Data Privacy

Data Privacy

Data protection information for the website, social media presences and for applicants and employees of Qnit AG and companies belonging to the group of companies (hereinafter referred to as Qnit) and for the sending of e-mails by Qnit.

This policy applies to all websites of Qnit, its subsidiaries and directly or indirectly controlled companies, for applicants and employees, as well as appearances on various social media platforms. This does not apply to websites for which a separate privacy policy is displayed. The website on which you are currently located is hereinafter referred to as the “Website”.

The website and the social media appearances are intended to provide information about Qnit’s services and about Qnit as an employer. Through the website and the social media appearances interested persons also have the opportunity to contact Qnit.

Personal data is processed in connection with the website, the offers made available on the website, social media appearances and sending of e-mails.

Below you will find information about the company responsible for processing your personal data, his representative and the data protection officer, as well as your rights with regard to the processing of your personal data.

In the following you will also find information about the processing of your personal data and information about the use of cookies in connection with the website, the offers provided on the website and sending of e-mails for event invitations, offers and information about Qnit and its companies belonging to the group.

In this policy, the term “personal data” refers to data that relates to an individual and identifies this person either directly or indirectly (in conjunction with other information that may be likely to come into the possession of Qnit), such as your name, email address or telephone number, particularly in connection with applications.

Information about each responsible company

  • Qnit AG, Dornhofstraße 38a, 63263 Neu-Isenburg, Germany
  • Qnit Austria GmbH, Leonard-Bernstein-Straße 10, 1220 Wien, Austria
  • Qnit d.o.o., Starine Novaka 23, 11060 Belgrade, Serbia
  • Qnit Switzerland AG, Grosspeteranlage 29, 4052 Basel, Switzerland

Collection of personal data
In general, you can access Qnit website without providing any personal information. Your browser transmits information to our server which are technically necessary for display our website and to ensure stability and security. These are IP address, date and time of the request, time zone difference to GMT, content of requests, access status / http status code, amount of data transferred, webpage that the request comes from, browser, operating system and its interface and language and version of the browser software.

To access some areas of our website, for example to apply for a position, we may need to obtain personal data from you. The entering of personal data in such cases is voluntary, and you are explicitly requested to provide such personal data and informed about the intended use of such personal data. If you do not provide us with the required personal data, you won’t be able to use some functions offered by our website. The typical reasons for us collecting personal data are listed below, along with a brief description of how your personal data is treated in each case.

  • Communication with you. We will respond to any comments and requests that you submit to us through our website, such as online enquiries, comments, or registration to attend a conference. This may involve calling you on the telephone or sending an email to you.
  • Creating aggregated statistics regarding the use of our website.
  • Your personal data is stored accordingly on our systems, in the cloud in a data center in the EU.
  • Training and further education. Your personal data will be used for certification exams and certificates of participation for the purpose of legitimizing and issuing your training certificate. Qnit or external commissioned trainers use lists of participants with personal data for internal organization, e.g. individual preparation of participants or sending of training material. Participation in feedback questionnaires regarding training quality is voluntary and anonymous. Online registration for public trainings is done via Eventbrite.de or XING.de, their data protection regulations apply.

The following table lists the categories of personal data that Qnit processes or could process as part of the processing activities described in this Global Privacy Statement.

  • Personal data: Name, preferred gender pronoun, contact information of any kind (such as email, phone numbers, address), gender, date of birth, age, place of birth.
  • Confidential data: Qnit may also collect certain types of confidential information if permitted by or with your consent under the laws of that country, such as health/medical data (including disability status and dietary requirements/allergies at events organized/sponsored by us). Qnit will only use this confidential information for the purposes described in Table 3.
  • Audiovisual media: Photographs and images/recordings taken on CCTV or other video systems and voice recordings.
  • Position: Description of current position, job title, employer, location, Qnit contact(s).
  • System and application access data: When you access Qnit systems, Qnit may collect data necessary to access such Qnit systems and applications, such as system ID, LAN ID, e-mail account, instant messaging account, mainframe ID, system passwords, access and activity logs, and electronic content created with Qnit systems.

In addition, Qnit may process the personal data listed in the table below for recruitment purposes.

  • Personal data: In addition to the personal information listed above, Qnit may collect other personal information for recruitment purposes, such as National Identification Number, Social Security Number, Insurance Information, Family / Partnership Status, Life Partners, Relatives, Emergency Contacts, Military Service.
  • Confidential data: Qnit may collect certain types of confidential information if permitted by applicable local law or if you have consented to it, such as health/medical information (including disability), trade union membership information, religion, race or ethnicity, minority flag and (to the extent permitted by law) information about criminal convictions and offences. Qnit collects this information for specific purposes, such as health/medical information, to address a disability or illness and provide care; background checks; religious or church affiliation in countries such as Germany, where such information is required for statutory tax deductions; and personal diversity data (such as race or ethnicity) to comply with legal obligations and internal policies regarding diversity and equal treatment.
  • Immigration data: Qnit may collect information about citizenship, passport, residence or work permit (physical copy and/or electronic copy).
  • Information talentmanagement: Information required for a background check, details of performance decisions and outcomes, performance feedback and alerts, e-learning/training programs, performance and development reviews (including information you provide when requesting/providing feedback, prioritizing, updating your input into relevant tools), driver’s license and vehicle letter, and biographical information.

As stated in the Global Privacy Statement, Qnit processes your personal data for various purposes. The following table lists the individual purposes for which Qnit processes your personal data.

  • Facilitation of communication with you (also in emergencies): Facilitate communication with you, ensure business continuity, protect the health and safety of employees and others, protect IT infrastructure, office equipment and other assets, facilitate communication with you and the emergency contacts you specify.
  • Compliance with legal requirements: Compliance with legal requirements, e.g. statutory submission, accounting and reporting obligations, performance of audits, approval of state audits and compliance with other requirements of state or public authorities, involvement in legal proceedings, e.g. in subpoenas, prosecution of legal claims and remedies, defense in the event of litigation and settlement of internal complaints or claims, conduct of investigations and compliance with internal policies and procedures, protection, enforcement or defense of the legal rights, privacy rights, safety or property of Qnit, Qnit subsidiaries or their employees, agents and contractors (including the enforcement of relevant agreements and terms of use), protection of data security, privacy and security of users of Qnit products or services or the public, protection against fraud or guidelines for the purpose of risk management.
  • Tracking your use of Qnit’s property: Monitor activities in accordance with the laws of the country and/or Qnit policies in force (including monitoring the use of Qnit resources).
  • Data analysis: Analysis of business processes and data to describe, predict and improve Qnit’s economic performance and/or to provide the user with a better experience. The analyses include in particular descriptive analyses, predictive analyses, analyses of the behaviour of individuals (customers, business contacts) through the use of personal data as well as marketing, individual customer view and customer journey analyses.
  • Recruitment: Managing applications, including conducting interviews and assessments, performance appraisals, financial planning, managing payments, managing inclusion and diversity programs, conducting background checks, planning and monitoring training requirements.

Use of personal data for marketing purposes
The bulk of the personal data we collect and use for marketing purposes relates to individual employees of our clients and other companies with which we have an existing business relationship. We may also obtain contact information from public sources, including content made public at social media websites, to make an initial contact with a relevant individual at a client or other company.

We send commercial e-mail to individuals at our client or other companies with whom we want to develop or maintain a business relationship in accordance with applicable marketing laws. Our targeted e-mail messages typically include web beacons, cookies, and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in a marketing e-mail you receive from Qnit, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.

Targeted e-mails from Qnit may include additional data privacy information, as required by applicable laws.

Like most companies, Qnit uses customer relationship management (CRM) database technology to manage and track our marketing efforts. Our CRM databases include personal data belonging to individuals at our client and other companies with whom we already have a business relationship or want to develop one. The personal data used for these purposes includes relevant business information, such as: contact data, publicly available information (e.g. board membership, published articles, press releases, your public posts on social media sites if relevant for business purpose), your responses to targeted e-mails (including web activity following links from our e-mails), website activity of registered users of our website, and other business information included by Qnit professionals based on their personal interactions with you. If you wish to be excluded from our CRM databases, please contact us.

We may combine data from publicly available sources, and from our different e-mail, website, and personal interactions with you (this includes information collected across our different websites such as our career and corporate sites and information collected when you sign-up or log on to our sites or connect to our sites using your social media credentials (such as LinkedIn and Xing). We combine this data to better assess your experience with Qnit and to perform the other activities described throughout our privacy policy.

We may transfer personal data to our service providers, professional advisors, public and governmental authorities or third parties in connection with a (potential) corporate or commercial transaction. Such third parties may be located in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data is protected adequately as required by relevant data privacy laws and Qnit’s internal policies.

Unless you are otherwise notified, any transfers of your personal data from within the European Economic Area (EEA) to third parties outside the EEA will be based on an adequacy decision or are governed by the standard contractual clauses. Any other non-EEA related transfers of your personal data will take place in accordance with the appropriate international data transfer mechanisms and standards.

Your rights regarding marketing communications
You can exercise your right to prevent marketing communications to you by checking certain boxes on the forms we use to collect your personal data, or by utilizing opt-out mechanisms in e-mails we send to you. You can also exercise the right to discontinue marketing communications to you, or to have your personal data removed from our customer relationship management (CRM) databases at any time by contacting us. In such cases, we will retain minimum personal data to note that you opted out in order to avoid contacting you again. Alternatively, you may want to email us under dataprivacy@qnit.de to inform us about your opt-out preferences.

If you have any questions about privacy or would like to provide us with permissions for websites or for promotional purposes, please contact us.

Use of personal data during your visit to our business premises
In addition to the information provided above, this section tells you how we use personal data when you visit Qnit’s offices.

This information also relates to the potential processing of your personal data by video surveillance and access control systems where such systems are active.

When entering our business premises, personal data such as name, first name and, if applicable, employer, as well as your time of arrival and departure are collected. This is based on project-specific requirements, which have an increased level of security and make this documentation necessary. This data is also usually stored for 12 months.

If you have received an access card from us, access to the premises is recorded and stored by the office complex’s own access control system. If you would like further information on this, please contact us at the specific address you have requested.

Particularly sensitive personal data
As a rule, Qnit does not obtain any “particularly sensitive personal data” via its website. “Particularly sensitive personal data” includes personal data concerning race, political opinion, religious or philosophical beliefs, trade union membership, health or sex life. By voluntarily providing us with particularly sensitive personal data (such as by submitting your CV or applying for a job online), you expressly consent to the use of your personal data as described in this policy.

Disclosure of your personal data
Qnit is a global organisation. We have various legal entities (e.g. national companies) and partners in Switzerland, in certain EU Member States as well as in other European countries. Our internal processes and infrastructures are therefore international in their nature and scope.

Accordingly, you should be aware that we may share your personal data with third parties, for the purpose of processing it on our behalf. We require that third parties treat the personal data they receive in accordance with Qnit’s Data Privacy and Security Policies.

Your personal data may therefore also be subject to cross-border disclosure. Cross-border disclosure of your personal data will be conducted only (i) to countries with equivalent data protection standards, or (ii) on the basis of officially recognized data protection agreements, or (iii) on the basis of officially recogniz ed standard data protection clauses.

Your rights
Below you find more detailed information on your rights regarding the processing of your personal data under the General Data Protection Right (GDPR):

  1. Right of access
    As a data subject, you have a right to obtain access and information under the conditions provided in Article 15 of the GDPR. This means that you have the right to obtain confirmation from us as to whether we are processing your personal data. If so, you also have the right to obtain access to the personal data and the information listed in Article 15 paragraph 1 of the GDPR. This includes information regarding the purposes of the processing, the categories of personal data that are being processed and the recipients or categories of recipients to whom the personal data have been or will be disclosed (points (a), (b) and (c) of Article 15 paragraph 1 of the GDPR). You can find the full extent of your right to access and information in Article 15 of the GDPR, which can be accessed using this link.
  2. Right to rectification
    As a data subject, you have the right to rectification under the conditions provided in Article 16 of the GDPR. This means that you have the right to receive from us without undue delay the rectification of inaccuracies in your personal data and completion of incomplete personal data. You can find the full extent of your right to rectification in Article 16 of the GDPR, which can be accessed using this link.
  3. Right to erasure (“right to be forgotten”)
    As a data subject, you have a right to erasure (“right to be forgotten”) under the conditions provided in Article 17 of the GDPR. This means that you have the right to obtain from us the erasure of your personal data and we are obliged to erase your personal data without undue delay when one of the reasons listed in Article 17 paragraph 1 of the GDPR applies. This can be the case, for example, if personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed (point (a) of Article 17 paragraph 1 of the GDPR). If we have made the personal data public and are obliged to erase it, we are also obliged, taking account of available technology and the cost of implementation, to take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of those personal data (Article 17 paragraph 2 of the GDPR). The right to erasure (“right to be forgotten”) does not apply if the processing is necessary for one of the reasons listed in Article 17 paragraph 3 of the GDPR. This can be the case, for example, if the processing is necessary for compliance with a legal obligation or for the establishment, exercise or defence of legal claims (points (a) and (4) of Article 17 paragraph 3 of the GDPR). You can find the full extent of your right to erasure (“right to be forgotten”) in Article 17 of the GDPR, which can be accessed using this link.
  4. Right to restriction of processing
    As a data subject, you have a right to restriction of processing under the conditions provided in Article 18 of the GDPR. This means that you have the right to obtain from us the restriction of processing if one of the conditions provided in Article 18 paragraph 1 of the GDPR applies. This can be the case, for example, if you contest the accuracy of the personal data. In such a case, the restriction of processing lasts for a period that enables us to verify the accuracy of the personal data (point (a) of Article 18 paragraph 1 of the GDPR). Restriction means that stored personal data are marked with the goal of restricting their future processing (Article 4 paragraph 3 of the GDPR). You can find the full extent of your right to restriction of processing in Article 18 of the GDPR, which can be accessed using this link.
  5. Right to data portability
    As a data subject, you have a right to data portability under the conditions provided in Article 20 of the GDPR. This means that you generally have the right to receive your personal data with which you have provided us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us if the processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR and the processing is carried out by automated means (Article 20 paragraph 1 of the GDPR). You can find information as to whether an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the GDPR or on a contract pursuant to point (b) of Article 6 paragraph 1 of the GDPR in the information regarding the legal basis of processing in Section C of this Data Protection Information. In exercising your right to data portability, you also generally have the right to have your personal data transmitted directly from us to another controller if technically feasible (Article 20 paragraph 2 of the GDPR). You can find the full extent of your right to data portability in Article 20 of the GDPR, which can be accessed using this link.
  6. Right to object
    As a data subject, you have a right to object under the conditions provided in Article 21 of the GDPR. At the latest in our first communication with you, we expressly inform you of your right, as a data subject, to object. As a data subject, you have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6 paragraph 1, including profiling based on those provisions. In the event of an objection relating to your particular situation, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims. You can find the full extent of your right to objection in Article 21 of the GDPR, which can be accessed using this link.
  7. Right to withdraw consent
    Where an instance of processing is based on consent pursuant to point (a) of Article 6 paragraph 1 or point (a) of Article 9 paragraph 2 of the General Data Protection Regulation, as a data subject, you have the right, pursuant to Article 7 paragraph 3 of the General Data Protection Regulation, to withdraw your consent at any time. The withdrawal of your consent does not affect the legitimacy of the processing that occurred based on your consent until the withdrawal. We inform you of this before you grant your consent.
  8. Right to lodge a complaint with a supervisory authority
    As a data subject, you have a right to lodge a complaint with a supervisory authority under the conditions provided in point (f) of Article 57 paragraph 1 of the General Data Protection Regulation.

Duration of retention
Qnit stores your personal data only as long as necessary. In addition, Qnit maintains specific policies and procedures for the management and retention of records and data so that personal information is deleted after a reasonable period of time in accordance with the following retention criteria:

  • Qnit will keep your personal information for as long as we have a business relationship with you.
  • Qnit will retain your personal information for as long as it is necessary to fulfill a legal obligation.
  • Qnit will retain your personal data for as long as it is necessary to maintain or improve Qnit’s legal position (e.g. in relation to limitation periods, litigation or government investigations).

Please keep your personal data up to date at all times and inform Qnit of any significant changes to your personal data.

Third-party websites
Qnit’s websites may contain links to third-party websites. Qnit makes no guarantees with regard to such third-party websites and assumes no responsibility with respect to such third-party websites. You should be aware that the owners and operators of such third-party websites may possibly collect, use or disclose personal data in a manner other than that applied by Qnit. When accessing internet links to third-party websites, you should review the data privacy policies of these third-party websites. You should also be aware of the fact that third-party websites may use cookies.

Reorganization of the company
As is the case with many other organizations, Qnit may reorganize its business units around the world, either as a result of the acquisition of new entities or the disposal or merger of existing entities. If this is done, personal data may be disclosed to potential or actual purchasers of parts of our business or personal data may be obtained from potential sellers. In doing so, we strive to ensure that confidentiality is suitably maintained for personal data that is disclosed in the course of such transactions.

Legal notice
Qnit may disclose personal data in order to enforce the terms of use of our website or to protect personal safety or the Qnit website in urgent cases. It is also possible that we may be required to disclose your personal data for legal reasons, as a result of judicial or other official summons, orders or decrees, in any jurisdiction in which we conduct business.

Data security and integrity
Qnit takes various technological and procedural security measures to protect the personal data we collect, use or transfer against loss, misuse, alteration or destruction. However, please note that, due to the openness and insecure nature of the internet, Qnit cannot take responsibility for the security of the transmission of personal data over the internet.

Analysis software and cookies
The website uses analysis software, cookies and social media plug-ins. More information about these is available in the Cookies Policy.

Contact details
If you have any questions about this Data Privacy Policy or requests relating to the use of your personal data by Qnit, you are welcome to contact us via the email address dataprivacy@qnit.de or on +49 176 17870150.

Data Protection Officer
Qnit AG
Dornhofstr. 38A
63263 Neu-Isenburg
E-Mail: dataprivacy@qnit.de

We endeavour to respond promptly to enquiries, but a reasonable handling time must be expected.

This policy was last updated on January 18, 2019. Please consult this page regularly to see if this policy has been changed.

Further information relating the collection, use and disclosure of personal data as part of our application process

Purpose of the collection of personal data
Any personal data, including any personal data contained in the attachments, which you make available to us via the applicant portal or by email, will be collected, processed, and used by Qnit exclusively for the purpose of processing your application.

Your data will only be used by the respective company to fill the vacancies for which you have applied. They are not passed on to other companies. If you have submitted an unsolicited application, we will consider your data for all current application procedures that fit your profile. The same applies in the event that you have given us your express consent to the further storage of your applicant profile after completion of an application procedure.

The legal basis for data processing, type and purpose of data collection
We primarily collect your personal data for the purpose of carrying out the application procedure on the legal basis of § 6(1)(b), § 88 General Data Protection Regulation (GDPR) in conjunction with § 26(1) sentence 1(1) of the Federal Data Protection Act (old) (BDSG-alt). Further legal bases are § 6(1)(a) GDPR (“Permission”) and § 6(1)(f) GDPR (“Weighing of interests”), e.g., for personnel evaluations and reporting. Insofar as the processing of personal data is necessary to fulfill a legal obligation to which the data controller is subject, the legal basis is § 6 (1)(c) GDPR.

If special categories of personal data are processed pursuant to § 9(1) GDPR (e.g., health data), this is done on the basis of § 9(2)(b) GDPR. In addition, the processing might be required to assess your work capacities pursuant to § 9(1)(h) GDPR.

In the case of an online application for a specific vacancy or with unsolicited applications, your data are entered by you into the corresponding application form and the associated documents uploaded.

With email applications, we collect all relevant data in our applicant portal and upload your documents including your email. Your email will be deleted from our mailbox afterwards. Please don´t send any applications by post (paper applications), because we cannot process them due to data protection reasons.

Data controller, recipients or categories of recipients to whom the data might be disclosed
Your personal data will be treated strictly confidentially and will only be made available to the responsible persons involved in the application process. To ensure proper operation, only selected employees of Qnit involved in the application process have access to your data.

In any case, your personal data will only be processed by the company responsible for the vacancy and, if applicable, by service providers who are contractually bound and legally obliged to comply with the relevant data protection regulations. This does not apply in the event that you have submitted an unsolicited application or have given us your express consent to the further storage of your applicant profile after completion of an application procedure (rejection or hiring). In this case, we consider your data for all current application procedures, i.e. your personal data can be processed by different national companies. You can actively consent to the transfer of your personal data to individual or all national companies. If you do not provide or revoke this consent, your personal data cannot be taken into account for positions within these companies.

If you are hired, your data will be transferred from our applicant portal to our HR administration systems. Your data are processed there as employee data.

Qnit works with the software partner Haufe-umantis AG for the operation and maintenance of the applicant portal. Your data will be stored and processed on the systems of our software partner Haufe-umantis AG. Haufe-umantis AG has taken the necessary organizational and technical measures to ensure the confidentiality of your application. Further information can be found on the Haufe website.

Duration of data storage
Your personal data will generally be deleted when the processing is no longer necessary to make a decision on establishing an employment relationship. The duration of the storage depends on the duration of the decision-making process.

When applying online for a specific position, and submitting data to the applicant portal, you have access to your data and the attachments (e.g., your CV) at any time and can delete them yourself. You also have the option to request us to delete your data. If you wish to have your applicant profile deleted immediately, please contact our data protection officer (see above).

Our standard deletion period for an application is six months after completion of the relevant application procedure (rejection or recruitment). If we reject your application, we will inform you by email that you can provide your express consent to the further storage of your applicant profile after completion of an application procedure. In this case, your applicant profile will be deleted automatically from the applicant portal twelve months after the deletion of your last application. The same applies to an applicant profile created for an unsolicited application.

If legal regulations, e.g., storage obligations, do not permit deletion, the processing of your data will instead be limited (i.e. blocked), meaning that they are only accessible to observe mandatory legal regulations. This is also the case if there are indications that you will assert claims against us. The data will be stored as long as the processing of the data is necessary for the assertion, exercise, or defense of legal claims.

Current safety standards
Your data are protected against unauthorized access by encrypted transmission, encrypted storage, a role and authorization concept, a data backup concept, and physical security measures for the servers used. The transmission of your personal data to the servers follows to the security standards of the TLS method.

General terms and conditions

These general terms and conditions for service/work contracts apply to all deliveries and services of Qnit.

Please visit this page regularly to see if this policy has changed.

If you do not agree with this Privacy Policy, please do not continue to use and/or visit this website.

Note on liability

Despite careful control of the contents, we do not assume any liability for the contents of external links. The owner and or operators of the linked pages are solely responsible for their content.