x

Review and Agree to Our Privacy Policy

To access the available job listings and proceed to the application portal, you are required to review our Privacy Policy and agree to its terms. Please read the policy carefully, and indicate your agreement to continue.

Privacy Policy for the Job Application Portal of Munich International School e.V.

Last updated: 10 February 2025

1. Introduction

This Privacy Policy outlines how Munich International School e.V. (“we,” “our, or “the School”) processes and protects the personal data of individuals who apply for job openings through the job application portal hosted on https://careers.mis-munich.de (the “Portal”). We comply with the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The security and lawful processing of your data are of utmost importance to us.

2. Controller

The controller responsible for data processing on this portal is:

Munich International School e.V.

Schloss Buchhof

82319 Starnberg, Germany

+49 (0) 8151 3660

info@mis-munich.de

If you have any questions regarding the processing of your personal data, you may contact us or our Data Protection Officer:

Bernard Columberg

dpo@mis-munich.de

+49 (0) 8151 366 101

3. Categories of Personal Data Processed

We collect and process the following categories of personal data as part of the job application process:

  • Personal identification details: Full name, date of birth, address, phone number, and email.
  • Application materials: Curriculum vitae, cover letter, references, and certificates.
  • Job-specific data: Job title, job ID, qualifications, and skills.
  • Communication data: Messages, emails, or feedback related to your application.
  • Technical data: IP addresses and access logs for security and maintenance purposes.

4. Purpose and Legal Basis for Data Processing

We process your personal data for the following purposes:

  1. Application processing and recruitment: To manage your application and assess your qualifications for the relevant position.
    • Legal basis: Article 6(1)(b) GDPR (processing necessary for the performance of a contract or pre-contractual measures).
  2. Communication with applicants: To provide updates on the status of your application.
    • Legal basis: Article 6(1)(f) GDPR (legitimate interest in efficient communication).
  3. Compliance with legal obligations: To comply with legal retention periods or labor regulations.
    • Legal basis: Article 6(1)(c) GDPR (compliance with legal obligations).
  4. Security monitoring and fraud prevention: To ensure the security of our systems.
    • Legal basis: Article 6(1)(f) GDPR (legitimate interest in IT security).

5. Data Sharing and Recipients

We share your data with the following third parties only when necessary for processing your application, hosting the site, or maintaining system security:

  • Strato GmbH: Responsible for website hosting and infrastructure support, under a Data Processing Agreement (DPA) ensuring data security and GDPR compliance.
  • Perbit Software GmbH: Manages the job application processing, stores your application materials temporarily, and facilitates communication between you and the HR department, under a DPA ensuring compliance with GDPR.
  • Third-party job boards: If your application is posted to external job platforms like LinkedIn or StepStone.

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by legal obligations. The retention periods are as follows:

  • Unsuccessful applications: Data will be deleted after rejection.
  • Successful applications: Data will be transferred to the employee record and retained in accordance with our employment policies.

The specific deletion periods for Perbit-hosted data are defined in their DPA.

7. Perbit Software GmbH as Data Processor

We use Perbit Software GmbH to manage job applications, host uploaded documents, and handle communication with applicants.

  • Nature of the processing: Perbit processes data on behalf of the School, including storing application materials, categorizing data, and facilitating communication.
  • Data storage location: Perbit’s data centers, located in Germany, ensure compliance with GDPR.
  • Retention: Data is retained in accordance with the DPA established with Perbit Software GmbH, including a retention period for the application data. Data will be deleted or anonymized after the recruitment process concludes unless otherwise agreed.

For more information, you can review Perbit’s Privacy Policy.

8.Data Processing by Hetzner Online GmbH

We have engaged Hetzner Online GmbH (“Hetzner”) as our hosting service provider. Hetzner processes personal data on our behalf in compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Data Processing Agreement (DPA)

In accordance with Article 28 GDPR, we have entered into a Data Processing Agreement with Hetzner. This agreement ensures that Hetzner processes personal data solely based on our instructions and implements appropriate technical and organizational measures to protect the data. The DPA outlines the subject matter, duration, nature, and purpose of the data processing, as well as the rights and obligations of both parties.

2. Technical and Organizational Measures (TOMs)

Hetzner has implemented comprehensive Technical and Organizational Measures to safeguard personal data against unauthorized access, loss, or destruction. These measures include, but are not limited to:

  • Access Control: Ensuring that only authorized personnel have access to data processing systems.
  • Data Encryption: Protecting personal data through encryption during transmission and storage.
  • Regular Audits: Conducting periodic reviews and assessments of data processing practices to ensure ongoing compliance.

A detailed description of these measures is available in Hetzner’s documentation.

3. Data Processing Locations

Hetzner processes personal data exclusively within data centers located in the European Union. There is no transfer of personal data to third countries outside the EU/EEA without ensuring compliance with GDPR requirements.

4. Subprocessors

Hetzner may engage subprocessors to fulfill specific obligations. Any such subprocessors are contractually bound by the same data protection obligations outlined in our agreement with Hetzner, ensuring consistent protection of your personal data.

5. Data Subject Rights

As a data subject, you retain all rights granted under the GDPR, including the right to access, rectify, erase, or restrict the processing of your personal data. Requests to exercise these rights can be directed to us, and we will coordinate with Hetzner as necessary to fulfill your request.

6. Contact Information

For any inquiries related to data processing by Hetzner, you may contact:

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Germany

Email: info@hetzner.com

For further details, please refer to Hetzner’s Privacy Policy.

9. WordPress as CMS

The job application portal is built using WordPress CMS, but no personal data is processed or stored by WordPress itself, as we do not use WordPress services such as Jetpack, Akismet, or similar.

  • Nature of processing: WordPress is used purely for managing content (i.e., the job application portal interface) and does not process or store personal data.
  • Exclusion from data processing: No personal data is shared with or processed by WordPress.

10. Data Subject Rights

As a data subject, you have the following rights under GDPR:

  • Right to access (Art. 15 GDPR): Request access to the personal data we hold about you.
  • Right to rectification (Art. 16 GDPR): Request correction of inaccurate data.
  • Right to erasure (Art. 17 GDPR): Request deletion of your personal data.
  • Right to restriction (Art. 18 GDPR): Restrict the processing of your data under certain conditions.
  • Right to data portability (Art. 20 GDPR): Receive your personal data in a structured, commonly used format.
  • Right to object (Art. 21 GDPR): Object to the processing of your data under specific circumstances.
  • Right to lodge a complaint: You have the right to file a complaint with the relevant data protection authority.

To exercise any of these rights, please contact us at [email address].

11. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These include:

  • Encryption via SSL/TLS for data transmission.
  • Regular security audits.
  • Access controls and password-protected systems.

12. Data Transfers to Third Countries

While we do not transfer personal data to countries outside the European Economic Area (EEA), some third-party services (e.g., Perbit Software GmbH and Strato GmbH) may involve processing data in locations outside the EEA, such as their servers in Germany, under the appropriate GDPR compliance measures.

13. Changes to This Privacy Policy

We reserve the right to amend this Privacy Policy to reflect changes in legal requirements or our data processing practices. The latest version will always be available on the job application portal.

For any questions regarding this Privacy Policy, please contact us at po@mis-munich.de

Munich International School e.V.
Schloss Buchhof
82319 Starnberg, GERMANY

info@mis-munich.de

+49 (0) 8151 3660