Privacy Policy Applicants

Version of June 2020

A. Processing of (personal) data by the person responsible for the online application procedure

1. Data processing
We offer you the possibility to apply for open positions in our company via our websites and by email. For this purpose we use as software partner the Comeet Technologies, Inc. The software partners are contract processors in the sense of data protection law and are obligated by corresponding contracts to handle your data in manner compliant to data protection.


2. Data security and confidentiality
Data protection is an important concern for us. Vimcar GmbH and our software partner have taken the necessary organizational and technical measures to ensure the confidentiality of your application.
All employees of the personnel department as well as our software partners are bound to secrecy regarding personal data within the scope of their employment contract. Thanks to an automatically activated 128-bit encryption, a secure transmission of your data is ensured. During data processing, the general standards for data security are taken into account in accordance with the current state of the art.


3. Use of your personal data
During the application procedure, in addition to the form of address, surname and first name, the usual correspondence data such as postal address, e-mail address and telephone numbers are stored in the applicant database. In addition, application documents such as letters of motivation, curriculum vitae, vocational, education and training qualifications and references are recorded. These data are stored, evaluated, processed or forwarded internally exclusively in the context of your application. They are only accessible to employees of the personnel department and the persons responsible for selection at Vimcar GmbH. Under no circumstances will your data be disclosed to companies or persons outside Vimcar GmbH. Furthermore, our employees are strictly bound by instructions and are not allowed to process the data for their own purposes. The data may be processed for statistical purposes (e.g. reporting). No conclusions can be drawn about individual persons.


If you apply to us, we process the information we receive from you in the course of the application procedure, e.g. through letters of application, CV, certificates, correspondence, telephone or oral information. In addition to your contact details, information about your education, qualifications, work experience and skills are of particular relevance to us.

We do not require any special categories of personal data within the meaning of art. 9 GDPR (e.g. health data within the meaning of severe disability or similar) for the application process. We ask you not to send us any such information in advance. If, exceptionally, such information is relevant to the application process, we will process it together with your other applicant data. This may, for example, relate to information about a severe disability which you may provide us voluntarily and which we then have to process in order to fulfil our special obligations with regard to severely disabled persons. In these cases, the processing serves to exercise rights or to fulfil legal obligations arising from labour law, social security law and social protection. The legal basis for data processing is then Art. 9 Para. 2 it. b GDPR, §§ 26 Para. 3 BDSG, 164 SGB IX. Exceptionally, it may be necessary to obtain information about your health or disability or information from the Federal Central Register, i.e. about previous convictions, in order to assess your suitability for the intended job. The legal basis for this is § 26 BDSG.

Your data will not be used by us for automated decision-making or profiling, nor will it be passed on to third parties.


4. Right of access
You have the right of correction (art. 16 GDPR) and deletion (art. 17 GDPR). In addition, you have the right of transferability of data (art. 20 GDPR) and restriction of data processing (art. 18 GDPR). If processing of the data is based on your consent, you can revoke this consent at any time with future effect (art. 21 GDPR).

As a rule, you can assert your rights informally and without giving reasons.

With a request for information in accordance with art. 15 GDPR, you can request information about which of your data is being processed. To do so, please contact our personnel department (e-mail: careers@vimcar.com, address: Skalitzer Straße 104, 10997 Berlin).


5. Data retention and deletion
If you take up a job with Vimcar GmbH, your personal data, or an extract thereof, will be added to your personal file.
If you have applied but received a negative reply, your details will be stored on the basis of your consent for around 3 months after completion of the application process and then deleted (profile and application). There will be no notification about the deletion of the data.

If you have applied but we are unable to offer you a suitable position at this time, we reserve the right to assign your application to our talent pool (Vimcar Connect). In this case, you will receive a message by e-mail. You give us your consent to store your data for 12 months and delete it afterwards.If you no longer agree or are no longer interested, you can object to further data processing.

After the storage period has expired, the data is anonymised and can no longer be directly assigned to them. However, if you reapply for a job with the same email address, your profile will be reactivated and we can also view data from previous applications.

B. Processing of (personal) data by the operator of the recruiting page


1. General information
The processing of the applicant data is provided by Comeet Technologies, Inc. Comeet Technologies, Inc. is a US-American provider of applicant management software based in New York. The processing of the data takes place exclusively in Germany. We transmit your data to the recruiting platform using TSL encryption only. The company is responsible for this data in accordance with art. 24 GDPR. Comeet Technologies, Inc. is the operator of the platform and is therefore to be regarded as a processor of orders in the sense of art. 28 GDPR. A contract for processing has been concluded between Comeet and Vimcar.

2. Data controller
Responsible body in the sense of the data protection law is:
Comeet Technologies, Inc.
109 South 5th Street,
Brooklyn, NY 11249 - USA


For more information about data processing by Comeet Technologies, Inc. please visit https://support.comeet.co/knowledgebase/privacy-notice/.


Pursuant to Article 27 of the GDPR, a representative in the Union must be appointed in writing by managers or processors not established in the Union. Comeet Technologies, Inc. has appointed the European Data Protection Office (EDPO). You can contact the EDPO in matters concerning the DPA by sending an e-mail to privacy@edpo.brussels, using the EDPO's online form at https://edpo.com/contact/ or by writing to the EDPO at 71, Avenue Huart Hamoir, 1030 Brussels, Belgium.


3. The useage of cookies
Comeet Technologies, Inc. uses first-party cookies for website analysis purposes, such as collecting information about website activity, including session duration, website content and interactions accessed, and user interface clicks related to such content, the Internet Protocol (IP) address of the device from which the websites were accessed, the browser used, its version and language preferences (i.e., locale), and the area from which you accessed the websites.

Comeet Technologies, Inc. also uses third-party cookies to deliver more relevant advertisements about our products and services when you browse the Internet (also referred to as "retargeting"). These third-party cookies come from Google, AdRoll, Facebook and their respective advertising networks and partners.

4. Your rights as a data subject
If personal data are processed by Comeet Technologies as the responsible body, you as a data subject have certain rights from chapter III of the EU data protection basic regulation, depending on the legal basis and purpose of the processing, in particular the right of information (art. 15 GDPR), the right of correction (art. 16 GDPR), the right of deletion (art. 17 GDPR), the right of limitation of the processing (art. 18 GDPR), the right of data transferability (art. 20 GDPR), the right of objection (art. 21 GDPR). If the processing of personal data is based on your consent, you have the right to withdraw your consent under data protection law pursuant to Art. 7 para. 3 GDPR. To exercise these rights, please contact Comeet Technologies Inc. or the European Data Protection Office (for further information see B.2.)

Subject to applicable law, you have the right to lodge a complaint with your local data protection authority in accordance with art. 77 GDPR.

You also have the right to oppose the processing of your data by Comeet Technologies, Inc. unless we can prove that we have compelling legitimate interests that outweigh your rights and freedoms. To exercise this right, please contact support@comeet.com.


5. Final provisions
If there are changes to the Comeet Technologies, Inc. privacy policy, they will make every effort to notify you proactively of such changes. In any case, the most recent version of the notice will be available at http://help.comeet.co/en/articles/3134994-privacy-notice.