Privacy policy

In our privacy policy, we describe the measures we take to protect the privacy of our customers.

1 Information on the collection of personal data and purpose of processing

(1) We, Gradient IT GmbH, Lehmannstr. 25A, 15806 Zossen, Germany, Tel.: +49 3377 32794 60, e-mail: contact@gradient-it.com, are responsible for the processing of your personal data as a user of the website, accessible at https://evalhr.com (further also referred to as the "Website"), as our candidates, customers, suppliers as well as any other person with whom we communicate ("you") according to Article 4 No. 7 of the EU-General Data Protection Regulation ("GDPR").

(2) In the following, we would like to inform you in detail about the processing of your personal data (cf. No. 2) as a visitor to our website or as a customer or other person with whom we communicate in the context of our personnel consulting and recruitment services (cf. No. 3). We inform you about your rights with regard to the processing of personal data concerning you in section 6.

(4) We reserve the right to amend these data protection provisions at any time with effect for the future. A current version is available on our website.

2 Processing of your personal data

(1) Personal data means any information relating to an identified or identifiable individual. A data subject is a person about whom personal data is processed. Processing includes any handling of personal data; this includes, in particular obtaining, storing, using, disclosing, and destroying. In particular, we process the personal data that we receive from our customers and business partners in the course of our business relations with them and other persons involved or that we collect from their users in the course of operating our website. In addition, we also obtain certain personal data from publicly accessible sources (e.g. the commercial register, the media, the Internet) or third parties (e.g. address dealers).

(2) Personal data will only be processed by us if and insofar as

· you have given us your consent to the processing of data for one or more specific purposes (Art. 6 para. 1 UAbs. 1 letter a DSGVO);

· the processing is necessary for the performance of a contract to which you are a party or for the performance of pre-contractual measures taken at your request (Art. 6 para. 1 UAbs. 1 letter b DSGVO);

· the data processing is necessary for compliance with a legal obligation to which we are subject (Art. 6 para. 1 UAbs. 1 lit. c DSGVO); or

· the data processing is necessary for the protection of our legitimate interests or those of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of personal data (Art. 6 para. 1 UAbs. 1 lit. f DSGVO). (3) In the following provisions of this data protection declaration, we will explain which of the legal bases listed in paragraph 2 we use to process your personal data in individual cases.

(4) When you contact us by e-mail or via a contact form on our website, the data you provide (your e-mail address, name, and telephone number) will be stored by us to answer your questions. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are statutory retention obligations.

(5) If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the defined criteria for the storage period.

(6) There is no contractual or legal obligation for you to provide personal data. However, without processing your personal data, we are generally not in a position to perform our service to you or your employer/client.

(7) Automated individual case decisions or profiling measures do not take place.

(8) Declaration of consent: by clicking the "Accept" button in the data protection options, I declare my consent to the processing of my IP address and other data. I have read the current data protection declaration and accept it. I can revoke this consent at any time with effect for the future by changing my cookie settings.

3 Collection of personal data when visiting our website

(1) When using the website for information purposes only, i.e. if you do not send us information via the Contact Form, we only collect the personal data that your browser transmits to our server. The data we collect is technically necessary for us to display our website to you and to ensure stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f DS-GVO):

· IPaddress

· Date and time of the request

· Time zone difference to Greenwich Mean Time (GMT)

· Content of the request (specific page)

· Access status/HTTP status code

· Amount of data transferred in each case

· Website from which the request came

· Browser

· Operating system and its interface

· Language and version of the browser software.

(2) In addition to the above data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case us) with certain information. Cookies cannot execute programs or transfer viruses to your computer. They serve to make the internet offer as a whole more user-friendly and effective.

(3) Use of cookies

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

· Transient cookies (see b).

· Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. This store is a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognized when you return to our website. The session cookies are deleted when you log out or close the browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

d) Our website uses different types of cookies. Some cookies are placed by third parties that appear on our website. These cookies are classified as (point e) "Necessary", "Statistics" (point f) and "Marketing" (g).

e) Necessary cookies help us to make our website usable by enabling basic functions such as page navigation and access to secure areas of our website. Our website cannot function properly without these cookies.

f) Statistics cookies help us understand how visitors interact with websites by collecting and reporting information anonymously. For example, by using statistical tools such as Google Analytics (see Art. 4 below), we can analyze hits to our website and measure the number of page views you have.

g) Marketing cookies are used to follow visitors on websites. The intention is to show ads that are relevant and engaging to the individual user and therefore more valuable to publishers and advertising third parties.

When using statistical and marketing cookies, we may share information about your use of our website with our social media, advertising, and analytics partners. Our partners may combine this information with other data that you have provided to them or collected as part of your use of the Services.

We only use statistical and marketing cookies if you have given us your consent to using our cookie banner. You can give us your consent by confirming the green "Accept cookies" button. You can configure the setting of statistics and marketing cookies yourself via the settings in the cookie banner of our website. You can revoke your consent to statistical and marketing cookies at any time with effect for the future by changing your browser settings.

h) If personal data is processed by individual cookies, the processing is carried out following Article 6 (1) subparagraph 1, point (b) of the GDPR either for the performance of the contract or per Article 6 (1) subparagraph 1, point (f) of the GDPR to protect our legitimate interests in the best possible functionality of our website as well as a customer-friendly and effective design of the page visit. In the case of statistics and marketing cookies, processing is based on your consent according to Art. 6 (1) subparagraph 1, point (a) of the GDPR.

i ) You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that you may not be able to use all functions of our website afterwards.

(4) Google Analytics

a) Our website uses Google Analytics, a web analytics service provided by Google, Inc. (further referred to as "Google"). Google uses "cookies", which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about the use of this website is usually transmitted to a Google server in the USA and stored there.

b) If IP anonymization is activated on this website, however, Google will truncate the user's IP address beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area.

Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. IP anonymization is active on this website. On behalf of the operator of this website, Google will use this information to evaluate the use of the website by users, compile reports on website activity, and provide other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

c) Users can prevent the storage of cookies by setting their browser software accordingly. However, the provider points out to the users that in this case they may not be able to use all functions of this website to their full extent. Users may also prevent the collection of data generated by the cookie and relating to their use of the website (including their IP address) by Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .

d) For further information, please read here:

https://www.google.com/analytics

Google Ireland Limited,

Gordon House, Barrow Street, Dublin 4, Ireland, VAT Identification Number: IE6388047V

(5) Social media plug-ins

Our website sometimes uses so-called plug-ins from social networks such as Facebook, Instagram, Linkedin, Twitter, Xing, and YouTube. The plug-ins are marked with the provider's logo. We have configured these plug-ins so that they are deactivated by default. If you activate them (by clicking on them), the operator of the respective social network can recognize that you are on our website and use this information for their own purposes. The operator is then responsible for processing your personal data in accordance with its data protection regulations. We do not receive any personal information from him.

(6) GoogleAdwords

Our website uses Google conversion tracking. If you access https://gradient-it.com/ via an ad placed by Google, Google Adwords will set a cookie on your computer. These cookies lose their validity after a predefined period of time and are not used for personal identification. If you visit certain pages of our website again and the cookie has not yet expired, we and Google can recognize that you have clicked on an ad and were redirected by it. Cookies vary by client, each receiving their own. The conversion cookie tells us the total number of users who clicked on an ad and were redirected to a relevant page. However, we do not receive any personal information so that you could be identified as a user. If you do not wish to be tracked, you can set a Do Not Track cookie or set your browser to block cookies from the domain "googleleadservices.com".

(7) Facebook Remarketing

a) Remarketing tags of the social network Facebook, 1601 South California Avenue, Palo Alto, CA 94304, USA are integrated on our website. When you visit our pages, the remarketing tags establish a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our site with your IP address. This enables Facebook to assign the visit to our pages to your user account. We can use the information obtained in this way to display Facebook Ads. We would like to point out that we, as the provider of the pages, don`t know about the contents of the transmitted data or its use by Facebook.

b) Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy/ . If you do not wish any data to be collected via Custom Audience, you can deactivate Custom Audiences here.

(8) Google Maps

a) On our website, we use the Google Maps service of the provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland; "Google"). This enables us to show you interactive maps directly on the website and allows you to use the map function conveniently.

b) By visiting our website, Google receives the information that you have accessed the corresponding sub-page of our website. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish to have your data associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, and you must contact Google to exercise this right.

c) The legal basis for the use of Google Maps is your consent according to Art. 6 para. 1 UAbs. 1 letter a DSGVO. The processing of your personal data to provide the map content is carried out in joint cooperation between us and Google. For this purpose, we have concluded a joint responsibility agreement with Google according to Art. 26 DSGVO, which you can view at the following link: https://cloud.google.com/maps-platform/terms/maps-controller-terms/ .

d) For further information on the purpose and scope of data collection and its processing by Google, please refer to Google's privacy policy. There you will also receive further information on your rights in this regard and setting options for protecting your privacy:

http://www.google.de/intl/de/policies/privacy .

e) In the context of the use of Google Maps, it cannot be ruled out that personal data may be transmitted to the servers of Google LLC in the USA. For these cases, Google LLC has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework .

(9) Google Remarketing

Our website contains remarketing tags from Google Inc. ("Google") are integrated on our website. With a remarketing tag, a direct connection is established between your browser and Google when you visit our website. We receive the information that your IP address has visited our website via Google. This information can be used by us for specific advertising.

(10) Mail Sending

When you register with EvalHR, you provide your e-mail address and name. Furthermore, when you register, your IP address and the date of registration are also stored, the latter only for evidentiary purposes in the event of improper registration. We need this data to send e-mails for the efficient use of the EvalHR tool. The sending of advertising e-mails is excluded. Oure-mail sender is used to send e-mails for using the tool. The e-mail sender is a software developed by the Gradient IT GmbH team of developers. The data stored during registration is encrypted and, encrypted, transmitted to gradient-it.com and stored by gradient-it.com. After registration, EvalHR will send you an e-mail to confirm your registration. Furthermore, EvalHR offers various analytics on how the emails sent to use the tool are opened, e.g. to how many users an email was sent, whether emails were rejected and whether users unsubscribed from the tool after receiving an email. However, these analyses are only group-related and are not used by us for individual evaluation.

(11) HubSpot

Purpose of processing: email marketing, esp. newsletter, evaluation of click and usage behavior for the optimization and needs-based design of our website and advertising purposes.

Legal basis: Art. 6 para. 1 letter a DS-GVO.

Categories of data collected:

Master data, contact data, content data, connection data.

Recipients of the data: HubSpot European Office, Ground Floor, Two Dockland Central Guild Street, Dublin 1, Ireland / HubSpot Inc, 25 First Street, 2nd Floor, Cambridge, MA 02141, USA.

Intended third country transfer: On a case-by-case basis - the USA (in accordance with EU standard contractual clauses).

(12) User account in EvalHR

Purpose of processing: Use of a customer account in the EvalHR tool (also a prerequisite for ordering video evaluation and functional skill assessment for payment processing), ensuring the security of our information technology systems.

Legal basis: Art. 6 para. 1 letters a, b, f DS-GVO.

Categories of data collected:

Master data, contact data, usage data, connection data, contract data, payment data.

Recipients of the data: None

Intended third country transfer: None

(13) Request for promotional materials or offers.

Purpose of processing: sending you the promotional materials you have requested and preparing and sending you the offers you have requested.

Legal basis: Art. 6(1)(f) DS-GVO; Art. 6(1)(b) DS-GVO (if your request concerns a conclusion of a contract or an existing contract).

Categories of data collected:

Master data, contact data, connection data, contract data if applicable.

Recipients of the data: In the individual cases - postal service provider.

Intended third country transfer: None

4 Use of collected data

We only use the data collected as part of our services to send and process relevant job offers or recruitment consultancy processes for our clients. We also use this data to provide you with tailored content - for example, to provide you with more relevant search results.

a) We may use your choice of name for your profile for any services we offer that require an account. In addition, we may replace names that have been associated with your account in the past so that you are managed consistently across all our services.

b) Before we use the information for purposes other than those listed in this privacy policy, we will notify you and ask for your consent.

c) Gradient IT GmbH processes personal data exclusively on servers located in Germany.

5 Data security

We take appropriate and suitable organizational and technical measures to ensure data security and data protection. Despite appropriate and suitable organisational and technical measures, the processing of personal data on the Internet can always have security gaps. We can therefore not guarantee absolute data security.

6 Your rights

(1) With regard to the processing of personal data relating to you, you are entitled to the rights listed below under letters a - h in accordance with the legal requirements. For this purpose, please contact us or, if applicable, our data protection officer. You will find the contact details under # 1.

a) Right to information

According to Art. 15 of the GDPR, you may request confirmation from us as to whether personal data concerning you is being processed by us. In this case, pursuant to Art. 15 (1) of the GDPR, you have the right to information about the processing purposes, the categories of personal data processed, the recipients or categories of recipients to whom we have disclosed or will disclose the personal data, the planned storage period or the criteria for determining the storage period, the criteria for determining the storage period, the existence of a right to rectification or erasure of your personal data as well as to restriction of processing or objection to processing, the existence of a right to complain with a supervisory authority, the origin of the data if we have not collected your data from you, the existence of automated decision-making, including profiling, as well as, pursuant to Art. 15 (2) of the GDPR, the right to be informed of the appropriate safeguards pursuant to Art. 46 of the GDPR in the context of the transfer of personal data to third countries.

b) Right to rectification

Pursuant to Art. 16 of the GDPR, you may request us to correct and/or complete your personal data without delay, taking into account the purposes of the processing, if your data is incorrect or incomplete.

c) Right to deletion

Pursuant to Art. 17 of the GDPR, you may request us to delete your personal data without delay, provided that there is a reason pursuant to Art. 17 (1) points a-f of the GDPR. However, the right to the erasure of your personal data does not exist, in particular, insofar as its processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or the assertion, exercise or defense of legal claims Art. 17 (3) of the GDPR.

d) Right to restriction of processing

You may request us to restrict the processing of your personal data pursuant to Art. 18 of the GDPR for as long as we verify the accuracy of your data that you dispute if you object to the erasure of your data due to unlawful processing and instead request the restriction of the use of your data, if you need your data to assert, exercise or defend legal claims, or if you have objected to the processing as long as it has not yet been determined whether our legitimate grounds prevail.

e) Right to information

Pursuant to Article 19 of the GDPR, we shall inform all recipients to whom your personal data have been disclosed of any rectification or erasure of your personal data or any restriction of their processing pursuant to Articles 16, 17 (1) and 18 of the GDPR unless this proves impossible or involves a disproportionate effort. Pursuant to Art. 19 p. 2 of the GDPR, you have the right to be informed about these recipients upon request.

f) Right to data portability

Pursuant to Art. 20 of the GDPR, you have the right to receive your personal data that you have provided to us in a structured, common and machine-readable format and to transfer this data to another controller, provided that the further requirements of Art. 20 of the GDPR are met, in particular, that this is technically feasible.

g) Right to object

Insofar as we base the processing of your personal data on the legitimate interests pursuant to Art. 6 (1) subparagraph 1, point f of the GDPR, you may object to the processing pursuant to Art. 21 of the GDPR. This is the case if the processing is not necessary , in particular, for the performance of a contract with you, which is described by us in each case in the above description of the offers. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the merits of the case and, in accordance with Art. 21 (1) sentence 2 of the GDPR, either no longer process the personal data or demonstrate to you our compelling legitimate grounds for the processing which override your interests, rights and freedoms. Further processing is also reserved if the processing serves the assertion, exercise or defense of legal claims.

Of course, you can object at any time to the processing of your personal data for advertising and profiling, insofar as it is related to direct advertising, in accordance with Art. 21 (2) of the GDPR.

You can inform us or our data protection officer of your objection using the contact details given in # 1.

h) Right to revoke consent

Pursuant to Art. 7 (3) of the GDPR, you have the right to revoke any data protection consent you may have given us at any time with effect for the future. However, this does not affect the lawfulness of the processing which took place on the basis of your consent up to the time of the revocation.

8 Handling of personal data for Functional Skill Assessment and Video Evaluation

We take care of the protection of personal data by always making sure that only authorized persons of GradientIT have access to the profiles of your candidates.

8.1 Collection and use of personal data in Functional Skill Assessment

We collect and process data on your behalf from the categories listed below. The categories of data collected about the candidate depend on your specifications as the client. The data collected about the candidate does not have to come from all of the categories listed below.

Information that you as the client provide to us about the candidate and the advertised vacancy when you have ordered a Functional Skill Assessment includes:

· "Candidate Data": Names and the E-Mail address; CV information (including details of current and previous employment, education, knowledge and skills, language skills and hobbies);

· "Requirements data": Requirements related to the job for which the candidate to be validated has applied, providing detailed information on job-related skills and expertise;

· "Assessment data: the candidate's answers to our expert's job-related questions.

From the requirements data and the assessment data, we generate the "results data" containing the results of the Functional Skill Assessment.

We use requirements data, video interview data and results data on your behalf as the client,

· to produce an FA report which is forwarded to the client's authorised representatives;

· to provide and administer our services.

Outcomes data will be emailed to you as the client.

At no time will this results data be shared with any third party or with the candidate concerned.

You have a legal right to have all personal data deleted within the statutory period.

If the expert has processed the results data on his local PC and created the FA report, he is obliged to delete the provided data and the FA report from his local PC within 7 days.

If the expert has processed the results data on the server and created the FA report, the agreed period of 12 months applies as the obligation to delete the data.

8.2 Collection and use of personal data at Video Validation

We collect and process data from the categories listed below on your behalf as the client. Information that you as the client provide to us about the candidate and the advertised vacancy when you have ordered a Video Evaluation includes:

· "Requirements Data": Requirements about the job for which the candidate being validated has applied, providing detailed information about job-related skills and expertise;

· "Video interview data": the recorded video interview with the candidate's answers to the job-related questions.

From the requirements data and the video interview data we generate the "results data", which contains the results of the video evaluation.

We use requirements data, video interview data and results data on your behalf as the client,

· to generate a VE Report which is forwarded to the Principal's Authorised Representatives;

· to provide and manage our services.

Outcomes data is uploaded to EvalHR and emailed to you.

At no time will this results data be shared with any third party or with the candidate concerned.

You have a legal right to have all personal data deleted within the legal time limit.

8.3 Storage

We store the above data on your behalf and in accordance with your instructions as the client exclusively on servers located in Germany. We do not store any data locally on PCs.

The duration of data storage is 12 months.

However , the data will not be deleted if it is relevant for an investigation or dispute resolution. They are kept until these cases have been fully resolved.

In all other respects, the data protection guidelines of GradientIT GmbH (https://gradient-it.com/en/privacypolicy) apply.

8.2 Disclosure of data

We will only share your personal data that we process on behalf of the employer with the employer and in accordance with the employer's instructions. The Employer as a data controller or Gradient IT as a data processor will grant access to your data to the following external companies in the following circumstances:

If the Employer as a data controller or Gradient IT as a data processor is reorganized or sold, personal data will be transferred to a purchaser who may continue to provide the services to you.

If required by law or regulatory requirements or practices we engage in, or we are required to do so by a public or regulatory authority, such as the police, we will transfer personal data.

If we are defending ourselves against legal claims, your personal data will be transferred as necessary to defend against those claims.

9 Conclusion

If you have any further questions or suggestions on the subject of data protection in connection with our services, please do not hesitate to contact us using the above contact details (see # 1).

Stand 06. 09. 2021