Privacy policy

We, the website owner, are taking the protection of your personal data very seriously. We will keep your personal data confidential and adhere to the legal data protection regulations.

In general, you can use our website without giving personal data. In case a data subject wants to make use of special services provided by our company through our website, processing of personal data might be required. As far as personal data will be collected on our websites, this will be optional where possible. This data will be used for the purpose specified and will not be passed on to third parties without your explicit consent. Personal data, for instance name, address, e-mail address or phone number, is processed according to the requirements of the EU’s General Data Protection Regulation (EU GDPR), the Federal Data Protection Act (new) (BDSG new), the applicable data protection rules of the federal states and the German Telemediengesetz (TMG) (telecommunication media act).

We inform you that data transfer via the Internet (as in e-mail communication) can have safety flaws. It is impossible to protect data completely from third parties. You can always convey personal date to us using alternative means, for instance over the telephone.

1. Name and address of the controller

Controller in accordance with the General Data Protection Regulation:

Wohlfahrtswerk für Baden-Württemberg
Schloßstraße 80, 70176 Stuttgart
Phone: +49 711 61926-0 Fax: + 49 711 61926-199
E-mail: info@wohlfahrtswerk.de

Wohlfahrtswerk für Baden-Württemberg is a foundation under German Civil Law and a member of Deutscher Paritätischer Wohlfahrtsverband

Board:
Ingrid Hastedt (chair)
Manuel Arnold

2. Name and address of the data protection officer and supervisory authority

Data protection officer
Alpaslan Kücükelci
Phone: +49 711 61926-108, E-mail: datenschutz@wohlfahrtswerk.de

If you have any questions or suggestions concerning data protection do not hesitate to contact our data protection officer at any time.

Supervisory authority
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Postfach 10 29 32
70025 Stuttgart
Phone: +44 711 615541-0, E-mail: poststelle@lfdi.bwl.de

Every data subject has the right to lodge a complaint with the supervisory authority.

3. Legal basis for processing of personal data

3.1 Insofar as we obtain the consent of the data subject for the processing of personal data, art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

3.2 When processing personal data required for the performance of a contract to which the data subject is party, art. 6 para. 1 lit. b General Data Protection Regulation serves as the legal basis. This also applies to any processing required for pre-contractual provisions. 

3.3 If processing of personal data is required for compliance with a legal obligation our company is subject to, art. 6 para. 1 lit. c General Data Protection Regulation serves as the legal basis.

3.4 In case vital interests of the data subject or another natural person make the processing of personal data necessary, art. 6 para. 1 lit. d General Data Protection Regulation serves as the legal basis.

3.5. If processing of personal data is necessary for the performance of a task that is in the public interest or in the exercise of official authority vested in the controller, art. 6 para. 1 lit. e General Data Protection Regulation serves as the legal basis.

3.6. If processing of personal data is necessary for the purposes of the legitimate interests pursued by our company or by a third party and these interests are not overridden by the interests or fundamental rights and freedoms of the data subject, art. 6 para. 1 lit. e General Data Protection Regulation serves as the legal basis.

3.7. As part of our services we can furthermore process special data categories in accordance with art. 9 para. 1 GDPR, in particular personal data concerning health. In this case, we will obtain explicit consent of the data subject in accordance with art. 6 para. 1 lit. a., art. 7, art. 9 para. 2 lit. a. GDPR and will apart from that process the specific data categories for the purposes of preventive medicine based in art. 9 para. 2 lit h GDPR and § 22 para. 1 no. 1 b Federal Data Protection Act.

3.8. In our capacity as a care facility we process personal data for exercising a contract governing medical treatment in accordance with art. 6 para. 1 lit. b in conjunction with art. 9 para. 2 lit. h GDPR. If processing personal data is necessary to fulfil a legal obligation, the legal basis is art. 6 para. 1 lit. c in conjunction with art. 9 para. 2 lit. h GDPR in conjunction with special legal provisions. E.g. certain personal data can be transferred to third parties, in particular social security institutions, in accordance with §§ 294 ff. of Book V of the German Social Code as well as the obligation of documenting nursing care as per § 113 of Book 11 of the German Social Code or the special provisions of Baden-Württemberg’s residence, participation and care act as well as the housing and care contract act applicable at the federal level. If, in the case of an emergency, processing personal data is necessary to protect the vital interest of the data subject, art. 6 para. 1 lit. d in conjunction with art. 9 para 2 lit. c GDPR serves as the legal basis. All further processing of personal data, that is not based on any of the aforementioned legal foundations, is done via consent in accordance with art. 6 lit. a GDPR.

4. Deleting and blocking data

We process and store your personal data for as long as necessary to accomplish the set purpose or for as long as it is stipulated by the General Data Protection Regulation or another legislative body in laws or regulations that the controller is subject to.

If the purpose ceases to exist or a storage period stipulated by the European regulatory body or another competent legislative authority expires, the personal data are routinely and in accordance with the legal requirements blocked or deleted. 

5. Cookies

The Wohlfahrtswerk’s websites use cookies. Cookies are text files that a website files and stores on a computer system via an internet browser. Websites and servers use cookies. Cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It contains a string of characters used to correlate websites and servers to the specific web browser where the cookie was stored. This enables the websites you visit to distinguish your individual browser from other browsers containing different cookies. A specific web browser can be recognized and identified using the unique cookie ID.

Using cookies, we can offer the users of this website user-friendly services which would not be possible without using cookies.

Using a cookie, the information and offers on our website can be optimised on the users’ behalf. Cookies allow us to recognize users of our website, as mentioned above. The purpose of this is to facilitate the use of our website. For instance, users of a website that uses cookies do not need to enter their access data every time they visit the site, because this can be taken from the website and the cookie stored on the user’s computer system.

The data subject can prevent cookies from being stored through our websites any time by changing the settings of the web browser they use and thereby can permanently refuse cookies. Cookies that have already been stored may be cancelled at any time using a web browser or another software. This is possible in all established web browsers. If the data subject deactivates cookies in the web browser they use this can lead to some of the features on our website not working to their full extent.

6. Collecting general data, log files and information

Every time a data subject or an automated system accesses a website, a series of general data and information is collected. This data and information is saved in the log files of the server.
The data collected may include

  • browser type and version used,
  • the operating system used by the system accessing the website,
  • the website from which the system accessed our website (so-called referrers),
  • which sub-websites are being accessed on our website,
  • data and time of access,
  • an Internet protocol address (IP address),
  • the Internet service provider of the system accessing the website,
  • as well as other similar data and information that can help with defending against attacks on our IT systems.

When using this general data and information we do not draw conclusions on the data subject. Rather, the information is necessary

  • to correctly display our website’s content,
  • to optimise our website and advertising on it,
  • to ensure permanent functioning of our IT systems and the technology behind our website, as well as
  • to provide law enforcement authorities with the information needed for law enforcement in the case of a cyberattack.

This data and information, which is collected anonymously, is statistically analysed in order to increase data protection and data security in our company to guarantee the ideal protection level for the personal data we process. The anonymous data of the server log files are stored separately from all personal data given by a data subject.

7. Registration on the website

Users of our website can register using personal data for instance via a contact form, online advertising, donations or to register for a seminar. The personal data transmitted in each case depends on the input mask used for registration. The personal data entered by the data subject will be collected and stored only for internal use and used for our own ends. The controller responsible for processing the data can arrange for the data to be transferred to one or more processors, for instance, a parcel service, who will also only use the personal data for internal use, which has been assigned to the controller.

When registering on the website, the Internet service provider (ISP) stores the IP address of the data subject, as well as date and time of the registration. These data are stored against the background of this being the only way to prevent a misuse of our services. The data can, if necessary, be used to clear up criminal acts and copyright infringements. Therefore, storing these data are required as a safeguard. These data are generally only passed on to third parties if there is a legal obligation or the disclosure serves law enforcement.

Registering a data subject with voluntary given personal data helps us to offer content and services, that due to the nature of things can only be offered to registered users.  Registered persons are free to have the personal data given at registration fully deleted from our stored data.

Wohlfahrtswerk will inform the data subject on request of which personal data are being stored in connection with the data subject at any time. We correct and delete personal data if requested by the data subject as far as there is no legal obligation to retain data to the contrary. Your contact persons are the data protection officer named in this privacy policy and the persons responsible for processing personal data. 

8. Data privacy rights

8.1 Right of confirmation

According to the European regulatory body, the data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed. If a data subject wants to use this right of confirmation, they can at any time contact our data protection officer or another member of staff responsible for processing.

8.2 Right of access

According to the European regulatory body, the data subject has the right at any time and free of charge to get information on the personal data stored about them from the controller, as well as to get a copy of this information. The European regulatory body grants the data subject access to the following information:

  • the purposes of the processing
  • the categories of personal data that are being processed
  • the recipients or categories of recipients to whom the personal data have or will be disclosed, in particular when it comes to recipients in third countries or international organisations
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period
  • the existence of a right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing
  • if the personal data are not collected from the data subject, all available information on the origin of the data
  • the data subject has a right to access the information whether personal data were transferred to a third country or an international organisation. If this is the case, the data subject furthermore has the right to be informed on the appropriate safeguards when it comes to transferring the data.

If a data subject wants to use this right of access, they can at any time contact our data protection officer or another member of staff of the controller.

8.3 Right of rectification

According to the European regulatory body, the data subject has the right to demand the rectification of inaccurate personal data without undue delay. The data subject has the right to demand the completion of incomplete personal data - where appropriate accompanied by an additional explanation, under due consideration of the purposes of processing.

If a data subject wants to use this right of rectification, they can at any time contact our data protection officer or another member of staff responsible for processing.

8.4 Right of erasure (right to be forgotten)

According to the European regulatory body, the data subject has the right to demand from the controller to erase the personal data concerned without undue delay where one of the following reasons applies and insofar as processing is not required:

  • The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
  • The data subject withdraws the consent the processing was based on in accordance with art. 6 para. 1 lit. a GDPR or art. 9 para. 2 lit. a GDPR, and there is no other legal basis for processing.
  • The data subject objects to the processing in accordance with art. 21 para. 1 and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing in accordance with art. 21 para. 2.
  • The personal data have been unlawfully processed.
  • The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in art.  8 para 1 GDPR.

If one of the reasons mentioned above applies and the data subject wants to have the personal data stored at Wohlfahrtswerk erased, they can at any time contact our data protection officer or another member of staff of the controller.

The data protection officer or another member of staff will arrange for the demand of erasing the personal data to be complied with without undue delay.

Where Wohlfahrtswerk has made the personal data public and is obliged in accordance with art. 17 para. 1 GDPR to erase the personal data, Wohlfahrtswerk, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data, insofar as processing is not required. The data protection officer or another member of staff will take the necessary steps on an individual basis.

8.5 Right to restriction of processing

The data subject has the right granted by the European regulatory body to demand from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to art. 21 para. 1 pending the verification whether the legitimate grounds of the controller override those of the data subject.

If one of the requirements mentioned above exists and a data subject wants to demand the restriction of personal data stored at Wohlfahrtswerk, they can at any time contact our data protection officer or another member of staff of the controller. The data protection officer or another member of staff will arrange for the restriction of processing to be implemented.

8.6 Right to data portability

The data subject has the right granted by the European regulatory body to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They furthermore have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent in accordance with art.6 para. 1 (a) GDPR or art. 9 para. 2 (a) GDPR or on a contract in accordance with art. 6 para. 1 (b) GDPR and the processing is carried out by automated means insofar as processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

In exercising their right to data portability in accordance with art. 20 para. 1 GDPR, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible and as far as this does not adversely affect the rights and freedoms of others.

To establish this right of data portability, the data subject can at any time contact the data protection officer appointed by Wohlfahrtswerk or another member of staff.

8.7 Right to object

The data subject has the right granted by the European regulatory body to object at any time to processing of personal data concerning them which is based on art. 6 para. 1 lit. e or f GDPR, on grounds relating to their particular situation.

If the data subject objects, Wohlfahrtswerk will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or if the processing serves for the establishment, exercise or defence of legal claims.

Where Wohlfahrtswerk processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data for such marketing. Where the data subject objects to Wohlfahrtswerk processing data for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Furthermore, the data subject, on grounds relating to their particular situation, has the right to object to processing of personal data concerning them processed for scientific or historical research purposes or statistical purposes in accordance with art. 89 para. 1 GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise this right to object, the data subject can at any time contact Wohlfahrtswerk’s data protection officer or another member of staff.

The data subject is free to exercise their right to object by automated means using technical specifications in the context of the use of information society services, and notwithstanding Directive 2002/58/EC.

8.8 Right to withdraw consent

The data subject has the right granted by the European regulatory body to withdraw consent to the processing of personal data at any time.

If the data subject wants to exercise their right to withdraw consent, they can at any time contact our data protection officer or another member of staff of the controller.

9. SSL encryption

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the browser address bar changing from "http://" to "https://" and by the lock symbol in your browser bar. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

10. Technologies employed

11. Information on data protection referring to the processing of online meetings, seminars and applications via “Zoom” video conference system

11.1 For what purpose and on what legal basis do we process your data?

We process your data in connection with the use of the Zoom video conference system in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-neu) for the following purposes:

  • Carrying out meetings, workshops, group work or lectures within the company group and externally with customers and partners.
  • Carrying out online seminars and job interviews.  

Insofar as this is necessary for the decision on the establishment of an employment relationship with us, processing is based on 26 BDSG-neu and on Art. 6 para. 1 lit. b GDPR for the initiation or implementation of contractual relationships.
Furthermore, we can process your data if there is an interest of effective communication using video conferences based on art. 6 para.1 lit. f GDPR. If you consent to us processing your data for certain purposes, the legitimacy of this processing is based on your consent as per art. 6 para. 1 lit. a GDPR.

Right to object: You have the right to object to a voluntary consent into the processing of your data without giving reasons and without this resulting in any disadvantages for you. We will then no longer process your data, unless we can provide evidence of compelling legitimate grounds for processing that prevail over your interests, rights and freedoms, or if the processing serves the purposes of enforcing, exercising or defending legal rights. A withdrawal only applies to processing planned for after the withdrawal.


11.2 What data will be processed for the video conference system?

  • Carrying out online meetings: User information (surname, name, e-mail address, password). 
  • Meeting meta data: Subject description, time of participation. 
  • When dialling-in by phone: Phone records. 
  • Text, audio and video data: User input during the meeting, location information for the technical provisioning of the service.

11.3 To whom do we transfer your data?

Your data will be transferred to each party involved for preparing and carrying out the video conference. Furthermore, we will transfer your data within our company to those areas and persons exclusively who need to have them in order to perform contractual and legal obligations. Your data will be processed acting on our instruction based on data processing contracts as per art. 28 GDPR.

Within our company group, our data will be transferred to certain companies if these exercise data processing tasks for all companies connected in the group (e.g. salary administration, IT services). Company group: Wohlfahrtswerk für Baden-Württemberg and all subsidiaries Wohlfahrtswerk Altenhilfe GmbH, Wohlfahrtswerk Management und Service GmbH, Wohlfahrtswerk Bau- und Immobilienmanagement GmbH, further company departments commissioned with processing tasks concerning compliance with obligations.

The service provider Zoom is based in the US. Your data will not be transferred and processed in a third country. Zoom meetings take place exclusively on servers in data centres of our processor in Europe (Germany, Austria, Switzerland). Zoom's technical measures were adapted by the operator to meet our requirements and the requirements of data protection.

11.4 Will meetings be recorded and saved?

We will not automatically record meetings. Your data, that has been processed during the video conference, will be erased as soon as the purpose for processing ceases to exist.  Recordings are only made with the consent of the participants concerned and only insofar as this is necessary within the framework of the applicable law or in the specific case for the establishment, exercise or defence of legal claims for the duration of a legal dispute and is necessary for official purposes or for the specific performance of tasks.

The participants will be informed about the recording before it is started in order to obtain their approval. If participants do not consent, they have the option to turn off microphone and camera and not use the chat but stay in the online meeting. Alternatively, the participants log out but will be given the option to access the recordings later.

11.5 What rights do I have?

You can find further comprehensive information on your rights as per GDPR under item "8. Data privacy rights"

12. Information on data privacy concerning the processing of your application

12.1 For what purpose and on what legal basis do we process your data?

We process your data that we receive from you by mail, e-mail or form via our homepage in the course of contacting you or your application, or that you transmit to us via other sources, in accordance with the provisions of the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG-neu), insofar as this is necessary for the decision on the establishment of an employment relationship with us. The legal basis for this is art. 88 GDPR in conjunction with § 26 BDSG-neu as well as, if applicable, art. 6 para. 1 lit. b GDPR for the initiation or execution of contractual relationships.

Conducting interviews via video conference replaces or completes the process of getting to know each other and face-to-face communication between Wohlfahrtswerk and the applicant as part of the application process. (Refer to Information on data protection referring to the processing of online meetings, seminars and applications via “Zoom” video conference system)

Furthermore, we can process your personal data if this is necessary for compliance with legal obligations (art. 6 para. 1 lit. c GDPR) or is necessary for the defence of legal claims brought against us. Art. 6 para.1 lit. f GDPR constitutes the legal basis. The legitimate interest is, for instance, a duty to provide evidence in proceedings under the General Act on Equal Treatment (AGG) or the legitimate interest to conduct job interviews by video conference. If you give us explicit consent to processing your data for certain purposes, the legitimacy of this processing is based on your consent as per art. 6 para. 1 lit. a GDPR.

Right to object:  You have the right to object to a voluntary consent into the processing of your data without giving reasons and without this resulting in any disadvantages for you. We will then no longer process your data, unless we can provide evidence of compelling legitimate grounds for processing that prevail over your interests, rights and freedoms, or if the processing serves the purposes of enforcing, exercising or defending legal rights. A withdrawal only applies to processing planned for after the withdrawal.

If we enter into an employment relationship with you, we may, in accordance with art.88 GDPR in conjunction with. § 26 BDSG-neu, process the data received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the employee representation resulting from a law or a collective agreement, a company or service agreement (collective agreement).

We do not use automated decision-making (including profiling) within the meaning of art. 22 GDPR.

12.2 What data is being processed for your application?

We only process data related to your application. This may include general master data about you (such as first name, surname, qualifiers such as academic degrees/titles, nationality), contact data (such as private address, (mobile) phone number, e-mail address) and the data of the entire application process (cover letter, certificates, questionnaires, interviews as well as any performance evaluations, qualifications and previous activities). If you have also voluntarily provided special categories of personal data (such as health data, religious affiliation, degree of disability) in the letter of application or in the course of the application process, processing will only take place with your you consent. As a rule, your personal data will be collected directly from you as part of the recruitment process. In addition, we may have received data (address data, data from curriculum vitae) from third parties (e.g. job placement agencies).

12.3 To whom do we transfer your data?

Your data will be transferred to each party involved in the job interview for preparing and carrying out the application process and for carrying out the video conference. Furthermore, we will transfer your data within our company to those areas and persons exclusively who need to have them in order to perform contractual and legal obligations. Your data will be processed acting on our instruction based on data processing contracts as per art. 28 GDPR. In these cases, we will make sure that the processing of your data will be consistent with the regulations stipulated in the GDPR. In this case, the categories of recipients include Internet service providers as well as providers of application management systems, video conference systems and software.

Within our company group, our data will be transferred to certain companies if these exercise data processing tasks for all companies connected in the group (e.g. salary administration, IT services). 
Company group: Wohlfahrtswerk für Baden-Württemberg and all subsidiaries Wohlfahrtswerk Altenhilfe GmbH, Wohlfahrtswerk Management und Immobilien GmbH, further company departments commissioned with processing tasks concerning compliance with obligations from the contractual relationship.

We do not plan to transfer data to a third country.

12.4 What data do we store for how long?

We will only process and electronically save your application documents as part of the application process in accordance with the data protection regulations applicable. After the application process has ended, your data will be erased after 6 months in accordance with § 61 para. 1 ArbGG (German Labour Court Act) in conjunction with § 15 AGG, as long as a longer storage period is not legally required or allowed. We will only store your data beyond that if this is necessary by law or in a specific case for the establishment, exercise or defence of legal claims for the duration of a legal dispute.

In case you consented to a longer storage of your data, we will store them according to your declaration of consent. Only with your declaration of consent do we have the option of registering you in our in-house applicant pool, where your application will be kept for 1 year and accessed in the event of a job application in the Wohlfahrtswerk für Baden-Württemberg and its subsidiaries.

If, following the application process, an employment relationship, apprenticeship or trainee relationship is established, your data will, as far as necessary and permissible, remain stored and later transferred to your personnel file.

The video conference will not be recorded. The data processed in the course of your job interview via video conference will be deleted as soon as the purpose for processing ceases to exist, refer to Information on data protection referring to the processing of online meetings, seminars and applications via “Zoom” video conference system

12.5 What rights do I have?

You can find further comprehensive information on your rights as per GDPR under item 8,  „Data privacy rights".