The following companies of the Questax Group are jointly responsible for the processing of personal data in connection with this website:
Joint contact options:
You can reach our data protection officer by post at the above-mentioned address of the controller with the addition “Data Protection”, or by email at questax@anfrage-datenschutz.com.
Personal data is only processed insofar as this is necessary for the provision of this website, our content and services, consent has been given or another statutory permission standard applies (in particular Art. 6 para. 1 GDPR, Sections 25 et seq. TDDDG). Processing is carried out for specific purposes and in compliance with the principles of data minimization and storage limitation.
Data is deleted or anonymized as soon as the purpose of processing ceases to apply and no statutory retention obligations prevent this.
You have the following rights under the GDPR:
To exercise your rights, you can contact the above-mentioned contact details or the data protection officer directly at any time. In addition, you have the right to lodge a complaint with a data protection supervisory authority.
Our website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The service provider processes meta and communication data on our behalf (e.g. IP address, access times, log files) in order to provide the website and protect it against attacks.
For security and performance purposes, we use services from Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA (e.g. DNS, CDN, security functions). Processing is based on our legitimate interest in the secure and efficient provision of our online offering (Art. 6 para. 1 lit. f GDPR).
Insofar as data is transferred to the USA in this context, this is done on the basis of appropriate safeguards (in particular EU standard contractual clauses and – where available – certifications under the EU-US Data Privacy Framework).
When our website is accessed, the web server automatically collects and stores information in server log files, including:
The legal basis is Art. 6 para. 1 lit. f GDPR (legitimate interest in the technical provision, stability and security). Log data is regularly deleted as soon as it is no longer required for achieving the purpose.
Our website uses cookies and similar technologies (e.g. local storage).
We distinguish between:
Details (designation, purpose, duration) can be viewed at any time in our cookie policy as well as in the settings of our cookie banner. You can change or withdraw your consent there at any time with effect for the future.
The specific list may change technically; the current overview can always be found in the cookie policy and in the cookie banner.
To manage consents, we use the consent management tool “Complianz GDPR/CCPA Cookie Consent” from Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, Netherlands.
Complianz displays a cookie banner when you first visit our website, in which you can consent to or reject the use of statistics and marketing cookies. The settings you choose are stored in cookies (e.g. cmplz_policy_id, cmplz_preferences, cmplz_statistics, cmplz_marketing) in order to take your decision into account during future visits.
The legal basis for the use of Complianz is our legal obligation to document and manage consents (Art. 6 para. 1 lit. c GDPR in conjunction with Section 25 TDDDG).
We use the web analytics tool “Matomo” in order to analyze the use of our website anonymously or pseudonymously and to improve our offering. Among other things, the following data is processed: pages accessed, shortened IP address, duration of stay, click paths, browser used, operating system.
Matomo is used exclusively with your consent (Art. 6 para. 1 lit. a GDPR, Section 25 para. 1 TDDDG). Data collection by Matomo only takes place if you have consented to the use of statistics cookies via the cookie banner. You can withdraw your consent at any time via the banner.
Data processing takes place on servers within the EU; no Matomo data is transferred to third countries (if this changes, this declaration will be updated).
To display our website, we use exclusively fonts hosted locally on our server. No external font services are integrated and no connections to third-party providers are established.
On individual form pages, we use “Google reCAPTCHA” to prevent automated access and spam.
The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; the responsible entity may in individual cases also be Google LLC, USA. reCAPTCHA analyzes the behavior of website visitors based on various characteristics (e.g. IP address, mouse movements, dwell time) in order to distinguish whether this is a human being or an automated program.
The use of reCAPTCHA is based on our legitimate interest in securing our forms and systems (Art. 6 para. 1 lit. f GDPR). Insofar as reCAPTCHA is associated with cookies or other technologies that go beyond what is technically necessary, we obtain your consent for this via the cookie banner (Art. 6 para. 1 lit. a GDPR, Section 25 para. 1 TDDDG).
For the design and technical provision of the website, we use
These plugins partly set functional cookies or use external resources (e.g. via content delivery networks such as Cloudflare). Processing is based on our legitimate interest in a stable, secure and appealing website (Art. 6 para. 1 lit. f GDPR).
Insofar as individual components contain tracking or marketing functions, these are only activated after consent; details are visible in the cookie banner.
If you contact us via contact forms, by email or by telephone, we process the data you provide (e.g. name, contact details, content of the inquiry) in order to handle your request.
Legal bases:
Data from inquiries is deleted as soon as it is no longer required for processing, unless statutory retention obligations prevent this.
You can apply for job offers via our website and by email (including unsolicited applications). In doing so, we process your application documents (e.g. contact details, CV, certificates, communication content).
The legal basis is Section 26 BDSG (initiation of an employment relationship) as well as additionally Art. 6 para. 1 lit. b GDPR. If special categories of personal data (e.g. health data) are processed, this is done on the basis of Section 26 para. 3 BDSG or Art. 9 para. 2 GDPR.
If no employment relationship is established, we delete your application data no later than six months after completion of the application process, unless overriding legitimate interests (e.g. preservation of evidence) prevent this.
If you expressly consent, we include your data in an applicant pool in order to consider you for future job offers; the legal basis is then Art. 6 para. 1 lit. a GDPR. The data is deleted no later than after two years, unless renewed consent has been given.
You may also make your documents available to us for the placement of project-specific assignments as a self-employed service provider (freelancer). In this case, we process the data you provide (e.g. contact details, profile / skill information, project and industry preferences, remuneration / hourly rate expectations, communication content) in order to suggest suitable projects and present you to (potential) clients.
The legal basis is Art. 6 para. 1 lit. b GDPR (performance of pre-contractual measures or initiation of a contractual relationship with you) as well as, insofar as we store your data for further project placement and retain it in our candidate or expert pool, Art. 6 para. 1 lit. f GDPR (legitimate interest in efficient project staffing) or – if we ask for your consent – Art. 6 para. 1 lit. a GDPR (consent).
If special categories of personal data are processed in the context of project placement (e.g. information on a possible severe disability), this is done on the basis of your explicit consent pursuant to Art. 9 para. 2 GDPR or – where relevant – according to the provisions of the BDSG.
If no project comes about and there are no further legitimate interests (e.g. for purposes of preserving evidence), we generally delete your data relating to the specific project inquiry no later than six months after completion of the respective placement process. Insofar as we store your data in our expert pool for future projects, this is done on the basis of your consent; in this case, we delete your data no later than after two years, unless renewed consent has been given or you object to further processing.
Our website contains links to external websites and portals, for whose content the respective operators are responsible. This particularly concerns linked portals and partner sites.
The subdomain questax-services.com uses its own technical setup and may use additional cookies and services. Insofar as personal data is processed via this subdomain, the above principles apply accordingly; in addition, the data protection notices published there apply.
Insofar as services from providers based outside the EU / EEA (in particular Google, Cloudflare, security and CDN services) are used, a transfer of personal data to third countries (e.g. USA) may take place.
In these cases, we ensure that the legal requirements of Art. 44 et seq. GDPR are complied with, in particular through:
Specific information can be found in the sections on the respective services (e.g. Google Fonts, Google reCAPTCHA, Cloudflare).
This privacy policy is continuously adapted to technical developments and legal requirements. The current version published on this website shall apply.
Staffing Services
Consulting
