data Retention Period
Primarily, we process and store your personal data only for the duration necessary to fulfill the purpose for which it was collected or as legally mandated.
Hence, unless otherwise specified in this Privacy Policy, the following principles apply:
- Personal data processed to fulfill a contract between our platform and yourself will be retained at least until the complete fulfillment of said contract.
- Personal data processed to uphold our platform’s legitimate interests (e.g., in providing our site, user and customer support, enhancing our offerings, etc.) will be held as long as necessary for these objectives.
- Our platform may extend the retention period for personal data if you’ve given consent, as long as the consent remains valid, or if legal obligations (e.g., accounting or tax laws) demand longer storage, or if an authority or legal procedure necessitates it.
- Upon the lapse of the retention period (usually six to ten years following the contract’s termination), your personal data will be deleted, unless our platform holds a legitimate interest in retaining your data.
16. Your Rights Concerning Personal Data
16.1. Overview
You possess various rights related to your data processed by our platform. These rights encompass:
- Obtaining information on processed data: You have the right to learn if our platform processes your data, receive details about specific processing aspects, and obtain a copy of your data.
- Acknowledging cross-border transfers: In cases of data transfers beyond borders, you have the right to access suitable or adequate safeguards and information on how to acquire copies of these safeguards.
- Verification and correction: You can ensure data accuracy and request updates or corrections.
- Restricting processing: You can limit data processing under certain circumstances.
- Requesting data deletion or removal: You can ask for data deletion under specific conditions.
- Obtaining your data for transfer: You can receive your data in a structured, machine-readable format and, if feasible, transfer it to another controller.
- Withdrawing consent: If you’ve consented to specific data processing, you can withdraw this consent at any time.
- Objecting to processing: A general right to object applies to all processing based on our legitimate interest under Art. 6 (1) (f) GDPR. However, this objection can only be compelled if overriding reasons are provided. Additionally, you can appeal to the relevant supervisory authority.
These rights can be exercised via email, contacting us at [email protected]. We might request additional information to verify your identity. Please note that the fulfillment of these rights could be restricted for legal or data protection law reasons. If necessary, we’ll elucidate the rationale behind our decision.
16.2. Right to Object
The general right to object pertains to all processing outlined in this Privacy Policy based on our legitimate interest under Art. 6 (1) (f) GDPR. However, unlike the specific right to object related to promotional processing, we’re obligated under the GDPR to act on a general objection only when compelling reasons are provided (e.g., a potential threat to life or health). We may continue processing your data if we can demonstrate a legitimate interest outweighing your interests, fundamental freedoms, and rights.
Furthermore, you have the option to contact the responsible supervisory authority—the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin—in such matters.
17. Data Protection Measures
We maintain top-tier information security standards for our infrastructure and data processing. Protective measures, such as firewalls and data encryption, are implemented for computers. Physical access controls are in place for buildings and data. Access to customer data is restricted to employees requiring it for their roles.
All personal data, including payment information, transmitted by you is conducted through the secure and widely accepted standard SSL (Secure Socket Layer). This SSL connection can be recognized by the ’s‘ appended to http (i.e., https://…) in your browser’s address bar or by the lock symbol in the lower browser area.
Appropriate technical and organizational security measures are deployed to safeguard your stored personal data against manipulation, loss, unauthorized access by third parties, or complete loss. Our security measures are continuously monitored, updated, and improved in response to technological advancements and changing risks.
18. Privacy Policy Updates
We retain the right to periodically update and revise this Privacy Policy to reflect changes in our personal data processing methods or alterations in legal requirements.
Any future amendments to our privacy policy will be posted on our website.