Our Data
Privacy Statement

This privacy policy serves to fulfil our data protection obligations to provide information pursuant to Articles 13 and 14 GDPR with regard to the collection of the data of prospective and current customers by or within the YER Germany Group.

With the information provided here, we fulfil our

Obligation to provide information in accordance with Articles 13 and 14 GDPR when collecting personal data

Gender-neutral wording is used throughout; such references refer to persons of all genders and none. It is assumed with regard to the applicability of this privacy policy to prospective and current customers that personal data, e.g. of a managing director or authorised representative, or contact person, is actually processed.

1. Controller’s name and contact details

The companies listed below act as ‘joint controllers’ under data protection law pursuant to Article 26 GDPR and strictly comply with the ‘need-to-know’ principle.

YER Deutschland GmbH
Birketweg 21
80639 Munich
HRB 300341
Commercial Register of the District Court of Munich

YER Talents GmbH
Birketweg 21
80639 Munich
HRB 207200
Commercial Register of the District Court of Munich

YER Experts GmbH
Birketweg 21
80639 Munich
HRB 207201
Commercial Register of the District Court of Munich

and

YER Staffing GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 10533
Commercial Register of the District Court of Bochum

YER Agritech GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18520
Commercial Register of the District Court of Bochum

YER Service GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 15963
Commercial Register of the District Court of Bochum

YER Projects GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18987
Commercial Register of the District Court of Bochum

hereinafter jointly referred to as ‘YER Germany’ and ‘YER’.

2. Data Protection Officer’s contact details

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

3. Purposes of data processing

Together with third parties commissioned by us, we process personal data:

• to contact you as a prospective contractual partner at your request and to initiate a business relationship or specific contractual relationship;
• to contact you (again) as a prospective customer and to initiate a contractual relationship;
• to be able to hold pre-contractual negotiations and have discussions with you as a direct contact person/company representative;
• to be able to introduce our candidates to you as a contact person/company representative or to plan joint interviews and hold them, etc.;
• to be able to negotiate and conclude a contract, i.e. to conduct negotiations, prepare draft contracts, etc. (sales);
• to be able to implement a concluded contract (e.g. billing, i.e. recording, storing and forwarding, using your data to create and send invoices) and, if necessary, to be able to enforce any claims;
• to defend ourselves legally against any possible claims;
• to send you targeted, relevant advertisements or other notifications that we think you will be interested in, such as enabling you to participate in our various events like our Experts Talk;
• to conduct surveys, e.g. on customer satisfaction, to ensure the legally accurate execution of our contracts and so we can continuously improve ourselves as a service provider.

4. Categories of data

• Salutation, if applicable
• First name and surname
• Position
• Affiliation with or employment with a specific company
• Authorisation/power of representation, if applicable
• Your place of work (registered office or branch office of your employer), if applicable
• Work phone/mobile number
• Work email address

5. Data sources

• You personally, if you proactively share your personal data to contact us (business cards, etc.)
• You personally, if and to the extent that you share your personal data when you contact us
• You personally, if and to the extent that you are one of our customers and we have already received your personal data from you in the past in the context of the contractual relationship
• Any contact persons in your company who you know personally
• Other third parties such as credit agencies or address service providers from whom personal data is transmitted to us in a legally permissible manner, if applicable.
• Publicly accessible portals or social media networks, such as LinkedIn, on which you yourself have made your personal data public
• Other publicly accessible sources, such as debtor lists, land registers, commercial and association registers, media, permissibly obtained or lawfully provided to us by other third parties (a credit agency or an address service provider)
• From other third parties (e.g. our candidates or temporary employees)

6. Categories of data recipients

• Reciprocally: customers/candidates/subcontractors
• Service providers with whom we cooperate in order to perform our contractual obligations owed to you, specifically managed service providers (MSPs), if applicable
• Service providers who provide and maintain our customer management systems (CRM), if applicable
• IT service providers to maintain our IT infrastructure and provide various software applications, e.g. for digitally signing contracts, conducting video calls, storing documents, etc., if applicable
• Service providers who provide our accounting software, in particular for the creation and processing of incoming invoices and payment of receivables, in the course of maintaining/updating the systems, if applicable
• Credit institutions and providers of payment services for billing, if applicable
• Credit agencies and scoring providers for creditworthiness information, for the assessment and processing of payments, if applicable
• Debt collection service providers and legal professionals, in order to collect receivables and enforce claims through the courts, if applicable
• Authorities, to fulfil legal notification obligations, if applicable

7. Legal bases

• Data processing based on our legitimate interests (Article 6 (1) sent. 1 lit. f GDPR)
  
  We base the processing of your personal data in connection with acquisition measures on our legitimate interest in contacting you as a prospective customer and contractual partner for our services. The same applies to the temporary transfer and storage of your personal data in our customer relationship system for as long as a specific acquisition measure with any direct recruitment or contract conclusion process lasts, and we may assume that you wish to be contacted in the context of the ongoing business relationship. If  we do not have your consent under data protection law to permanently store your personal data for placement purposes in our CRM systems after completion of a specific acquisition process, our deletion policy provides for your data to be deleted, taking into account the principle of purpose limitation.
   
• Data processing for the purpose of initiating/performing a future or current contract between you and us (Article 6 (1) sent. 1 lit. b GDPR)
  
  Naturally, we also process your personal data for the purpose of initiating a contract, i.e. on the basis of Article 6 (1) sent. 1 lit. b GDPR, if in individual cases, a specific job is available through a ‘search’ or has already been agreed.
  
  If a contract has been concluded, we process your personal data for the purposes described above on the basis of the performance of the contract.
  
  If a temporary agency work contract or contract for services or work is concluded or an agency contract is concluded with you as a customer representative, we will also process your data to implement the contract in question, particularly with respect to the legal obligations of the temporary work agency and the user under the Act on Temporary Agency Work (AÜG). The legal basis for this is Article 6 (1) sent. 1 lit. b alt. 1 GDPR. The same applies to all data processing operations described above for a specific purpose in the course of the execution/processing of a concluded contract, ranging from its storage, updating/management and implementation through to any legal evaluation after the termination of a contract for the enforcement of claims or legal defence.
  
  In the event that there is a corresponding legal obligation involving the processing of personal data, we refer to Article 6 (1) sent. 1 lit. c GDPR in conjunction with, for example, Section 8 (1) of the Act on Temporary Agency Work (equal pay principle).
   
• Data processing on the basis of your consent (Article 6 (1) sent. 1 lit. a GDPR)
  
  If and insofar as you agree to us that we may continue to contact you even after a specific acquisition measure, i.e. in particular by telephone, post, email or otherwise, the legal basis for this is the declaration of consent you have granted to us, i.e. Article 6 (1) sent. 1 lit. a GDPR.
  
  In addition, we may contact you on the basis of your consent, for the duration of the storage of your data, to carry out internal surveys and for direct marketing, as described in the declaration of consent you have submitted. The legal basis is Article 6 (1) sent. 1 lit. a GDPR.

8. Obligation to provide personal data

Personal data must be provided for a contract (temporary employment contract, service contract or work contract) to be initiated and concluded with your company. Failure to make this data available would mean that a contract might not even be concluded, let alone implemented.

9. Automated decision-making including profiling

We do not carry out profiling based solely on electronic decision-making.

10. Data transfers to third countries

Data may be transferred to countries outside the EU and the European Economic Area (‘third countries’) as part of the administration, development, operation and use of IT systems such as Microsoft 365.

Data will only be transferred in the following cases:

• the transmission is generally permissible because a legal requirement has been fulfilled or you have consented to the data transfer;
• the special requirements for transfers to third countries are met.
   
  • Note regarding potential transatlantic data transmission
    Data may be transmitted to the following recipients in the course of processing:
    
    Microsoft Corporation, One Microsoft Way Redmond Washington 98052
    Microsoft also processes personal data in the US.
    Microsoft’s privacy policy can be accessed via the Microsoft Privacy Policy.
    
    This also provides further information on the respective rights of the user.
    The security of the transmission of data to the US with regard to all Microsoft applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).
    With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023.
    
    The agreement confirms an adequate level of data protection for certified US companies.
    
    US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.
    
    Microsoft applications must be based on the underlying listing of Microsoft Corporation in the DPF.

This privacy policy serves to fulfil our data protection obligation to provide information pursuant to Articles 13 and 14 GDPR in relation to the collection of data from applicants by or within the YER Germany Group. This privacy policy applies equally to applicants for internal positions and for external temporary positions filled through us as a recruitment agency.

By means of the information provided here, we fulfil our

Obligation to provide information in accordance with Articles 13 and 14 GDPR when collecting personal data

Gender-neutral wording is used throughout; such references refer to persons of all genders and none.

1. Controller’s name and contact details

The companies listed below act as ‘joint controllers’ under data protection law pursuant to Art. 26 GDPR, while strictly observing the ‘need-to-know’ principle.

YER Deutschland GmbH
Birketweg 21
80639 Munich
HRB 300341
Commercial Register of the District Court of Munich

YER Talents GmbH
Birketweg 21
80639 Munich
HRB 207200
Commercial Register of the District Court of Munich

YER Experts GmbH
Birketweg 21
80639 Munich
HRB 207201
Commercial Register of the District Court of Munich

and

YER Staffing GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 10533
Commercial Register of the District Court of Bochum

YER Agritech GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18520
Commercial Register of the District Court of Bochum

YER Service GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 15963
Commercial Register of the District Court of Bochum

YER Projects GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18987
Commercial Register of the District Court of Bochum

hereinafter jointly referred to as ‘YER Germany’ and ‘YER’.

2. Data Protection Officer’s contact details

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

3. Purposes for which data is processed

We process your personal data:

• To identify you as a potential match for the positions we wish to fill based on your qualifications
• To make you aware of our customers and us as a personnel service provider or employer via the messaging functions of professional networks (LinkedIn, Xing)
• To contact you (again) as a job seeker, to contact you at your request and to initiate an application process to fill our advertised vacancies
• To review your application(s) and match it or them to a specific position or staffing requirement
• To electronically send your application documents or profile to the responsible internal department or our customers, or to their managed service providers, i.e. by email or by uploading them to a customer candidate system
• To obtain your consent to the permanent storage of your personal data in our talent pools (also: applicants database or HCM systems), and file this consent
• To enable an application process to be carried out, in particular by planning briefings (= preliminary interviews/information meetings) and job interviews – if necessary together with the relevant department (at our customers or their managed service providers) – and to enable the corresponding interviews to be conducted
• To enable an employment contract to be negotiated effectively, in particular by conducting contract negotiations, producing draft contracts, etc.
• To enable a contract to be concluded effectively, particularly by using various software tools to create, digitally sign, file and, where applicable, administer contracts
• To perform a concluded contract and, where applicable, to enable the enforcement of any claims
• To legally defend ourselves against any claims, e.g. due to a breach of the German General Act on Equal Treatment (AGG)
• To provide you with tips and advice for creating and structuring your CV, cover letter, etc. (YER job application coaching)
• To create, edit and temporarily store application photos at your request, and to send you the finished photo
• To conduct surveys in order to ensure that our contracts are performed in precise accordance with the law and that we can continuously improve as a service provider
• To keep you regularly informed (electronically) or possibly by post about interesting events and our service portfolio (newsletters, information bulletins, etc.)

4. Data categories

• Title (if applicable)
• First name and surname
• Home address
• Telephone number/mobile phone number
• Date of birth
• Email address
• Salary expectations (hourly rate)
• Professional training
• School education
• Professional experience
• Nationality, residence permit (if applicable)
• Availability, flexibility (if applicable)
• Photo/facial image as part of a video call (if applicable)
• Other information from your CV, letters of reference, certificates
• Certificate of good conduct (police check) for submission to our customers (if applicable)
• Results of any occupational health and safety examinations regarding your suitability for a job (if applicable)

5. Data sources

• You personally, if and to the extent that you proactively share your personal data with us for contact purposes
• You personally, if and to the extent that you share your personal data when you contact us or as part of the application process
• You personally, if and to the extent that you are already one of our candidates, and you have given your consent to the continued and permanent storage and use of your personal data in our talent pools for recruitment purposes
• Publicly accessible (job) portals or social media networks on which you have personally made your personal data public
• Reference providers, e.g. former employers, academic referees from your former universities (with or based on your consent, and where applicable)
• Other third parties, e.g. credit agencies or address service providers that send us personal data as permitted by law
• Other publicly available sources (where applicable), such as: Debtor lists, land registers, commercial and association registers, and media from which we are permitted to obtain your personal data or which are lawfully provided to us by other third parties (a credit agency or an address service provider)

6. Categories of data recipients

• Reciprocally: customers (usually: hirers), subcontractors and (where applicable) managed service providers with whom data may be exchanged
• Where applicable: service providers who provide and maintain databases that are operated by us, by customers or MSPs (HCM systems, applicant databases), and the contact form available on our websites
• Where applicable: other IT service providers responsible for maintaining our IT infrastructure and providing various software applications, e.g. for digitally signing contracts, making video calls, filing documents, etc.
• Where applicable: service providers who provide us with software applications for accounting purposes – in particular the creation and processing of incoming invoices (reimbursement of expenses for conducting the application process), and the payment of receivables – as part of system maintenance/updates
• Where applicable: debt collection service providers and legal professionals, in order to collect receivables and enforce claims through the courts.

7. Legal bases

• Data processing based on our legitimate interests (Article 6 (1)(f) GDPR)
  
  In the course of the aforementioned acquisition and recruitment measures, we process your personal data on the basis of our primary legitimate interest in contacting you as a prospective candidate and contractual partner for either our customers’ vacancies or our own, and in retaining your details as a potentially suitable contact. The same applies to the temporary, purpose-specific transfer and storage of your personal data in our HCM system for the duration of a specific acquisition process and any associated recruiting process, and for as long as we may reasonably assume that you are interested in being contacted about any suitable vacancies. If, upon completion of a specific acquisition or application process, we do not have your consent under data protection law to store your personal data permanently in our HCM systems for recruitment purposes, our deletion policy provides for the erasure of your data in accordance with the principle of purpose limitation.
   
• Data processing for the purpose of initiating or performing a future or current contract with us (Article 6 (1)(b) GDPR)
  
  We process your personal data, including for the purpose of initiating a contract, in connection with an employment contract to be concluded with us.
  If a contract has been concluded, we process your personal data for the purposes described above on the basis of what is known as the performance of a contact.
   
• Data processing on the basis of your consent (Article 6 (1)(a) GDPR)
  
  If and to the extent that you consent to ongoing contact from us following a specific acquisition or recruitment process – in particular by telephone, post, email or other means – the legal basis for this is the declaration of consent which you have provided to us (Article 6 (1)(a) GDPR).
  
  Your consent also permits us to contact you for the purposes of internal surveys and direct advertising for the length of time that your data is stored, as described in your declaration of consent. The legal basis is Article 6 (1)(a) GDPR.

8. Obligation to provide personal data

It is a fundamental requirement that personal data be provided on the legal basis of initiating and performing a contract (temporary agency work contract, contract for work or services) concluded with us or the companies named above. Failure to provide the data would make it impossible to conduct the application process or conclude a contract.

If and to the extent that we refer to the legal basis of consent, the provision of your personal data is generally voluntary and therefore not mandatory. The only consequence of not giving consent or failing to provide your personal data is that the desired process cannot be carried out with your involvement.

The same applies to data processing on the basis of Article 6(1)(f) GDPR. The only consequence of failing to provide your personal data is that the desired process cannot be carried out with your involvement.

9. Automated decision-making including profiling

We do not carry out profiling measures based solely on electronic decision-making.

10. Data transfers to third countries

Data transfers to countries outside of the EU and the European Economic Area (‘third countries’) may take place in the context of the administration, development, operation and use of IT systems, such as Microsoft 365.

Data will only be transferred in the following cases:

• The transfer is generally permissible because it satisfies the statutory requirements or you have consented to the transfer of data
• The special requirements for transfers to third countries are met
  • Notice regarding possible transatlantic data transfer
    In the course of processing, data may be transmitted to the following recipients:
    
    Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052
    Microsoft also processes personal data in the US.
    Microsoft’s privacy policy can be found at Microsoft Privacy Statement – Microsoft Data Protection.
    There you will also find further information on the respective rights of the user.
    
    Secure data transmission to the US in connection with all Microsoft applications is ensured by an adequacy decision pursuant to Art. 45 GDPR in conjunction with the Data Privacy Framework (DPF).
    On 10 July 2023, the EU Commission adopted an adequacy decision pursuant to Article 45 of the GDPR, establishing the legal basis for data transfers to the US under the new EU-US Data Privacy Framework.
    The agreement confirms that certified US companies provide an adequate level of data protection.
    
    US companies can certify themselves under the new framework, in a similar way to the old Privacy Shield agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found at Data Privacy Framework.
    
    As regards the use of Microsoft applications, reference should be made to the underlying list provided by Microsoft Corporation in the DPF.

This privacy policy serves to fulfil our data protection obligations to provide information pursuant to Articles 13 and 14 GDPR with regard to the collection of the data of prospective and current customers by or within the YER Germany Group.

With the information provided here, we fulfil our

Obligation to provide information in accordance with Articles 13 and 14 GDPR when collecting personal data

Gender-neutral wording is used throughout; such references refer to persons of all genders and none. It is assumed with regard to the applicability of this privacy policy to prospective and current customers that personal data, e.g. of a managing director or authorised representative, or contact person, is actually processed.

1. Controller’s name and contact details

The companies listed below act as ‘joint controllers’ under data protection law pursuant to Article 26 GDPR and strictly comply with the ‘need-to-know’ principle.

YER Deutschland GmbH
Birketweg 21
80639 Munich
HRB 300341
Commercial Register of the District Court of Munich

YER Talents GmbH
Birketweg 21
80639 Munich
HRB 207200
Commercial Register of the District Court of Munich

YER Experts GmbH
Birketweg 21
80639 Munich
HRB 207201
Commercial Register of the District Court of Munich

and

YER Staffing GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 10533
Commercial Register of the District Court of Bochum

YER Agritech GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18520
Commercial Register of the District Court of Bochum

YER Service GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 15963
Commercial Register of the District Court of Bochum

YER Projects GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18987
Commercial Register of the District Court of Bochum

hereinafter jointly referred to as ‘YER Germany’ and ‘YER’.

2. Data Protection Officer’s contact details

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

3. Purposes of data processing

Together with third parties commissioned by us, we process personal data:

• to contact you as a prospective contractual partner at your request and to initiate a business relationship or specific contractual relationship;
• to contact you (again) as a prospective customer and to initiate a contractual relationship;
• to be able to hold pre-contractual negotiations and have discussions with you as a direct contact person/company representative;
• to be able to introduce our candidates to you as a contact person/company representative or to plan joint interviews and hold them, etc.;
• to be able to negotiate and conclude a contract, i.e. to conduct negotiations, prepare draft contracts, etc. (sales);
• to be able to implement a concluded contract (e.g. billing, i.e. recording, storing and forwarding, using your data to create and send invoices) and, if necessary, to be able to enforce any claims;
• to defend ourselves legally against any possible claims;
• to send you targeted, relevant advertisements or other notifications we think you will be interested in, such as enabling you to participate in our various events, like our Experts Talk;
• to conduct surveys, e.g. on customer satisfaction, to ensure the legally accurate execution of our contracts and so we can continuously improve ourselves as a service provider.

4. Categories of data

• Salutation, if applicable
• First name and surname
• Position
• Affiliation or employment with a specific company
• Authorisation/power of representation, if applicable
• Your place of work (registered office or branch office of your employer), if applicable
• Work phone/mobile number
• Work email address

5. Data sources

• You personally, if you proactively share your personal data to contact us (business cards, etc.)
• You personally, if and to the extent that you share your personal data when you contact us
• You personally, if and to the extent that you are one of our customers and we have already received your personal data from you in the past in the context of the contractual relationship
• Any contact persons in your company who you know personally
• Other third parties such as credit agencies or address service providers from whom personal data is transmitted to us in a legally permissible manner, if applicable
• Publicly accessible portals or social media networks, such as LinkedIn, on which you yourself have made your personal data public
• Other publicly accessible sources, such as debtor lists, land registers, commercial and association registers, media, permissibly obtained or lawfully provided to us by other third parties (a credit agency or an address service provider)
• From other third parties (e.g. our candidates or temporary employees)

6. Categories of data recipients

• Reciprocally: customers/candidates/subcontractors
• Service providers with whom we cooperate in order to perform our contractual obligations owed to you, specifically managed service providers (MSPs), if applicable.
• Service providers who provide and maintain our customer management systems (CRM), if applicable
• IT service providers to maintain our IT infrastructure and provide various software applications, e.g. for digitally signing contracts, conducting video calls, storing documents, etc., if applicable
• Service providers who provide our accounting software, in particular for the creation and processing of incoming invoices and payment of receivables, in the course of maintaining/updating the systems, if applicable
• Credit institutions and providers of payment services for billing, if applicable
• Credit agencies and scoring providers for creditworthiness information, for the assessment and processing of payments, if applicable
• Debt collection service providers and legal professionals, in order to collect receivables and enforce claims through the courts, if applicable
• Authorities, to fulfil legal notification obligations, if applicable

7. Legal bases

• Data processing based on our legitimate interests (Article 6 (1) sent. 1 lit. f GDPR)
  
  We base the processing of your personal data in connection with acquisition measures on our legitimate interest in contacting you as a prospective customer and contractual partner for our services. The same applies to the temporary transfer and storage of your personal data in our customer relationship system for as long as a specific acquisition measure with any direct recruitment or contract conclusion process lasts, and we may assume that you wish to be contacted in the context of the ongoing business relationship. If  we do not have your consent under data protection law to permanently store your personal data for placement purposes in our CRM systems after completion of a specific acquisition process, our deletion policy provides for your data to be deleted, taking into account the principle of purpose limitation.
   
• Data processing for the purpose of initiating/performing a future or current contract between you and us (Article 6 (1) sent. 1 lit. b GDPR)
  
  Naturally, we also process your personal data for the purpose of initiating a contract, i.e. on the basis of Article 6 (1) sent. 1 lit. b GDPR, if in individual cases, a specific job is available through a ‘search’ or has already been agreed.
  If a contract has been concluded, we process your personal data for the purposes described above on the basis of the performance of the contract.
  
  If a temporary agency work contract or contract for services or work is concluded or an agency contract is concluded with you as a customer representative, we will also process your data to implement the contract in question, particularly with respect to the legal obligations of the temporary work agency and the user under the Act on Temporary Agency Work (AÜG). The legal basis for this is Article 6 (1) sent. 1 lit. b alt. 1 GDPR. The same applies to all data processing operations described above for a specific purpose in the course of the execution/processing of a concluded contract, ranging from its storage, updating/management and implementation through to any legal evaluation after the termination of a contract for the enforcement of claims or legal defence.
  
  In the event that there is a corresponding legal obligation involving the processing of personal data, we refer to Article 6 (1) sent. 1 lit. c GDPR in conjunction with, for example, Section 8(1) of the Act on Temporary Agency Work (equal pay principle).
   
• Data processing on the basis of your consent (Article 6 (1) sent. 1 lit. a GDPR)
  
  If and insofar as you agree to us that we may continue to contact you even after a specific acquisition measure, i.e. in particular by telephone, post, email or otherwise, the legal basis for this is the declaration of consent you have granted to us, i.e. Article 6 (1) sent. 1 lit. a GDPR.
  
  In addition, we may contact you on the basis of your consent, for the duration of the storage of your data, to carry out internal surveys and for direct marketing, as described in the declaration of consent you have submitted. The legal basis is Article 6 (1) sent. 1 lit. a GDPR.

8. Obligation to provide personal data

Personal data must be provided for a contract (temporary employment contract, service contract or work contract) to be initiated and concluded with your company. Failure to make this data available would mean that a contract might not even be concluded, let alone implemented.

9. Automated decision-making including profiling

We do not carry out profiling based solely on electronic decision-making.

10. Data transfers to third countries

Data may be transferred to countries outside the EU and the European Economic Area (‘third countries’) as part of the administration, development, operation and use of IT systems such as Microsoft 365.

Data will only be transferred in the following cases:

• the transmission is generally permissible because a legal requirement has been fulfilled or you have consented to the data transfer
• the special requirements for transfers to third countries are met.
  • Note regarding potential transatlantic data transmission
    Data may be transmitted to the following recipients in the course of processing:
    
    Microsoft Corporation, One Microsoft Way Redmond Washington 98052
    Microsoft also processes personal data in the US.
    Microsoft’s privacy policy can be accessed via the Microsoft Privacy Policy .
    
    This also provides further information on the respective rights of the user.
    The security of the transmission of data to the US with regard to all Microsoft applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).
    
    With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023.
    The agreement confirms an adequate level of data protection for certified US companies.
    
    US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.
    
    Microsoft applications must be based on the underlying listing of Microsoft Corporation in the DPF.

11. Duration of data storage

Personal data will be stored until the purpose for which it was collected is achieved. Personal data may also be stored for the performance of activities that are in the public interest or related to the exercise of a public authority. Additionally, personal data may be stored for as long as legal interests are in the process of being exercised or defended.

If you have consented to the storage of your application our CRM tool, the data will be stored for as long as your declaration of consent remains legally effective and valid.

If a contract is concluded, personal data will be retained for the duration of the contractual relationship. Where applicable and in view of statutory retention obligations for accounting receipts and similar billing-related documents, it will be retained for a period of up to six years (in accordance with the Income Tax Act and Tax Code) or up to eight years (in accordance with the Commercial Code). The same applies to personal documents/communication in connection with the acquisition/initiation of a contract, as business letters are also subject to a statutory retention obligation of up to six years pursuant to the aforementioned regulations. Personal data may also be stored for the relevant legally applicable storage period for the performance of activities that are in the public interest or related to the exercise of a public authority.

12. Rights of data subjects

Unless stated otherwise, the aforementioned companies are jointly responsible for the processing of personal data. You may, at any time, request information about the data stored by us and request the rectification of inaccurate data. You also have the right to restrict the data processing, the right to data portability in a machine-readable format, and the right to deletion of your data once it is no longer needed.

Furthermore, you have the right to object to the use of your data for purposes based on public or legitimate interests at any time. Insofar as we process your data on the basis of consent that you have given, you may withdraw your consent with future effect at any time. We will stop processing your data for the purposes stated in the declaration of consent upon receipt of your revocation notice. Please send your revocation or objection notice to:

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

13. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time. The authority responsible for us is: Bavarian State Office for Data Protection, PO Box 606, 91511 Ansbach, Germany. You may also contact your locally responsible supervisory authority.

Status: 02 June 2025

***

Are you an candidate, subcontractor or freelancer? You can find our data protection information here
If you are interested in finding out more about data processing on our website, please see our general data protection information here

This privacy policy serves to fulfil our data protection obligations to provide information pursuant to Articles 13 and 14 GDPR with regard to the collection of the data of interested parties and participants in our events by or within the YER Germany Group.

With the information provided here, we fulfil our

Obligation to provide information in accordance with Articles 13 and 14 GDPR when collecting personal data

Gender-neutral wording is used throughout; such references refer to persons of all genders and none.

1. Controller’s name and contact details

The companies listed below act as ‘joint controllers’ under data protection law pursuant to Article 26 GDPR and strictly comply with the ‘need-to-know’ principle.

YER Deutschland GmbH
Birketweg 21
80639 Munich
HRB 300341
Commercial Register of the District Court of Munich

YER Talents GmbH
Birketweg 21
80639 Munich
HRB 207200
Commercial Register of the District Court of Munich

YER Experts GmbH
Birketweg 21
80639 Munich
HRB 207201
Commercial Register of the District Court of Munich

and

YER Staffing GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 10533
Commercial Register of the District Court of Bochum

YER Agritech GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18520
Commercial Register of the District Court of Bochum

YER Service GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 15963
Commercial Register of the District Court of Bochum

YER Projects GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18987
Commercial Register of the District Court of Bochum

hereinafter jointly referred to as ‘YER Germany’ and ‘YER’.

2. Data Protection Officer’s contact details

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

3. Purposes of data processing

Together with third parties commissioned by us, we process personal data:

• to notify you in advance of upcoming events organised by us on our business premises by email, telephone or in person;
• to obtain any declarations required under data protection law prior to the event (consent for recordings or model/speaker contracts);
• to plan your participation in these events, including venue planning, catering, creation of name tags, available seating, etc.;
• to conduct pre-contractual negotiations or discussions with you as a speaker, if necessary;
• to be able to negotiate and conclude a contract, i.e. to conduct negotiations, prepare draft contracts, etc. (sales);
• to be able to execute a speaker contract that has been concluded (e.g. billing, i.e. recording, saving and forwarding, using your data to create and send invoices);
• to create recordings of you and the event and to use them commercially, i.e. in particular via social media platforms and on our websites;
• to be able to send you targeted, relevant advertisements or other notifications we think you will be interested in, such as enabling you to attend other events;
• to conduct surveys after our events, e.g. on customer satisfaction, with the aim of using your experience and feedback so we can continuously improve our events;
• to prevent property offences and petty offences at our events;
• if necessary, to exercise our domiciliary rights and protect ourselves and the attendees of our events against damage;
• to prevent and, if necessary, detect and report criminal offences on our premises.

4. Categories of data

• Salutation, if applicable
• Year of birth, if applicable (age of majority)
• First name and surname
• Affiliation with or employment with a specific company, if applicable
• Your place of work (registered office or branch office of your employing company), if applicable
• Your company and registered office of your company if you are self-employed or a subcontractor, if applicable
• Work phone/mobile number
• Work email address
• Your consent to the production of recordings (i.e. timing and content)
• Timing and content of a model or speaker contract signed by you, if we have concluded such a contract with you
• Recordings (photo, audio and video recordings)

5. Data sources

• You personally, if you have proactively shared your personal data with us for the purpose of participating in the advertised events
• You personally, if and insofar as you are already one of our contractual partners and we have already received your personal data from you in the context of the contractual (customer) relationship in the past and you also have consented to the commercial use of your data

6. Categories of data recipients

• Reciprocally: customers/candidates/subcontractors
• Service providers with whom we cooperate in order to perform our contractual obligations owed to you, specifically managed service providers (MSPs), if applicable
• Service providers who provide and maintain our customer management systems (CRM), if applicable
• IT service providers to maintain our IT infrastructure and provide various software applications, e.g. for digitally signing contracts, conducting video calls, storing documents, etc., if applicable
• Service providers who provide our accounting software, in particular for the creation and processing of incoming invoices and payment of receivables, in the course of maintaining/updating the systems, if applicable
• Credit institutions and providers of payment services for billing, if applicable
• Credit agencies and scoring providers for creditworthiness information, for the assessment and processing of payments, if applicable
• Debt collection service providers and legal professionals, in order to collect receivables and enforce claims through the courts, if applicable
• Authorities, to fulfil legal notification obligations if applicable

7. Legal bases

• Data processing based on our legitimate interests (Article 6 (1) sent. 1 lit. f GDPR)
  We base the processing of your personal data in connection with acquisition measures on our legitimate interest in contacting you as a (prospective) customer and contractual partner for our services.
   
• Data processing for the purpose of initiating/performing a future or current contract between you and us (Article 6 (1) sent. 1 lit. b GDPR)
  If a contract has been concluded, we process your personal data for the purposes described above on the basis of the performance of the contract. This explicitly includes fostering our customer relations and our relationships with the network of prospective customers and interested parties (including applicants), specialists and freelancers.
   
• Data processing on the basis of your consent (Article 6 (1) sent. 1 lit. a GDPR)
  If and insofar as you agree to us that we may continue to contact you even after a specific acquisition measure, i.e. in particular to contact you by telephone, post, email or otherwise, the legal basis for the processing of your data for commercial purposes, which also includes information about our events and the preparation, holding and follow-up of the same, for this purpose is the declaration of consent you have granted to us, i.e. Article 6 (1) sent. 1 lit. a GDPR.

8. Obligation to provide personal data

Personal data must be provided for the aforementioned purposes in the course of holding our events, otherwise we would not be able to achieve the stated purposes. Failure to provide this information would mean that we would not be able to invite you to an event in the first place.

9. Automated decision-making including profiling

We do not carry out profiling based solely on electronic decision-making.

10. Data transfers to third countries

Data may be transferred to countries outside of the EU and the European Economic Area (‘third countries’) as part of the administration, development, operation and use of IT systems such as Microsoft 365.

Data will only be transferred in the following cases:

• the transfer is permissible because it satisfies the statutory requirements, or because you have consented to the data transfer;
• the special requirements for transfers to third countries are met.
  • Note regarding potential transatlantic data transmission
    Data may be transmitted to the following recipients in the course of processing:
    
    Microsoft Corporation, One Microsoft Way Redmond Washington 98052
    Microsoft also processes personal data in the US.
    
    Microsoft’s privacy policy can be found via the Microsoft Privacy Policy.
    This also provides further information on the respective rights of the user.
    The security of the transmission of data to the US with regard to all Microsoft applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).
    With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.
    ​​​​​​​
    US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be viewed via the Data Privacy Framework. Microsoft applications must be based on the underlying listing of Microsoft Corporation in the DPF.

11. Duration of data storage

Personal data will be stored until the purpose for which it was collected is achieved. Personal data may also be stored for the performance of activities that are in the public interest or related to the exercise of a public authority. Additionally, personal data may be stored for as long as legal interests are in the process of being exercised or defended.

If you have consented to the storage of your application in our CRM tool, the data will be stored for as long as your declaration of consent remains legally effective and valid.

If a contract is concluded, personal data will be retained for the duration of the contractual relationship. Where applicable and in view of statutory retention obligations for accounting receipts and similar billing-related documents, it will be retained for a period of up to six years (in accordance with the Income Tax Act and Tax Code) or up to eight years (in accordance with the Commercial Code). The same applies to personal documents/communication in connection with the acquisition/initiation of a contract, as business letters are also subject to a statutory retention obligation of up to six years pursuant to the aforementioned regulations. Personal data may also be stored for the respective legally applicable storage period for the performance of activities that are in the public interest or related to the exercise of a public authority.

12. Rights of data subjects

Unless stated otherwise, the aforementioned companies are jointly responsible for the processing of personal data. You may, at any time, request information about the data stored by us and request the rectification of inaccurate data. You also have the right to restrict the data processing, the right to data portability in a machine-readable format, and the right to deletion of your data once it is no longer needed.

Furthermore, you have the right to object to the use of your data for purposes based on public or legitimate interests at any time. Insofar as we process your data on the basis of consent that you have given, you may withdraw your consent with future effect at any time. We will stop processing your data for the purposes stated in the declaration of consent upon receipt of your revocation notice. Please send your revocation or objection notice to:

Claudia Keul
Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

13. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time. The authority responsible for us is: Bavarian State Office for Data Protection, PO Box 606, 91511 Ansbach, Germany. You may also contact your locally responsible supervisory authority.

Status: 02 June 2025

***

Are you an applicant, candidate for an internal position or temporary employee? Then see our privacy notice here.
Are you an interest or a customer? You can find the privacy policy here.

This privacy policy pursuant to Article 13 et seq. GDPR serves to provide the information required pursuant to Articles 13 and 14 GDPR to and vis-à-vis the respective data subjects.

You can find the German version of our privacy policy here.

Note on gendered language: gender-neutral wording is used throughout this document; this applies to people of all genders and none.

The YER Germany Group’s websites are operated by YER Talents GmbH, with its registered office at Birketweg 21, 80639 Munich, Germany. At the same time, all companies within the YER Germany Group are represented equally on our websites.

The companies within the YER Germany Group (hereinafter also referred to as the ‘joint controller’) are jointly responsible for data processing on our websites (within the meaning of Article 26 GDPR).

1. Controller’s name and contact details

YER Deutschland GmbH
Birketweg 21
80639 Munich
HRB 300341
Commercial Register of the District Court of Munich

YER Talents GmbH
Birketweg 21
80639 Munich
HRB 207200
Commercial Register of the District Court of Munich

YER Experts GmbH
Birketweg 21
80639 Munich
HRB 207201
Commercial Register of the District Court of Munich

and

YER Staffing GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 10533
Commercial Register of the District Court of Bochum

YER Agritech GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18520
Commercial Register of the District Court of Bochum

YER Service GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 15963
Commercial Register of the District Court of Bochum

YER Projects GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18987
Commercial Register of the District Court of Bochum

hereinafter jointly referred to as ‘YER Germany’ and ‘YER’.

2. Data Protection Officer’s contact details

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

3. Categories of personal data

• Contact details, in particular
  • Email address
  • Telephone number
  • Mobile number
  • Organisation
• IP address of the requesting computer
• Date and time of access
• Name and URL of the file retrieved
• Website from which the access is being made (referrer URL)
• The browser used and, if applicable, the operating system of your computer and the name of your access provider
• First name and surname
• Website from which the access is being made (referrer URL),
• The browser used and, if applicable, the operating system of your computer and the name of your access provider
• Cookie ID
• Pages visited
• Duration of website visit
• Website usage data
• Content in which the user is interested.
• Advertisement clicked
• Web enquiries
• Cookie information
• Referrer URL
• Browser language
• Browser type
• Device information
• Videos seen

4. Purposes for which data is processed

• Provision and use of the website
  • When you visit and use our website, we collect the personal data that your browser automatically transmits to our server. This information is stored in a log file on a temporary basis. We collect the following pieces of data when you use our website. These are required on a technical level so that we can display our website to you and ensure its stability and security:
    • IP address of the requesting computer
    • Date and time of access
    • Name and URL of the file retrieved
    • Website from which the access is being made (referrer URL)
    • The browser used and, if applicable, the operating system of your computer and the name of your access provider
  • As soon as the aforementioned data is no longer required to display the website, it will be deleted. The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no scope for the user to object to this. In individual cases, it may be stored subsequently if this is required by law.

• Contact form
  • You may contact us via the form provided on our website www.yer.de/en/. When you use the contact form, the following personal data will be processed by default, in addition to the content you have entered in the contact field:
    • • First name and surname
      • Email address
      • Telephone number
      • Content of your enquiry, if applicable
  • Providing your name and your email address enables your enquiry to be assigned and a reply to be sent to you. When you use the contact form, your personal data will not be passed on to third parties.
  • There is no obligation to supply detailed information about your company and its address, or your telephone availability, although this can be provided in the appropriate fields to make your enquiry more precise. As soon as your enquiry has been processed and the matter in question has been clarified, the personal data relating to you that was processed via the contact form will be deleted. In individual cases, it may be stored subsequently if this is required by law.
     
• Contact via email
  • It is, of course, possible to contact us at any time by sending an email with your enquiry to our email address. There is no obligation to use the contact form. If you make use of this option, the following personal data will be processed by default in addition to the content you provide in the email:
    • Email address
    • Name

Providing your name and your email address enables your enquiry to be assigned and a reply to be sent to you. When you contact us via email, your personal data will not be passed on to third parties. As soon as your enquiry has been processed and the matter in question has been clarified, the personal data relating to you that was processed via the email will be deleted. In individual cases, it may be stored subsequently if this is required by law.

• Registration for our events
  
  The personal data transmitted by you when registering for one of our events is solely processed for the purpose of organising the event. In this context, we and the service providers (contract data processors) engaged by us, who are usually bound by instructions, pursue the following purposes when processing your personal data: making contact/invitation management, sending registration confirmations, sending reminders before the event, obtaining and documenting consent required under data protection law (for the creation and use of photos, videos, etc.), sending further information or notices of last-minute changes to registered event participants, optimising event planning, evaluating events held with regard to participant attendance, conducting surveys on satisfaction/event experience, etc. 
  
  The data transmitted to us and consequently processed by us typically includes:
  • First name and surnameOrganisation or company
  • Contact details, in particular
    • Email address

Use of cookies

We use certain cookies on our website. Cookies are small files that we send to the browser on your end device as part of your visit to our website; they are then stored there temporarily. Cookies do not cause any damage to your device. They cannot execute programs and do not contain any viruses.

Our website uses session cookies, which are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. This allows different requests from your browser to be assigned to one shared session and enables us to recognise your device when you visit the website subsequently. These cookies are required for technical reasons so that you can visit our website and use the features we offer. Our websites also use cookies for advertising purposes or cookies integrated by third parties. For more information, please see our cookie notice.

Marketing/tracking and analysis tools

- Cookiebot

This tracking tool stores the user’s cookie consent status on the current domain. Cookies allow the website to remember user actions and preferences (e.g. your language selection) and to recognise users when they return. This allows us to analyse trends and make the website experience more efficient. You can also use your browser settings to prevent your browser (such as Mozilla Firefox, Apple Safari, Google Chrome, Opera or Internet Explorer) from storing cookies and/or have your browser delete them from your device at any time. Please use your internet browser’s help tool to access instructions on how to do this.

- Friendly Captcha

Our website uses the ‘Friendly Captcha’ service to protect our websites from unwanted spam. This service is provided by Friendly Captcha GmbH, Am Anger 3–5, 82237 Wörthsee, Germany. Friendly Captcha is an innovative protective solution that complies with data protection and makes it difficult for automated programs and scripts (‘bots’) to use our website. To this end, we have integrated a Friendly Captcha program code into our website (e.g. for contact forms) so that the user’s end device can establish a connection to Friendly Captcha’s servers and, in turn, receive a computation task from Friendly Captcha. The user’s end device solves the calculation task (puzzle) – this requires a certain amount of system resources – and sends the result of the calculation to our web server. This server contacts the Friendly Captcha server via an interface and is notified as to whether the puzzle has been solved correctly by the end device. Depending on the result, we can add security rules to enquiries via our website and thus process or reject them, for example.

Friendly Captcha processes and stores the following data during the aforementioned process:

• Anonymised IP address of the requesting computer
• Information about the browser and operating system used
• Anonymised counter for each IP address to monitor cryptographic tasks
• Website from which the access took place

The data will only be used to protect against spam and bots as described above. Friendly Captcha does not store or read any cookies on the user’s device. IP addresses are only stored in hashed (disposable encrypted) form and do not allow us and Friendly Captcha to draw any conclusions about an individual. Any personal data collected will be deleted after 30 days at the latest.

Further information on Friendly Captcha and Friendly Captcha GmbH’s privacy policy can be found at the following link: Privacy policy for end users – Friendly Captcha

We have concluded an order processing agreement with Friendly Captcha GmbH. Friendly Captcha therefore exclusively processes data in accordance with our instructions and on our behalf in accordance with Article 28 GDPR.

Google analytics and tracking applications

​​​​​​​​​​​​​​- Google Tag Manager

This website makes use of the service ‘Google Tag Manager’. Tag Manager is a tool for managing tags that are used for tracking in online marketing. The Tag Manager itself does not process any personal data, as it is purely used to manage other services such as Google Analytics.

Further information about Tag Manager can be found at: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/

​​​​​​​​​​​​​​- Google Analytics 4

This website also uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland (‘Google’).

Google Analytics uses various methods to analyse the usage behaviour of visitors to our websites and to compile reports on website activity. The reports provided by Google Analytics are used to analyse the performance of our website and the success of our marketing campaigns.

You can find further information about data protection and how Google Analytics works at https://marketingplatform.google.com/about/analytics/terms/gb/.

In this case, personal data may be transmitted to Google’s servers in the US and stored there.

In specific terms, this means that data may be transferred to

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as a processor pursuant to Article 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

IP address anonymisation is activated by default in Google Analytics 4. Due to IP anonymisation, Google will truncate your IP address within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the US and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other data held by Google.

During your visit to the website, your user behaviour is recorded in the form of ‘events’. Events may include:

• Page views
• First visit to the website
• Start of the session
• Websites visited
• Your ‘click path’; interaction with the website
• Scrolls (every time a user scrolls to the end of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• File downloads
• Ads viewed/clicked
• Language settings

They also cover:

• Your approximate location (region)
• Date and time of visit
• Your IP address (in truncated form)
• Technical information about your browser and the devices you use (e.g. language settings, screen resolution)
• Your internet provider
• The referrer URL (the website/advertisement from which you came to this website)

The data sent by us and linked with cookies is automatically deleted after 14 months at the latest. The maximum lifespan of Google Analytics cookies is two years. Data past the end of its retention period is automatically deleted once a month. We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings​​​​​​​ and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until this consent is withdrawn remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by downloading or installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout.

​​​​​​​​​​​​​​- Google Ads (formerly Google AdWords)

This website makes use of the service ‘Google Ads’. The operator of this service is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. Its purpose is ‘conversion tracking’, i.e. so we can identify what happens after you click on one of our ads. Cookies, which have limited validity, are set for this purpose.

The following data is collected and processed with the help of Google Ads:

• Cookie ID
• Pages visited
• IP address
• Duration of website visit
• Website usage data
• Content in which the user is interested.
• Advertisement clicked
• Web enquiries
• Cookie information
• Referrer URL
• Browser language
• Browser type

Data may be transmitted to the US as part of the processing by the aforementioned Google applications. Data may be transferred to

• Google LLC 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA

Note regarding potential transatlantic data transmission

The security of the transmission of data to the US with regard to all aforementioned Google applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).

With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.

Use of the aforementioned tools is based on the underlying listing of Google LLC as the parent company.

Compliance with the certification criteria by companies in the US is subject to the supervision of the US Federal Trade Commission and the US Department of Transportation.

We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted. You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by not consenting to the setting of cookies.

- YouTube

We use the platform ‘YouTube’ on our websites so we can embed our own videos in the websites and make them publicly available. Our aim is to make our website more appealing and interactive for the user. The use of YouTube is in our financial interest of presenting our companies, their online offerings and the services offered by our companies in an attractive manner accordance with Article 6 (1) lit. f GDPR.

YouTube is provided by a third party not affiliated with us, namely YouTube LLC., 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube is a subsidiary of Google LLC. 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA. The former Google Inc. was converted into Google LLC as part of the Alphabet restructuring.

We are not responsible for the content of websites to which we link, nor do we issue any instructions to YouTube or Google LLC with regard to the processing of your data. However, we would like to point out that if you follow a link on YouTube, YouTube stores your personal data in accordance with its own data usage guidelines and uses it for business purposes.

You can find further information on this and on data protection at YouTube in its privacy policy via the following external links:

• Privacy Policy – Privacy Policy & Terms of Use – Google
• YouTube: data protection for videos – data security 2025
• Embed videos and playlists – YouTube Help

When embedding YouTube, we have ensured that YouTube is integrated into our websites in privacy-enhanced mode. Specifically, this means that we use YouTube’s ‘no-cookies’ feature. Videos are not accessed via youtube.com, but via youtube-nocookie.com.

This has the following consequences: as soon as you start playing an embedded video by clicking on it, YouTube only stores cookies on your device that do not contain any personally identifiable data, unless you are currently logged in to a Google service.

This may also lead to a connection being made to Google’s ‘DoubleClick Network’ (formerly the Internet Advertising Network), under which online marketing solutions are offered. These cookies can be prevented via the appropriate browser settings and extensions. YouTube uses cookies to collect information about visitors to its website, to compile statistics, to prevent fraud and to improve user-friendliness. If you start the video, this may trigger further data processing operations; we have no control over this. YouTube is solely responsible for processing the data.’

Therefore, if you use the videos embedded on our websites, your IP address is transmitted to YouTube, whereby YouTube learns, for example, that you have watched the video. If you are logged into YouTube, this information will also be assigned to your user account. You can prevent this by logging out of YouTube before accessing the video. Accordingly, the following data may be collected and processed via YouTube:

• IP address
• Referrer URL
• Device information
• Videos seen

Note regarding potential transatlantic data transmission

Data may be transmitted to the following recipients, in addition to Google Ireland Limited, in the course of processing:

• YouTube LLC. 901 Cherry Ave., San Bruno, CA 94066, USA
• Google LLC 1600 Amphitheatre Parkway in Mountain View, CA 94043, USA

The security of the transmission of data to the US with regard to all aforementioned Google applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).

With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.

Use of the aforementioned tools is based on the underlying listing of Google LLC as the parent company.

Compliance with the certification criteria by companies in the US is subject to the supervision of the US Federal Trade Commission and the US Department of Transportation. We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Google by not consenting to the setting of cookies.

​​​​​​​- Meta Custom Audiences and Meta Pixel

We also use the ‘Custom Audiences’ feature provided by Meta to personalise and optimise our websites. Custom Audiences collects and processes the following data:

• Facebook user ID
• IP address
• Browser information
• Non-sensitive user-defined data
• Facebook cookie information
• Referrer URL
• Pixel-specific data
• Pixel ID
• Network of friends on social media
• Usage data/user behaviour
• Views and interactions with content, ads and services
• Content viewed
• Device information
• Success of marketing campaigns
• Transaction information
• Hardware/software type
• Browser type
• Device operating system
• Geographical location
• Cookie ID
• Information from third-party sources
• User agent
• Conversions

The data may be transmitted to the following recipients in the course of processing:

• Meta Platforms Ireland Ltd. as the operator of Facebook and Instagram in Europe
• where applicable, Meta Platforms Inc. 1 Meta Way Menlo Park California 94025

We also use the application ‘Meta Pixel’ on our website. This service is also provided by Meta Platforms Inc. 1 Meta Way Menlo Park California 94025.

Meta Pixel enables Meta to display our ads on Facebook, known as ‘Facebook Ads’, to solely those Facebook users who have visited our website, in particular to those who have shown interest in our website or in certain topics or products. Meta Pixels enable us to check whether a user has been redirected to our website after clicking on our Facebook ads. The Meta Pixel uses cookies, i.e. small text files that are stored locally in your web browser’s cache on your device, to do so. If you are logged into Facebook with your user account, your visit to our website will be recorded in your user account. The data collected about you is anonymous for us, so it does not allow us to draw any conclusions about the identity of users. However, Meta may link this data with your Facebook user account.

We have no control over the extent and further use of data collected through the use of Meta Pixels by Meta. To the best of our knowledge, Meta is notified that you have accessed the corresponding part of our website or clicked on one of our advertisements. If you have a user account with Facebook and are logged in, Meta can assign the visit to your user account. Even if you are not registered with Facebook or have not logged in, it is possible that Meta will find out and store your IP address and, if applicable, other identifying features.

Please note that this setting will be deleted if you delete your cookies.

You can also deactivate cookies for reach measurement and advertising purposes via the following websites (external links):

• NAI consumer opt-out
• YourOnlineChoices.eu – your ad choices

Please note that this setting will also be deleted if you delete your cookies.

Further information from the third-party provider about how the Meta Pixel works and data protection can be found on the following Facebook website: 

• The Meta pixel | Meta help area for companies
• Summary of updates to the Meta Privacy Policy and Terms of Use | Facebook Help

Note regarding potential transatlantic data transmission

The data may be transmitted to the following recipients in the course of processing:

• Meta Platforms Ireland Ltd. as the operator of Facebook and Instagram in Europe
• where applicable, Meta Platforms Inc. 1 Meta Way Menlo Park California 94025

The security of the transmission of data to the US with regard to all aforementioned Facebook applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).

With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework. The use of the above tools is based on the underlying listing of Meta Platforms, Inc. as the parent company.

Compliance with the certification criteria by companies in the US is subject to the supervision of the US Federal Trade Commission and the US Department of Transportation. We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Meta by not consenting to the setting of cookies.

​​​​​​- Instagram

Our website may incorporate features and content from the service Instagram. This may include content such as images, videos or text and buttons that allow users to express their appreciation for the content, to follow the authors of the content or to subscribe to our posts. If users are members of the Instagram platform, Instagram can associate the accessing of the aforementioned content and features with the user profiles on Instagram. Instagram’s privacy policy: http://instagram.com/about/legal/privacy/.

Note regarding potential transatlantic data transmission

The data may be transmitted to the following recipients in the course of processing:

• Meta Platforms Ireland Ltd. as the operator of Facebook and Instagram in Europe
• where applicable, Meta Platforms Inc. 1 Meta Way Menlo Park California 94025

The security of the transmission of data to the US with regard to all aforementioned Meta applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).

With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework. The use of the above tools is based on the underlying listing of Meta Platforms, Inc. as the parent company.

Compliance with the certification criteria by companies in the US is subject to the supervision of the US Federal Trade Commission and the US Department of Transportation.

We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Meta by not consenting to the setting of cookies.

- LinkedIn

We use the retargeting tool and conversion tracking provided by LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (‘LinkedIn’). The LinkedIn Insight Tag is integrated into our website to this end. This enables LinkedIn to collect statistical data about your visit and use of our website and to provide us with corresponding aggregated statistics on this basis. In addition, the service serves to be able to show you interest-specific, relevant offers and recommendations after you have read about certain services, information and offers on the website. The relevant information is stored in a cookie. If the user does not log out of their LinkedIn profile before using our website, a cookie is set via LinkedIn and a connection to the user is created. If the user wants to avoid this, they must log out of their profile. Further information on data processing can be found in LinkedIn’s privacy policy.

The following data is generally collected and processed:

•  IP address
•  Device information
•  Browser information
•  Referrer URL
•  Timestamp

LinkedIn’s privacy policy can be accessed via: LinkedIn privacy policy

Note regarding potential transatlantic data transmission

LinkedIn also shares information with its parent company, Microsoft Corporation, as set out in its privacy policy, to combat harmful or fraudulent behaviour and to protect the security and integrity of our website and of Microsoft’s and other services.

The data may be transmitted to the following recipients in the course of processing:

• Microsoft Corporation, One Microsoft Way Redmond Washington 98052
  Microsoft’s privacy policy can be accessed via Microsoft Privacy Policy.

This also contains further information on the respective rights of the user. Microsoft also processes personal data in the US.

The security of the transmission of data to the US with regard to all Microsoft applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).

With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.

Use of LinkedIn applications is based on the Microsoft Corporation listing in the DPF on which it is based. We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Microsoft by not consenting to the setting of cookies.

- MS Bookings (Microsoft Outlook Service)

On our websites, we use booking tools provided by Microsoft for appointments that can be booked with a specific contact person. They may also be used for certain smaller-scale events. The user enters their name and email address. The relevant contact persons at YER Germany receive all enquiries directly; these will be handled confidentially.

Microsoft’s privacy policy can be accessed via Microsoft Privacy Policy.

This also contains further information on the respective rights of the user.

Note regarding potential transatlantic data transmission

The data may be transmitted to the following recipients in the course of processing:

• Microsoft Corporation, One Microsoft Way Redmond Washington 98052
  Microsoft also processes personal data in the US.

The security of the transmission of data to the US with regard to all Microsoft applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF).

With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023. The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.

Use of Microsoft applications is based on the underlying listing of Microsoft Corporation in the DPF. We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Microsoft by not consenting to the setting of cookies.

​​​​​​​- Microsoft (Bing Ads)

Microsoft cookies, which analyse user behaviour on our website, are set on users’ computers provided that the user has reached our website through a BingAds advertisement. In the process, we only receive information on the total number of users who clicked on such an ad. No IP addresses are stored and no personal information about the identity of our users is shared.

As part of the use of BingAds, the following data is collected and processed:

• Interaction metrics
• Number of visits
• Bounce rates
• Microsoft Click ID
• Digital signature
• UET ID tag
• URLs
• Referrer URL
• Page title
• Conversions
• Screen height
• Screen width
• Browser language settings
• Duration of visit
• Screen colour depth
• Page response times
• Advertisements clicked

Microsoft’s privacy policy can be accessed via Microsoft Privacy Policy.

This also contains further information on the respective rights of the user.

Note regarding potential transatlantic data transmission

The data may be transmitted to the following recipients in the course of processing:

• Microsoft Corporation, One Microsoft Way Redmond Washington 98052
  Microsoft also processes personal data in the US.

The security of the transmission of data to the US with regard to all Microsoft applications is ensured by an adequacy decision pursuant to Article 45 GDPR in conjunction with the Data Privacy Framework (DPF). With its adequacy decision pursuant to Article 45 of the GDPR, the new EU-US Data Privacy Framework, the EU Commission created the legal basis for data transfer to the US on 10 July 2023.

The agreement confirms an adequate level of data protection for certified US companies.

US companies can be certified under the new framework, similar to the old Privacy Shield Agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found via the Data Privacy Framework.

Use of Microsoft applications is based on the underlying listing of Microsoft Corporation in the DPF. We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Microsoft by not consenting to the setting of cookies.

​​​​​​​​​​​​​​- Teads

Subject to your consent (= cookie consent), we also use a service provided by Teads France SAS, (hereinafter also referred to as ‘Teads’) on our website to optimise our advertising campaigns. A pixel cookie is a small, usually invisible image (1x1 pixel) that is embedded in websites or emails to collect data about user activity.

This pixel collects the following information when you visit the website

• URL address
• Date and time, if applicable (e.g. the ad is displayed, you interact with the ad)
• Device information (e.g. device type, operating system)
• Browser information (e.g. browser name and version)
• Click ID generated when a connection is established between the publisher’s website and the advertiser’s website, if applicable
• IP address, if applicable (but will be hashed immediately)

that you are currently using.

This information allows Teads to compile statistics about the time spent on our website, the number of pages viewed, or specific actions taken on the website after a Teads ad has been clicked on.

With respect to the GDPR

Teads France SAS
97 rue du Cherche midi
75006 Paris, France

responsible for data processing by Teads.

For more information, please see Teads’ privacy policy, see the European Privacy Notice – Teads Privacy Policy.

Please also note that you have the right to obtain information about the personal data that Teads holds about you and to request that your personal data be rectified, erased or transferred. You may also have the right to object to a certain instance of processing or request that Teads restricts the same. You can exercise these rights by contacting Teads at dpo(at)teads.com.

Note regarding potential transatlantic data transmission

Teads may also process personal data in the United States.

With regard to data processing outside the EU, Teads guarantees an appropriate level of data protection within the meaning of Article 45 et seq. GDPR via its privacy policy, see the European Privacy Notice – Teads Privacy Policy.

We have also obtained your consent for the setting of cookies in advance via our consent management system ‘Cookiebot’.

You can see which cookies are used on this site at any time here: cookie declaration

Withdrawal

You can withdraw your consent at any time with effect for the future by opening the cookie settings and changing your selection there. The lawfulness of the processing carried out on the basis of the consent until the withdrawal of consent remains unaffected by this.

You can also prevent cookies from being set from the outset by selecting the appropriate settings in your browser software. However, if you configure your browser to reject all cookies, the functionality on this and other websites may be restricted.

You can also prevent the data generated by the cookie and related to your use of the website (including your IP address) from being collected and processed by Teads by not consenting to the setting of cookies.

5. Legal bases

Article 6 (1) lit. f GDPR is generally the legal basis for the data processing mentioned. Processing of the data mentioned is required in the following cases for the respective purpose pursued and thus functions as a safeguard for our legitimate interests in this regard. General data processing: to provide the website: processing of the data mentioned is required to provide the website and therefore functions as a safeguard for the legitimate interests of our company in providing the website. We are even pursuing a similar interest with data processing in connection with receiving, viewing and responding to the enquiry you make to us via the contact and order form or email. With respect to both the email address and the contact form, the provision of an interface to communicate with you is based on our legitimate interest, which is usually aligned with your interest in contacting us quickly and easily. Data processing in the context of the registration and organisation of our events is carried out on the basis of our concurrent interest in the smooth running of the events and pleasant, i.e. straightforward, attendance at our events. Proper organisation of events held by us and appropriate support for registered attendees are both in our interest. This interest is generally aligned with your interests as a registered attendee.

Marketing tools: the legal basis for processing is your consent in accordance with Article 6 (1) lit. a GDPR. If you do not want the specified data to be collected and processed via the relevant tools, such as Google Ads, Meta Custom Audiences, BingAds, YouTube, etc., you can deny your consent or revoke it at any time with effect for the future, as described above under the individual tools.

6. Categories of data recipients

• If applicable, service providers, particularly in the context of the aforementioned marketing and tracking tools
• If applicable, IT service providers who support us in providing the website and the elements offered on it

7. Obligation to provide data

It is obligatory to provide your name and address in instances such as in the context of an outgoing enquiry by you via the contact form or email, registration for an event, the ordering of a merchandise item, and last but not least, sending an application for one of the positions that we advertise. If you do not provide us with this information, a contract with us will not be concluded. In turn, for example, it will not be possible for you to participate in an event or for your order to be processed. All other data is provided voluntarily.

8. Automated decision-making including profiling

The joint controllers do not carry out any profiling.

9. Data transfers to third countries

As described in more detail above, data transfers to countries outside the EU and the European Economic Area (‘third countries’) occur as part of the provision of our website and cooperation with the various providers of the marketing and analysis tools depicted.

Data will only be transferred in the following cases:

• the transfer is permissible because it satisfies the statutory requirements, or because you have consented to the data transfer; and
• the special requirements for transfers to third countries are met.

10. Duration of data storage

In the case of data processing carried out by us, your data will only be stored for the duration of the respective measure at most and until the respective purpose of the data processing has been achieved, if (and insofar as you do not subsequently conclude a contract with us) you give us your consent. If a contract is concluded, we will store your personal data for the duration of the contract.  Personal data may also be stored for the performance of activities that are in the public interest or related to the exercise of a public authority. Additionally, personal data may be stored for as long as legal interests are in the process of being exercised or defended.

If you have consented to the storage of your application in a job seeker pool, the data will be stored for as long as your declaration of consent remains legally effective and valid. Individual documents will be stored for up to six years (in accordance with the Income Tax Act and Tax Code) or up to ten years (in accordance with the Commercial Code).

11. Rights of data subjects

Unless stated otherwise, the aforementioned companies are jointly responsible for the processing of your data. You may, at any time, request information about the data stored by us and request the rectification of inaccurate data. You also have the right to restrict the data processing, the right to data portability in a machine-readable format, and the right to deletion of your data once it is no longer needed.

Furthermore, you have the right to object to the use of your data for purposes based on public or legitimate interests at any time. Insofar as we process your data on the basis of consent that you have given, you may withdraw your consent with future effect at any time. We will stop processing your data for the purposes stated in the declaration of consent upon receipt of your revocation or objection notice. Please send your revocation or objection notice to:

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

12. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a supervisory authority at any time. The authority responsible for us is: Bavarian State Office for Data Protection, PO Box 606, 91511 Ansbach, Germany.

You may also contact your locally responsible supervisory authority.

Status: 02 June 2025

***

Are you a job candidate or freelancer? Review our data protection information here.
Are you a current or prospective customer? Our data privacy statement can be found here.

This privacy policy serves to fulfil our data protection obligations to provide information pursuant to Articles 13 and 14 GDPR in relation to the data processing activities carried out by or within the internal reporting office of the YER Germany Group pursuant to the German Whistleblower Protection Act (HinSchG).

By means of the information provided here, we fulfil our

Obligation to provide information in accordance with Articles 13 and 14 GDPR when collecting personal data

Gender-neutral wording is used throughout; such references refer to persons of all genders and none.

1. Controller’s name and contact details

The companies listed below operate a shared internal reporting office. This internal reporting office is responsible for all the companies listed below. It receives and processes all reports relating to the German Whistleblower Protection Act (HinSchG) centrally. The companies listed below act as ‘joint controllers’ under data protection law pursuant to Art. 26 GDPR, while strictly observing the ‘need-to-know’ principle and protecting the confidentiality of your reports.

YER Deutschland GmbH
Birketweg 21
80639 Munich
HRB 300341
Commercial Register of the District Court of Munich

YER Talents GmbH
Birketweg 21
80639 Munich
HRB 207200
Commercial Register of the District Court of Munich

YER Experts GmbH
Birketweg 21
80639 Munich
HRB 207201
Commercial Register of the District Court of Munich

and

YER Staffing GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 10533
Commercial Register of the District Court of Bochum

YER Agritech GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18520
Commercial Register of the District Court of Bochum

YER Service GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 15963
Commercial Register of the District Court of Bochum

YER Projects GmbH
Harmoniestraße 1
44787 Bochum, Germany
HRB 18987
Commercial Register of the District Court of Bochum

hereinafter jointly referred to as ‘YER Germany’ and ‘YER’.

2. Data Protection Officer’s contact details

Claudia Keul
YER Germany Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

3. Purposes for which data is processed and legal basis of data processing

• Acceptance of reports and/or, where applicable, procuring of necessary consent; see Article 6(1)(c) GDPR in conjunction with Section 7(1) and Section 10 HinSchG
  For the purpose of identifying any unlawful circumstances in light of the specific disclosure made to the internal reporting office, the circumstances communicated in each case will first be recorded during a confidential (telephone) conversation, or, if applicable, via similarly confidential written or electronic correspondence. Within this context, any declarations of consent necessary for the execution of the whistleblower protection process – as described below – will also be sought from the whistleblower, and must, as a minimum, be provided in written form.
  
  In certain cases, the requirement for consent is prescribed by law, as follows:
  • Audio-visual communication; see Article 6 (1)(c) GDPR in conjunction with Section 16(3) and Sections 11(3) and (4) HinSchG
    If necessary, a declaration of consent to (remote) audio-visual communication (Section 16(3) HinSchG) (excluding sound recording) must be obtained and filed
     
  • Reports made via telephone & production of sound recordings, Article 6(1)(c) GDPR in conjunction with Section 11(2) HinSchG
    If necessary, a declaration of consent to the production of a sound recording must be obtained and filed pursuant to Section 11(2) HinSchG
     
  • Disclosure of information regarding the identity of the whistleblower to third parties on the basis of consent; see Article 6(1)(c) GDPR in conjunction with Section 9(3)(2), (4)(1) HinSchG
    If necessary, a declaration of consent to the disclosure of identity-related information must be obtained and filed pursuant to Section 9(3)(2) and (4)(1) HinSchG
     
• As regards the scheduling of an individual meeting with internal reporting offices; see Art. 6(1)(c) GDPR in conjunction with Section 16(3) HinSchG
  If necessary, an individual appointment with the whistleblower will be arranged (via email/telephone) by the reporting office to enable a meeting.
   
• Documentation of receipt of reports and communication with the whistleblower; see Article 6(1)(c) GDPR in conjunction with Section 11 and Section 17 HinSchG
  To ensure that any potentially unlawful circumstances can be properly addressed in light of the specific disclosure made to the internal reporting office in each case:
  • The point in time at which the report is received will be documented and the whistleblower sent a confirmation of receipt; see Section 11(1) and Section 17(1)(1) HinSchG
  • The point in time at which any necessary consent is granted by the whistleblower, and the content of the same, will be documented; see Section 11(1) HinSchG
  • Where necessary, a (follow-up) appointment will be scheduled for an individual meeting; see Section 16(3) HinSchG
  • The content of the report will also usually be documented by filing the relevant email/written correspondence and, if necessary, by producing a summary/verbatim record; see Section 11(2)(3) HinSchG
  • The agreement of the whistleblower to the contents of the record will be documented; see Section 11(4) HinSchG
  • Contact will be maintained with the whistleblower; see Section 17(1)(3) HinSchG
  • Where necessary, further information will be obtained from the whistleblower; see Section 17(1)(5) HinSchG
     
• Appraisal of the content of the report with reference to the objective scope of application of the HinSchG; see Article 6(1)(c) GDPR in conjunction with Section 17(1)(2), (4) HinSchG
  To ensure that any potentially unlawful circumstances can be properly addressed in light of the specific disclosure made to the internal reporting office, the content of the report will first be reviewed with respect to the objective scope of application of the HinSchG and the validity of the report. This involves processing the personal data of the whistleblower and any potential ‘perpetrators’.
   
• Clarification of the issue & involvement of groups of individuals internal to the company; see Article 6(1)(c) GDPR in conjunction with Section 9(4)(2) and Section 18(1) HinSchG
  If necessary, the issue will be clarified internally with the involvement of any groups of individuals engaged in a potential breach, such as specialist departments and executive management.
   
• Clarification of the issue & involvement of groups of individuals internal to the company; see Article 6(1)(c) GDPR in conjunction with Section 9(3)(2) HinSchG
  If necessary, the issue will be clarified internally (and, by extension, information regarding the whistleblower’s identity will be disclosed) with the involvement of any groups of individuals engaged in a potential breach, such as specialist departments and executive management, taking into account the whistleblower’s consent.
   
• Implementation of follow-up measures & involvement of groups of individuals internal to the company; see Article 6(1)(c) GDPR in conjunction with Section 9(3)(2), (4)(3) and Section 18(1) HinSchG
  In individual cases, implementing follow-up measures in excess of merely investigating disclosures may necessitate the involvement of executive management or specialist departments and, by extension, the disclosure of information regarding the identity of the whistleblower, i.e. the processing of personal data.
   
• Disclosure of information on the basis of an official/judicial order; see Article 6(1)(c) GDPR in conjunction with Section 9(2)(1–5) and (4)(4–8) HinSchG, & information on disclosure
  In individual cases, information about the identity of the whistleblower may have to be disclosed to official bodies and the courts, i.e. public authorities, on request. In this case, the whistleblower may be informed of the disclosure and the reason for this in advance by the internal reporting office.
   
• Documentation of reports & conclusion of the process; see Article 6(1)(c) GDPR in conjunction with Section 11 and Section 18(2) et seq. HinSchG
  Furthermore, the content of the clarification will be documented (stored) by the internal reporting office (and only this body) in the interests of traceability. This also applies, in particular, to the whistleblower’s declarations of consent collected in the course of the clarification of the facts. In each case, a final decision will be produced by the internal reporting office. This may include a reference to the entity actually responsible, the cessation of internal investigations, handover to a different competent entity at the Controller, handover to the competent authority and, if applicable, follow-up measures.
   
• Storage of reports in general; see Article 6(1)(c) GDPR in conjunction with Section 11(5) HinSchG
  The internal reporting office will store information regarding reports received for at least three years from the date of their receipt.

4. Categories of personal data

• First name and surname
• Email address, if applicable
• Postal address, if applicable
• Telephone number, if applicable
• Mobile number, if applicable
• Time at which a report was received
• Time and content of the declarations of consent given pursuant to the HinSchG, if applicable
• Content of correspondence (in bullet points)
  • Disclosure
  • Content of notification received
  • Content of any follow-up correspondence
  • Content of a sound recording, if applicable
  • Content of a verbatim record, if applicable

5. Obligation to provide personal data

Personal data must be provided for some disclosures to be clarified, but the provision of such data is voluntary. Failure to provide this data would mean we are unable to clarify a situation that has been reported.

6. Automated decision-making including profiling

The joint controllers do not carry out any profiling measures.

7. Data transfers to third countries

Data transfers to countries outside of the EU and the EEA (‘third countries’) may take place in the context of the administration, development and operation of IT systems. Data will only be transferred in the following cases:

The transfer is generally permissible because it satisfies the statutory requirements or because you have consented to the transfer of data, and the special conditions for transfer to a third country, as described in Section 8.1, have been met.

8. Recipients of data and data sources

8.1. Categories of data recipients

Authorities and courts

Under certain circumstances, data may be transferred, as described in Section 3 of this Privacy Policy, to authorities and, if applicable, courts on the basis of official/judicial orders issued within the Federal Republic of Germany or the EU.

If applicable, IT service providers (due to their ability to access data during maintenance work)

Data transfers within Germany and to countries outside of the EU and the EEA (‘third countries’), may take place in the context of the administration, development and operation of IT systems. Data will only be transferred in the following cases:

The transfer is generally permitted because a legal basis applies or because you have consented to the transfer of data, and (where relevant) the special conditions for transfer to a third country have been met.

In the context of IT, we use Microsoft 365 tools offered by Microsoft, among other things, to carry out video telephony, document storage and document management (SharePoint) tasks.

In the course of processing, data may be transmitted to the following recipients as a result of remote access not intended by us:

• Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052
  Microsoft’s privacy policy can be found at Microsoft Privacy Statement – Microsoft Data Protection.
  
  There you will also find further information on the respective rights of the user. Microsoft also processes personal data in the US.
  Secure data transmission to the US in connection with all Microsoft applications is ensured by an adequacy decision pursuant to Art. 45 GDPR in conjunction with the Data Privacy Framework (DPF). On 10 July 2023, the EU Commission adopted an adequacy decision pursuant to Article 45 of the GDPR, establishing the legal basis for data transfers to the US under the new EU-US Data Privacy Framework. The agreement confirms that certified US companies provide an adequate level of data protection.
  
  US companies can certify themselves under the new framework, in a similar way to the old Privacy Shield agreement, and be included in a list of companies that voluntarily comply with the principles of the GDPR. The list of certified US companies can be found at Data Privacy Framework.

8.2. Data sources

We process personal data that we have received from you or a whistleblower as part of the whistleblowing process.

9. Duration of data storage

Personal data of relevance to whistleblower protection is stored for at least three years, pursuant to Section 11(5) HinSchG. Personal data may also be stored for the performance of activities that are in the public interest or relate to the exercise of official duties. Additionally, personal data may be stored for as long as legal claims are in the process of being exercised or defended. Furthermore, individual documents will be stored for up to six years (in accordance with the German Income Tax Act and Tax Code) or up to 10 years (in accordance with the German Commercial Code).

10. Rights of data subjects

Unless stated otherwise, the above-mentioned companies are jointly responsible for the processing of personal data. You may request information at any time about the data we hold on you and request the rectification of inaccurate data. You also have the right to request the restriction of data processing, the portability of the data you have provided to us in a machine-readable format, and the erasure of your data once it is no longer needed.

Furthermore, you have the right to object to the use of your data for purposes based on public or legitimate interests at any time. In so far as we process your data on the basis of consent that you have given, you may withdraw your consent with future effect at any time. We will stop processing your data for the purposes stated in the declaration of consent upon receipt of your revocation notice. Please send your revocation or objection to:

Claudia Keul
Group Data Protection Officer
YER Talents GmbH
Birketweg 21
80639 Munich
Email: dp(at)yer.de

11. Right to lodge a complaint with a supervisory authority

You also have the right to lodge a complaint with a supervisory authority at any time. The authority responsible for us is: Bavarian State Office for Data Protection, PO Box 606, 91511 Ansbach, Germany. Alternatively, you may contact your locally responsible supervisory authority.
 

Status: 02 June 2025