Skip to main content

Processing of (personal) data by the entity in charge of the online application process


I. General Information
The protection of your personal data is of utmost importance to the NFON Group. We act in accordance with applicable data protection regulations to safeguard the data collected during the application process. This privacy policy supplements our general privacy policy and informs you about how your data is handled during the application process.

II. Data Controller 
The entity responsible for processing your data in connection with the application process is:

NFON AG
Zielstattstraße 36
81379 München
Germany,

represented by the Head of Human Resources, together with the company mentioned in the job posting. A list of all NFON Group companies and their respective local responsibilities can be found in Section VII.
If you apply to NFON AG, NFON AG alone is responsible for data processing.
You can contact our Data Protection Officer, Claudia Standke, either by mail at the address above (attn: Data Protection Officer) or by email at datenschutz@nfon.com.

III. Data Processing
1. Contacting us
You have the option to contact us through various means, such as email, phone, social media platforms, or mail. If you contact us, we will process the personal data you voluntarily provide for the sole purpose of responding to your inquiry and communicating with you.
The legal basis for processing your data as part of your specific application is the pre-contractual employment relationship in accordance with Art. 6 (1) b) GDPR.
For general inquiries that are not directly related to a contractual relationship, data processing is based on our legitimate interest in responding to your inquiry quickly and efficiently, as per Art. 6 (1) f) GDPR.

2. Application Process 
When you apply to us—whether through our career page, email, This includes: mail, or a recruitment agency—we process the data necessary for registering and handling your application.

- First and last name
- Date of birth
- Email address
- Address
- Phone number
- Application-related documents, such as a cover letter, CV, diplomas, work certificates, details of previous employment history, and additional qualifications mentioned in your documents
- Optional application photo
- Salary expectations
- Availability information
- Any other details included in the documents you submit
The legal basis for this data processing is the execution of pre-contractual measures within the framework of the recruitment process, in accordance with Art. 6 (1) b) GDPR in conjunction with national data protection laws.
If your application documents contain special categories of personal data as defined in Art. 9 (1) GDPR (e.g., health data, disability status, ethnic background) or if you voluntarily disclose such information during the recruitment process, we process this data for the purpose of exercising rights or fulfilling obligations under labor law, social security, and social protection laws. The legal basis for this is Art. 6 (1) a) and c) GDPR in conjunction with Art. 9 (2) b) GDPR.

3. Conducting Interviews 
For digital job interviews, we use the Microsoft Teams platform, operated by Microsoft Corporation One Microsoft Place, South County Business Park, Carmanhall And Leopardstown, Dublin, D18 P521, Ireland (“Microsoft Teams”), or conduct interviews by telephone.
For interviews via Microsoft Teams, we will provide you with a link in advance so that you can participate in the video conference. Depending on how the interview is conducted, personal data may be processed during the interview, including name, e-mail address, technical connection data (e.g. IP address) and image and sound recordings if you activate the camera or microphone. Please note that Microsoft Teams acts as an independent controller. Further information on data processing by Microsoft Teams can be found in Microsoft's privacy policy.
In the case of telephone interviews, we process your contact details (e.g. telephone number) in order to be able to conduct the interview.
We use the data you provide exclusively for the purpose of planning, conducting and following up the interview and for the duration of the application process.
The legal basis for this data processing is Art. 6 para. 1 b) GDPR.

4. Use of the Predictive Index  Analysis Tool
  • As part of the selection process, NFON uses the Predictive Index® analysis tool provided by Predictive Index LLC (USA). This tool supports the structured assessment of behavioral characteristics and motivational factors of applicants.
    During the selection procedure, applicants receive an individual link to participate in the PI Behavioral Assessment. The assessment takes approximately 10 minutes and involves a self-evaluation regarding general and job-related behaviors. Based on the input provided, a personality profile is generated.
    The purpose of the processing is to assess professional suitability in order to make well-founded and sustainable personnel decisions. This aims to positively impact the achievement of company goals, reduce (early) turnover, and strengthen motivation and employee retention.

  • The following categories of data are processed:
    •    Personal identification data (e.g., first name, last name, gender)
    •    Contact information (e.g., email address)
    •    Performance and behavioral data (e.g., information about abilities, professional behavior, motivational traits)
    •    Statistical data or organizational classification (e.g., information about department, division, or location)

  • Processing is carried out solely on the basis of your voluntary and explicit consent in accordance with Article 6(1)(a) GDPR. If the analysis allows conclusions about special categories of personal data, processing is additionally based on Article 9(2)(a) GDPR. Consent can be withdrawn at any time with future effect. Non-participation will not result in any disadvantages during the application process.
    Only authorized employees of the HR department have access to the analysis results. The evaluation may be discussed or summarized with the responsible manager as an internal recipient in preparation for structured interviews. The manager does not have direct access to the full report.
    The processing does not involve solely automated decision-making within the meaning of Article 22 GDPR. The results of the assessment serve solely as an additional element in evaluating your application. Every assessment is made through a personal evaluation by our HR representatives and only with regard to the open position.
    The data is automatically anonymized within the Predictive Index platform after 180 days. There is no local storage or transfer of the reports to third parties.
    Predictive Index LLC processes the data within the scope of a data processing agreement in accordance with Article 28 GDPR. The transfer of personal data to the USA is based on the EU-U.S. Data Privacy Framework (DPF). Predictive Index LLC is certified under the DPF.

  • For more information on data processing by Predictive Index LLC, please refer to:
    •    Services Privacy Policy
    •    Data Privacy Framework Policy

5. Use of the “JOIN” applicant management platform
We use the JOIN recruiting platform (Eichenstrasse 2, 8808 Pfäffikon SZ, Switzerland) to publish our job advertisements and to receive and initially process incoming applications. JOIN enables us to record and pre-sort applications in a structured manner. The documents submitted via JOIN are then manually transferred to our applicant management system Personio. The data is processed for the purpose of carrying out and managing application procedures via the JOIN platform on the basis of Art. 6 para. 1 lit. b) GDPR. In particular, personal master data (such as name, salutation, title, date of birth, telephone number and e-mail address), contents of the application documents (such as CV, cover letter, references and certificates), messages sent via JOIN as part of the application process and metadata-related information on the course of the application process (e.g. duration of the process or number of applications received) are processed. JOIN acts as a processor within the scope of this processing in accordance with Art. 28 GDPR. A corresponding contract for order processing has been concluded, which ensures data protection-compliant processing and compliance with suitable technical and organizational measures to protect your data.

Further information on data processing by JOIN can be found in JOIN's privacy policy.

6. Candidate Experience Survey (SurveyMonkey)

We use SurveyMonkey (SurveyMonkey Europe Unlimited Company, 70 Sir John Rogerson's Quay, Dublin 2, D02 R296, Ireland) for our candidate experience survey. The purpose of this survey is to improve our recruiting workflows, tools, and collaboration on the basis of Art. 6(1)(f) GDPR. Participation is voluntary, and you may object at any time pursuant to Art. 21 GDPR.

For the invitation, we process {name, email address, position/process status}. In the survey itself, we do not collect direct identifiers; we ask about country, job title, rating scale responses, and optional free-text comments. We analyze survey results only in aggregate.

For further information, please refer to SurveyMonkey’s privacy policy

7. Admission to talent pool

For the administration of our talent pool and for subsequent contact regarding suitable vacancies, we use our applicant tracking system Personio (Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany) as a processor pursuant to Art. 28 GDPR. Inclusion in the talent pool is only based on your consent (Art. 6(1)(a) GDPR). For this purpose, we process the application documents you provide and basic contact details. Special categories of personal data (e.g., health data) are neither required nor requested. The data is visible only to authorized members of the People & Culture team and the involved hiring managers and is retained for a maximum of 12 months. Before this period expires, we will ask you about an extension; otherwise, we will delete your data for this purpose, or sooner if you withdraw your consent. You may withdraw your consent at any time with effect for the future (e.g., by emailing us); the lawfulness of processing up to the point of withdrawal remains unaffected.

For further information on data processing by Personio, please refer to Personio’s privacy policy.

8. Subscription to the Career Newsletter

For sending our optional careers newsletter, we use the email service Brevo (Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin) as a processor pursuant to Art. 28 GDPR. We process your email address and any preferences you provide on the basis of Art. 6(1)(a) GDPR in conjunction with § 7 UWG. We use a double-opt-in procedure and record the time of registration/confirmation and the consent declaration for verification purposes. Our newsletters may contain a tracking pixel that measures opens/clicks for statistical purposes; this is also based on your consent. You can unsubscribe at any time via the link in any email or by contacting us; in that case, you will receive no further newsletters and we will delete or block your contact data for this purpose.

For further information on data processing by Brevo, please refer to Brevo’s privacy policy.


9. Further Data Processing
If you receive a job offer, your data will be transferred to the regular personnel management process, where it will be stored and retained in accordance with legal requirements. If your application is unsuccessful, your data will generally be deleted 180 days after rejection, unless you consent to being included in our applicant pool under Art. 6 (1) a) GDPR. For unsolicited applications, your data will be stored for a maximum of six months. If no offer is made or no further activity occurs within this period, your data will be automatically deleted.
  
IV. Recipients of Your Data
We generally do not share your data with third parties unless required by law (e.g., in response to a request from law enforcement authorities) or necessary for carrying out the application process.
We use Personio SE & Co. KG, Seidlstraße 3, 80335 Munich ("Personio") to operate our career platform. Personio provides software for processing and managing application data and processes the data solely on our behalf.
Additional service providers (e.g., HR management tools) or members of the NFON Group may be involved in evaluating applications.
In principle, your personal data is not transferred to a third country. If such a transfer is necessary, it will only occur in compliance with the GDPR, for example, through EU Standard Contractual Clauses.

V. Data Retention and Deletion
Your application will be deleted from our applicant management system 180 days after a decision has been made. If we wish to store your application for a longer period, we will first obtain your consent via email.

VI. Your Rights
You have the right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR) under the respective legal requirements. You also have the right to object to and withdraw your consent to data processing. You also have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). 
If you wish to exercise one of these rights, please send an informal letter to the contact address listed below. If you wish to exercise your right of objection or withdrawal, the data processing carried out up to this point remains lawful and unaffected. 

VII. NFON-Group Companies
NFON AG
Zielstattstraße 36
81379 München
Germany
NFON ITALIA SRL
Cso Magenta 82
Milano -20123
Italy
NFON GmbH
Linzer Straße 55
3100 St. Pölten
Austria
NFON Polska Sp. z o.o.
Ul. Przeskok 2
00-032 Warszawa
Poland
NFON France
81 Rue Réaumur
75002 Paris
France
 
NFON UK Ltd.
The Atrium
1 Harefield Road
Uxbridge UB8 1PH
United Kingdom
NFON IBERIA SL
Paseo de la Castellana 135,
7ª Planta (Madrid – 28046)
Spain
botario GmbH
Konsul-Smidt-Straße 8p
28217 Bremen
Germany
 
NFON Developments, Unipessoal, Lda.
R. Barata Salgueiro 37 5 Piso,
1250-044 Lisboa
Portugal
 
NFON Hub sh.p.k
St. Xhevdet Doda, Dukagjini Center, Floor II, No.7, 10000 Prishtine
Kosova

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.