Data Privacy

Person responsible
The person responsible in the sense of the Basic Data Protection Regulation is:

TOM TAILOR GmbH
Garstedter Weg 14
22453 Hamburg
E-Mail: info@tom-tailor.com

Legal bases of processing
Insofar as we obtain your consent for processing operations of personal data, Art. 6 para. 1 lit. a) EU Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which you are a party, Art. 6 para. 1 lit. b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

If processing of personal data is necessary for compliance with a legal obligation to which TOM TAILOR GmbH is subject, Art. 6 para. 1 lit. c) GDPR serves as the legal basis.

If the processing of personal data is necessary to protect the legitimate interests of TOM TAILOR GmbH, Art. 6 para. 1 lit. f) GDPR serves as the legal basis.

Data deletion / storage period
Your personal data will be deleted as soon as the purpose of storage ceases to apply. Storage may also take place if this has been provided for by the European or national legislator in union regulations, laws or other provisions to which TOM TAILOR GmbH is subject. Data will also be deleted if a storage period prescribed by the aforementioned norms expires.

Creation of log files
Every time you access the Internet pages of TOM TAILOR GmbH, information transmitted by your browser is automatically stored temporarily. The log file created records the browser type/version, operating system used, name and URL of the file accessed, reference URL (the page previously visited), host name of the accessing computer (IP address) and the date and time of the server request. This data is not merged with other data sources. The storage and processing of this data is solely for the purpose of system security and the optimisation of what is offered on the Internet. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.  Our legitimate interest is, on the one hand, to be able to offer you an optimised Internet presence and, on the other hand, to secure the system. Your personal data will not be transmitted to third parties and will be deleted after 24 hours.

Registration for applicant portal
The TOM TAILOR GmbH website offers the option of registering for the applicant portal by providing personal data. The data is entered in an input mask and transmitted to us and stored.  The data is not passed on to third parties. Data such as your name, address, e-mail address, date of birth and telephone number are collected as part of the registration process. The registration and the associated data processing are necessary for the provision of certain content for the application process and services on the website. The legal basis for this is Art. 6 para. 1 lit. b) GDPR.

Your personal data is transferred to processors for support. When selecting our partners based in a third country, we ensure that the requirements for the transfer of personal data to a third country are met.

Your personal data will be stored for the duration of your registration. If you delete your profile created during registration, your personal data collected there will be deleted immediately. You can see your other existing rights from the point "Rights of the data subject" below.

Application
If you submit your application via our website or e-mail address, we will process your personal data such as name, date of birth, address, qualification, e-mail address, telephone number and the documents you provide exclusively for the purpose of reviewing your application and carrying out the application process. In addition, you still have the option to provide your Xing, LinkedIn or Skey account name if required. However, this is voluntary information.

Applications in Germany are processed for the purpose of deciding whether to establish an employment relationship in accordance with the Federal Data Protection Act (Section 26 (1) Sentence 1 BDSG). The data will be deleted no later than six months after completion of the application process unless the data is still required for the implementation of the employment relationship.

Applications in Austria are processed for the purpose of carrying out pre-contractual measures in accordance with the General Data Protection Regulation (Art. 6 para. 1 sentence 1 lit. b) GDPR). The responsible person for this data processing is the Austrian Tom Tailor Retail GmbH (Bahnhofstraße 53, 6300 Wörgl, karriere.austria@tom-tailor.com). Unless consent has been given to the retention of the application, application data will be retained for a period of eight months for the purpose of defending possible claims under the Equal Treatment Act. The eight-month period starts to run from the date on which the data subject received the negative decision on his/her application. Without your consent pursuant to Art. 6 para. 1 lit. a) GDPR, your application will not be stored or forwarded to third parties beyond the application process. You can revoke your consent at any time with effect for the future. To handle the applicant process, we will use companies of the TOM TAILOR group for internal administrative purposes or possibly service providers. We have concluded a contract on commissioned processing with such external service providers in accordance with Article 28 GDPR. The legal basis for the internal transfer of the TOM TAILOR group is Art. 6 para. 1 lit. f) GDPR in conjunction with Recital 48, as we have a legitimate interest in the transfer for internal administrative purposes.

Cookies
We also use so-called cookies to collect and store data. Cookies are data packets that your browser stores on your end device at our instigation. They do not cause any damage there.   They do not contain any executable code and therefore no viruses and do not allow us to spy on you. A distinction is made between two types of cookies: temporary, so-called session cookies, and persistent cookies.

Session cookies are automatically deleted when you close the browser. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This allows your computer to be recognised when you return to our website. The use of session cookies is necessary so that we can provide you with the website. The legal basis for the processing of your personal data using session cookies is Art. 6 para. 1 lit. f) GDPR.

Persistent cookies are automatically deleted after a predefined period of time, which may differ depending on the cookie. Persistent cookies must be distinguished according to whether they are technically necessary or not. If this is to be affirmed in the individual case, they are also to be based on Art. 6 para. 1 lit. f) GDPR. The use of technically unnecessary cookies takes place with your consent. These cookies are only set when you have actively given your consent. The legal basis for data processing is Art. 6 para. 1 lit. a) GDPR. You can revoke your consent at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can delete the cookies in the security settings of your browser at any time. With the help of the cookies, it is possible for us to track your usage behaviour for the above-mentioned purposes and within the corresponding scope. They are also intended to enable you to optimise your browsing experience on our website. In addition, we use persistent cookies for direct marketing purposes on the Internet, for example to be able to offer you personalised advertising or to evaluate the success of our advertising measures.

You can set your internet browser so that our cookies cannot be stored on your end device or so that cookies that have already been stored are deleted. If you do not accept cookies, this may lead to restrictions in the function of the Internet pages.

With your consent, we also integrate cookies from third-party providers. In this case, the corresponding data packages from third parties are stored in your browser or transmitted to them. You can also usually prevent the use of third-party cookies by setting your browser accordingly. The legal basis for the processing of your personal data using third-party cookies is Art. 6 para. 1 lit. a) GDPR. Also, in this case, you can also revoke your consent at any time.  The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

You can revoke your consent for the cookies set at any time.

If you have set your browser or use plug-ins in such a way that external scripts are blocked, which is particularly the case when using ad blockers or script blockers, the cookie preferences button will also not be displayed. Since in this case data processing is already prevented on your part, no processing takes place on our site in accordance with your settings.  There is therefore no need to revoke the data processing with third-party cookies.

Your other existing rights can be found in the "Rights of the data subject" section below in the general principles of data processing.

LinkedIn
If you log in to our careers page via a LinkedIn profile or apply for a job via a LinkedIn profile, LinkedIn uses a third-party cookie our careers page. LinkedIn's policies are subject to a separate privacy policy. Questions about LinkedIn's policies should be directed to LinkedIn. If you use LinkedIn to log in to our careers page or to provide personal information on our careers page, you consent to the third-party cookie on this careers page.

Use of Google Analytics
Our website uses Google Analytics, a web analytics service provided by Google LLC of California, USA.  Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. This is essentially carried out by Google LLC. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there.

Google will use this information on our behalf for the following purposes: to evaluate your use of the website (e.g., the length of time you spend on the site and the content you view), to compile reports on website activity and to provide the website operator with other services relating to website activity and internet usage (e.g., visitor sources such as links and search engines). Pseudonymous user profiles can be created from the processed data, in which case a randomly generated client ID is assigned to the user in the locally stored cookie and saved.   Google reserves the right to use the collected data for its own purposes. The usage data is processed by Google LLC and the data is stored in the USA. We have concluded standard contractual clauses with Google. In addition to Google, government authorities therefore also have access to this data.  Google has the option of linking your data with other data about you, such as search history, personal accounts, usage data from other devices and any other data that Google has about you.

On our website, we use the code extension "anonymizeIP", which serves to activate IP anonymisation on this website. By using this extension, your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server in the USA and shortened there. However, the anonymisation does not result in the complete data processing being anonymised, as further usage data is collected when Google Analytics is used, which is to be assessed as personal data. Thus, for example, a link to the user of an existing Google account may be possible.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a) GDPR. In accordance with Article 7 (3) GDPR, you can revoke your consent at any time, in which case your personal data will be deleted immediately. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation. You can see your other existing rights from the point "Rights of the data subject" below.

You can effectively revoke your consent at any time by reopening the cookie settings.

Furthermore, Google offers you the option of preventing the collection of the data generated by the cookie and collected through your usage behaviour on our website by downloading and installing the browser plug-in available under the following link (https://tools.google.com/dlpage/gaoptout/). This tool sets a so-called opt-out cookie, which prevents the future collection of your data. We would like to point out that the cookie is only valid for the browser and this website used during the installation. If you delete the cookies in your browser, you must set the opt-out cookie again.

Further information can be found in Google’s data protection rules www.google.com/intl/de/policies/privacy/. 

Data transmission to a third country
When using internet technologies, data transfer to a third country, especially the USA, unfortunately cannot be avoided. In particular, but not exclusively, the services of Google, Facebook and their partners are affected. When selecting our partners, we ensure that the requirements for the transfer of personal data to a third country are met.

RECIPIENTS OR CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Tom Tailor GmbH only transmits personal data to those recipients who require it for the respective legitimate fulfilment of tasks.

If external service providers are commissioned to receive personal data for these purposes, we ensure when selecting our partners that suitable technical and organisational measures are implemented and necessary agreements are concluded so that the processing is carried out in accordance with the applicable data protection regulations and guarantees the protection of the rights of the data subject.

We may pass on personal data to:

• Our affiliated companies as an intra-group transfer, for example, for support on the basis of commissioned processing pursuant to Art. 28 GDPR or joint responsibility pursuant to Art. 26 GDPR.
• Business partners for whom the transfer of data is necessary for the fulfilment of tasks, such as external consultants, etc.
• Our data protection officer for advice and monitoring of data protection-compliant implementation.
• Authorities and companies for the fulfilment of legal notification obligations (e.g., social insurance institutions, financial authorities, police and public prosecutor's office, supervisory authorities).
• Other third parties for whom the data subject has given consent to data transfer or for whom there is legal authority to transfer data (e.g., lawyers, insolvency administrators)"

Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the rights described below.

Information: You have the right to receive free information and confirmation from us at any time about the personal data stored on you and a copy of this data.

Correction: You have the right to have your personal data corrected and/or completed if the processed personal data concerning you is incorrect or incomplete.

Restriction of processing: You have the right to request the restriction of processing if one of the following conditions is met:

• The accuracy of the personal data is contested by you for a period of time which allows us to verify the accuracy of the personal data.
• The processing is unlawful, you object to the erasure of the personal data and request instead the restriction of the use of the personal data.
• We no longer need the personal data for the purposes of processing, but you need it to assert, exercise or defend legal claims.
• You have objected to the processing pursuant to Art. 21 (1) GDPR and it is not yet clear whether our legitimate grounds outweigh yours.

Deletion: You have the right to have the personal data concerning you erased without delay if one of the following reasons applies and insofar as the processing is not necessary:

• The personal data was collected or otherwise processed for purposes for which it is no longer necessary.
• You withdraw your consent on which the processing was based and there is no other legal basis for the processing.
• You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing or you object to the processing pursuant to Article 21(2) of the GDPR.
• The personal data has been processed unlawfully.
• The deletion of the personal data is necessary for compliance with a legal obligation under Union or Member State law to which we are subject.

Data transferability: You have the right to receive the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format.  You also have the right to transfer this data to another person responsible without hindrance from us.  In exercising this right, you also have the right to have the personal data relating to you transferred directly from us to another person responsible, where this is technically feasible. The freedoms and rights of other persons must not be affected by this.

Objection: You have the right to object at any time to the processing of personal data concerning you that is "only" based on legitimate interests of us or third parties (Art. 6 para. 1 lit. f) GDPR). We will no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Revocation of consent: You have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation.

Automated decision-making pursuant to Art. 22 GDPR does not take place in the course of processing your personal data.

In order to exercise your rights, please contact the above-mentioned person responsible, as your rights are also to be implemented there. However, you can also contact the data protection officer, especially if your request requires a higher level of confidentiality.

You can contact the data protection officer of the entire TOM TAILOR group by post at the following address: migosens GmbH, Wiesenstraße 35, 45473 Mülheim.

Right of complaint to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or the place of the alleged infringement, if you consider that the processing of personal data concerning you infringes the GDPR.

The data protection supervisory authority responsible for us is:
Free and Hanseatic City of Hamburg
The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Straße 22, 7. OG, 20459 Hamburg
Tel.: 040 / 428 54 - 4040
Fax: 040 / 428 54 - 4000
E-Mail: mailbox@datenschutz.hamburg.de

Our presence in social networks
TOM TAILOR GmbH maintains publicly accessible professional company profiles on various social networks. We use these to publish and distribute our company's content, offers and product recommendations and help us, for example, to promote direct exchange with our customers and interested persons.

By using one of these networks, a variety of data processing operations are set in motion.   This data is processed even if you do not have your own profile on this network. When you visit one of our profiles, your personal data is processed and possibly stored not only by us but also by the operator of the respective network. Personal data includes, for example, your name, age, e-mail address, photos and other information that you have voluntarily shared on the networks, as well as information on your usage behaviour and interactions with the content of the respective company profile. Your IP address may also be collected. There is no obligation on your part to provide us with your personal data in order to visit our company profiles. However, this may be necessary in order to use individual functions of our profiles (such as commenting on posts, contacting us).

TOM TAILOR GmbH has no influence on the data processing (triggered by your visit to the social networks) on the part of the operators, which may differ between the individual networks and are not necessarily traceable for us (e.g., the setting of cookies). For further information regarding details on the collection and storage of your personal data as well as the purpose, type and scope of processing, we would like to refer you to the data protection declarations of the respective operators of the social networks. You can find these at:

You will find the data protection information of Facebook, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, at: https://de-de.facebook.com/policy.php

You will find the data protection information of Instagram, operated by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland, at: https://help.instagram.com/519522125107875

You will find the data protection information on You Tube operated by Google Ireland Limited, Gordon House 4 Barrow St., Dublin, D04 E5W5, Ireland, at: https://policies.google.com/privacy?hl=de&gl=de

You will find the data protection information of Xing, operated by New Work SE, Dammtorstraße 30, 20354 Hamburg, at: https://privacy.xing.com/de/datenschutzerklaerung​​​​​​​

You will find the data protection information of LinkedIn, operated by LinkedIn Ireland Limited Company, Wilton Place, Dublin 2, Ireland, at: https://www.linkedin.com/legal/privacy-policy​​​​​​​

You will find the data protection information of Pinterest, operated by Pinterest Inc., 651 Brannan Street, San Francisco, CA 94107, USA,: policy.pinterest.com/de/privacy-policy

If you use our presence in the social networks to contact us (e.g., through private messages, commenting/sharing posts or reactions to such), we will process this data provided by you exclusively for the purpose of contacting you and will not combine it with any other data available to us. The legal basis for the data collection is therefore Art. 6 para. 1 lit. b) GDPR. If the contact relates neither to a pre-contractual measure nor to a contract that you yourself have already concluded with TOM TAILOR GmbH, we process your personal data on the basis of Art. 6 para. 1 lit. f) GDPR within the framework of our legitimate interest in processing your request via this channel.

Your personal data will be deleted as soon as the purpose of the storage no longer applies, or you request us to delete it. Storage may also take place if this has been provided for by the European or national legislator in union regulations, laws or other provisions to which TOM TAILOR GmbH is subject. The data will also be deleted if a storage period prescribed by the aforementioned standards expires unless there is a necessity for the continued storage of the data for the conclusion or fulfilment of a contract. For how long the operators of the social networks store your personal data, please refer to the respective above-mentioned data protection notices.

Further information on Facebook and Instagram:
The social networks Facebook and Instagram are each offered by Facebook Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland ("Facebook"). In the context of using page insights, we are jointly responsible with Facebook for the data processing on the Facebook/Instagram fan pages in accordance with Art. 26 GDPR. We use the statistics provided by Facebook to make posts more attractive and effective. For example, the distributions according to age and gender are used for a correct approach and preferred visiting times of the users for a time-optimised planning of the posted contributions. Information about the type of end devices used by the visitors enables the posts to be adapted to the respective device in terms of appearance and design.   The data processing described is based on the existing legitimate interests of TOM TAILOR GmbH according to Art. 6 para. 1 lit. f) GDPR. You can object to this data processing on the part of Facebook at any time by no longer subscribing to our Facebook page (by selecting the functions "I do not like this page" and/or "Do not subscribe to this page anymore" you disconnect your user profile from our fan page).

You can find the option to object to the individual - above mentioned - data processing operations here:
https://www.facebook.com/settings?tab=ads
and here
http://www.youronlinechoices.com

You can find information on the agreement concluded with Facebook at:
https://www.facebook.com/legal/terms/page_controller_addendum

You will find a summary of this agreement and other information on the insights pages by Facebook at:​​​​​​​
https://www.facebook.com/legal/terms/information_about_page_insights_data