by KORG Germany GmbH i.G., Ritterstraße 3, 10969 Berlin, Germany.
This information on data protection for applicant data describes how we handle your personal data within the framework of the application procedure. The protection of your data is very important to us, which is why we explain below how, for what purpose and for how long we collect, use and process personal data.
The legal basis for data processing is Art. 6 Para. 1 a) and Art. 7 GDPR (consent), Art. 6 Para. 1 b) GDPR (fulfilment of services and contractual obligations), Art. 6 Para. 1 c) GDPR (fulfilment of legal obligations) and Art. 6 Para. 1 f) GDPR (legitimate interests).
The person responsible for processing personal data within the meaning of Art. 4 Nr. 7:
KORG Germany GmbH
Tatsuya Takahashi and Maximilian Rest
1. What data is collected?
We collect and record your name, date of birth, contact information, nationality, qualifications, skills, experience and particulars from your application and career.
In addition, you can of course provide us with voluntary information, which we may, however, only consider after your consent.
In this respect we point out, that we would like to evaluate all applicants only according to their qualifications and therefore ask you that sensitive data which falls under “special categories of personal data” pursuant to Art. 9 Para. 1 GDPR be omitted from the application as far as possible.
The “special categories of personal data” according to Art. 9 Para. 1 GDPR include racial and ethnic origin, political opinions, religious or ideological beliefs, trade union membership, genetic data, biometric data for the unambiguous identification of a natural person, health data and data on sexual life or sexual orientation.
2. How is the data used?
The collection of your data is carried out in particular to assess your suitability for the position to which the application relates. In addition, we use your data to stay in contact with you and to correspond with you.
3. How long is the data stored?
The personal data collected by us during the application process will be stored for the duration of the application process and deleted at the latest six months after receipt of a rejection, unless we are obliged to store them for a longer period of time (Art. 6 Para. 1 S. 1 lit. c) GDPR) due to tax and commercial law storage and documentation obligations (from HGB, StGB or AO) or unless you have expressly consented to storage going beyond this (Art. 6 Para. 1 S. 1 lit. a) GDPR).
4. Will the data be passed on to third parties?
In principle, the data you provide will not be made available to third parties outside the KORG Group.
Within the KORG Group, data will only be forwarded to those responsible for personnel matters for the purpose of evaluating your application and deciding whether to cooperate with you. Since our 100% parent company of KORG INC. is based in 4015-2, Yanokuchi, Inagi-shi, Tokyo, 206-0812, Japan, your data might be transferred to the responsible person in Japan.
Japan is a third country, i.e. a country in which GDPR has no direct legal effect. However, the European Commission’s adequacy decision of January 23rd 2019 ensures that the level of data protection in Japan corresponds to the European data protection level (Art. 45 Para. 3 GDPR).
If, exceptionally, it should be necessary to pass on your personal data to external companies entrusted by us with the provision of individual services in order to carry out the application procedure, this will be done on the basis of a so-called “data processing agreement” within the meaning of Art. 28 GDPR. The third parties are obliged for their part to comply with the legal regulations when handling and processing this data. If the registered office of a third party is located in a third country, the transfer of data will only take place if you have given your consent, if an appropriate level of data protection prevails or if other legal permission exists. U.S. providers may operate under the Privacy Shield Agreement, which means that the requirements of the Privacy Shield Agreement are similar to those of the European Union and that data will be treated accordingly.
Transmission to authorities and government institutions entitled to receive information is also possible, but only within the scope of the statutory disclosure obligations and in the event of a binding court decision. In such cases, November Boutique may provide the information, e.g. to enforce, exercise and defend legal rights, enforce existing contracts, allege fraud, take security measures or generally enforce applicable laws, and if we disclose, transfer or otherwise provide access to data to third parties in the course of our processing, we may do so only on the basis of legal permission, your consent, a legal obligation or our legitimate interests.
5. How is your data protected?
We take technical and organisational measures to ensure that the security and protection requirements of the GDPR are met and that personal data is protected against loss, destruction, manipulation or access by unauthorised persons. The measures are always adapted to the current state of the art.
6. What rights do you have?
You have the right:
- in accordance with Art. 7 Para. 3 GDPR to withdraw your consent once given to us at any time. As a result, we may no longer continue the data processing based on this consent in the future;
- to obtain information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may obtain information on the processing purposes, the categories of personal data, recipients or the categories of recipients to whom your data has been or will be disclosed, the envisaged storage period, the existence of a right of rectification, deletion, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data, unless it has been collected from us, as well as the existence of an automated decision-making process including profiling and, where applicable, meaningful information on its details;
- in accordance with Art. 16 GDPR, to immediately obtain rectification of inaccurate and completion of incomplete personal data stored by us;
- to obtain the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless processing is necessary for the exercise of the right to freedom of expression and information, for the compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims;
- to obtain the restriction of the processing of your personal data pursuant to Art. 18 GDPR if the accuracy of the data is contested by you, the processing is unlawful but you oppose the erasure an request the restriction of use instead, if we no longer need the data for the purpose of processing, but it is required to assert, exercise or defend legal claims or you have objected to the processing pursuant to Art. 21 Para. 1 GDPR;
- in accordance with Art. 20 GDPR to receive your personal data, which you have provided to us, in a structured, commonly and machine-readable format or to request the transfer to another responsible person;
- to object to the processing of your personal data in accordance with Art. 21 GDPR if your personal data is processed on the basis of legitimate interests, insofar as there are reasons for this which result from your particular situation. If you wish to exercise your right of objection, simply send an e-mail to firstname.lastname@example.org;
- in accordance with Art. 22 GDPR, not to be subject to a decision based exclusively on automated processing – including profiling – which has legal or similarly significant affect on you and
- to complain to a supervisory authority pursuant to Art. 77 GDPR, which is:
Berliner Beauftragte für Datenschutz und Informationsfreiheit
Telefon: 030/13 889-0