Mahisha

Call

Mail

Instagram

Facebook

Mahisha Terms and Conditions

General Terms and Conditions

Imprint

Mahisha Terms and Conditions

1 ) Introduction

Welcome to Mahisha Recruitment Consultancy!
These Terms and Conditions (hereinafter referred to as "Agreement") govern the use of our services, which connect global job seekers with employers for available vacancies. Whether you are a candidate looking for the latest opportunities or an employer searching for the proper talent, Mahisha Recruitment Consultancy is executed to give a safe, transparent, and delegate experience. By accessing or using our website and services, you agree to comply with and be bound by this Agreement.

2 ) About Mahisha Recruitment Consultancy

Mahisha Recruitment Consultancy is a recruitment agency based in Germany, specializing in connecting qualified candidates from around the world with employers seeking talent. We provide a platform for job seekers and employers to connect, but we do not act as an employer or direct hiring party.

3 ) Services Provided

Mahisha Recruitment Consultancy provides services that facilitate the connection between job seekers and employers. We assist employers in finding suitable candidates for their open positions and help job seekers find job opportunities. We act as an intermediary between job seekers and employers but are not responsible for any hiring decisions or employment agreements made between the parties.In Mahisha's case, searching for the perfect job or candidate is not a challenge, but becomes a great journey to success.

4 ) Job Seekers

Job seekers must provide accurate and truthful information when registering with Mahisha Recruitment Consultancy. Job seekers are responsible for ensuring that they meet the qualifications and requirements for any positions they apply for. Mahisha is not responsible for the outcome of the job application process or any future employment disputes. Mahisha makes no guarantees regarding the successful placement of job seekers, as the final hiring decision is made by the employer.

5 ) Employers

Employers are required to provide accurate job descriptions, responsibilities, and qualifications for any vacancies they list with Mahisha. Mahisha is not responsible for the selection or recruitment of candidates and will only provide suitable candidates based on the job specifications provided by the employer. Employers are responsible for ensuring compliance with all relevant labor laws and regulations in their respective countries.Our mission is to streamline the talent search not to intervene in contractual or legal obligations between employers and new hires.

6 ) Judicial Proceedings

Mahisha Recruitment Consultancy does not accept responsibility for any legal issues, disputes, or claims that may arise between job seekers and employers after the connection is made. Both job seekers and employers are responsible for resolving any legal issues independently and in accordance with applicable laws.

7 ) Data Protection and Privacy

Mahisha is committed to protecting your privacy and personal data in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR). Job seekers and employers consent to the collection and use of their personal data for the purpose of recruitment services as outlined in our Privacy Policy.Your trust is our foundation, and protecting your data is our promise.

8 ) Financial Terms

Mahisha Recruitment Consultancy charges a service fee for its recruitment services. This service fee is subject to applicable taxes as required by law. There are no additional charges beyond the agreed service fee and applicable taxes. Mahisha does not charge any hidden fees or extra costs. All payments to Mahisha Recruitment Consultancy must be made exclusively to Mahisha’s designated bank account. No payments should be made to any other account or in cash. Mahisha is not responsible for any payments made outside of its official account or in any form other than through the official bank transfer.Our goal is to provide a secure and straightforward experience from consultation to completion.

9 ) No Employment Relationship

Mahisha Recruitment Consultancy does not create an employment relationship between itself and job seekers or employers. We only serve as a platform to facilitate connections. Any employment agreement entered into is solely between the job seeker and the employer.Any hiring decisions or employment contracts that result from these connections are independently handled between the employer and the job seeker.

10 ) Limitation of Liability

Mahisha Recruitment Consultancy drives to give a valid platform for connecting talent with opportunity.We are not liable for any direct, indirect, or consequential damages arising from the use of our services or any agreements between job seekers and employers. Mahisha makes no warranties or representations regarding the accuracy, reliability, or suitability of the information provided by employers or job seekers.

11 ) Amendments to Terms

Mahisha Recruitment Consultancy reserves the right to amend these Terms and Conditions at any time. Any changes will be posted on our website, and continued use of our services after such amendments signifies your acceptance of the revised terms.

12 ) Governing Law

These Terms and Conditions shall be governed by and construed in accordance with the laws of Germany. Any disputes arising from or in connection with these Terms and Conditions shall be subject to the exclusive jurisdiction of the courts of Germany.

13 ) Contact Information

If you have any questions about these Terms and Conditions, please contact us at:

Call : +49 15560 055007
Mail : mahisha.germany@gmail.com
Mail : info@mahisha.de

14 ) Acceptance of Terms

By using our services, you acknowledge and accept these Terms and Conditions.

Our Address
Rudower Straße 132
12351 Berlin, Germany

Our Phones
+49 15560 055007

Our Emails
mahisha.germany@gmail.com
info@mahisha.de

General Terms and Conditions

1 ) Contracting parties

These General Terms and Conditions (hereinafter referred to as "GTC") apply to all contracts between Mahisha Recruitment Consultancy 12351 Berlin, Germany, and the customer and regulate all details related to the provision of services between these parties.

A customer within the meaning of these General Terms and Conditions is anyone who is an entrepreneur within the meaning of Section 14 of the German Civil Code (BGB) or a merchant within the meaning of Section 1 of the German Commercial Code (HGB) or a legal entity under private or public law.

2 ) Subject matter of the contract

The subject matter of the contract is the content of the respective order confirmation from Mahisha Recruitment Consultancy with the documents referred to therein, including the General Terms and Conditions in the version valid at the time the contract is concluded.

3 ) Conclusion of contract

The contract between the parties is concluded when the customer purchases a service through a Mahisha Recruitment Consultancy website. By clicking the order button and accepting the Terms and Conditions, the customer submits an offer to Mahisha Recruitment Consultancy to conclude a contract. The customer then receives an automated email to the email address provided, confirming receipt of the order. This email does not constitute a binding acceptance of the order. Order acceptance will be confirmed by a separate email.

If the parties conclude a contract over the telephone, the customer will receive a written confirmation by email, including the terms and conditions agreed upon over the telephone. No further declarations from the parties are required.

The contract shall also be concluded if Mahisha Recruitment Consultancy receives the order form bearing the customer's signature by post, fax, email or other electronic form, or if Mahisha Recruitment Consultancy otherwise confirms the conclusion of the contract on the basis of the order form in writing.

Order forms from Mahisha Recruitment Consultancy that have been modified by the customer are considered a new offer from the customer; the contract is only concluded upon explicit acceptance by Mahisha Recruitment Consultancy. The provision of services does not constitute implied acceptance of the modified contractual offer.

4 ) Service description

The description of the service offered in each case can be found in Part B of these General Terms and Conditions.

The contract authorizes Mahisha Recruitment Consultancy to use customer data and data generated within the scope of the business relationship for trend analyses and overviews, and to publish them anonymously. Mahisha Recruitment Consultancy is obligated to comply with applicable data protection regulations.

Protection against competition is not granted.

5 ) Remuneration for the service

The remuneration for the services to be provided by Mahisha Recruitment Consultancy is determined according to the prices published on the Mahisha Recruitment Consultancy website at the time of contract conclusion. All prices are exclusive of statutory VAT.

Prices for services not published on the Mahisha Recruitment Consultancy website are subject to individual agreement between Mahisha Recruitment Consultancy and the customer.

6 ) Payment agreements, cost arrangements and retention rights

Invoicing will occur upon conclusion of the contract, unless otherwise agreed in an individual contract. Mahisha Recruitment Consultancy reserves the right to request advance payments from the customer.

Payment is due 10 days after invoicing without deductions. In the event of late payment or deferment, interest will be charged at a rate of 9 percentage points above the base interest rate of the European Central Bank, as well as costs and fees for determining and enforcing the payment claim. In addition, Mahisha Recruitment Consultancy is entitled to claim a default penalty of €40 (Section 288 (5) of the German Civil Code).

In the event of late payment, Mahisha Recruitment Consultancy is entitled to suspend services or parts thereof until full payment is received. This does not apply to the extent the customer has a right of retention. If an agreed installment payment is not paid within 30 days of the due date, the entire remaining amount becomes due immediately. The right of retention under sentence 1 applies accordingly.

We only accept payment by bank transfer from abroad if the customer simultaneously covers all applicable bank charges.

Customer payments will always be offset against the oldest outstanding balance. Mahisha Recruitment Consultancy may refuse to provide its services until all outstanding payments have been made by the customer.

We reserve the right to send invoices and all correspondence related to invoices, such as, but not limited to, payment reminders, only as email attachments. The customer agrees to provide a current email address for delivery and to promptly inform Langguth GmbH of any changes to the email address.

7 ) Basics of cooperation

The customer's rights under the contract are non-transferable and non-assignable. Any transfer of the contract by third parties requires the written consent of Mahisha Recruitment Consultancy

The customer undertakes to provide Mahisha Recruitment Consultancy with all information and documentation necessary and appropriate for the provision of the contractual services in a timely manner. Any further cooperation obligations of the customer are set out in Part B of these General Terms and Conditions in accordance with the respective product-specific service description.

The customer ensures that all content published by them on the Mahisha Recruitment Consultancy website or submitted to Mahisha Recruitment Consultancy for publication is free of third-party rights. The customer guarantees that they hold all third-party exploitation rights. The customer will compensate Mahisha Recruitment Consultancy for any damages resulting from a violation of this provision upon first request. By placing an order, the customer confirms that they have acquired all rights of use from the owners of copyright, ancillary copyright, and other rights to the documents and data provided by them, and that they are free to dispose of them.

To further develop our services, particularly with regard to industry-specific trends and a proactive response to market changes, Mahisha Recruitment Consultancy regularly conducts tests. These tests determine which presentation styles, product changes, or services are more popular with users and customers. As a general rule, Mahisha Recruitment Consultancy will not inform customers in advance about such tests. However, the customer generally has no right to object to the conduct of a test.

Both parties will make reasonable efforts to ensure the uninterrupted operation of their respective Internet platforms and systems. However, no guarantee can be given that the Internet platforms and systems will not experience interruptions in operation. In particular, disruptions and interruptions in operation may occur due to maintenance work.

For services published and/or used on websites not operated by Mahisha Recruitment Consultancy, additional requirements and restrictions may apply in addition to these Terms and Conditions, in particular in addition to the provisions of Part B of these Terms and Conditions.

8 ) Copyrights and other ancillary copyrights

This agreement does not transfer any ownership or usage rights, licenses, or other rights to the software to the customer. All rights to the software used by the customer, as well as to trademarks, titles, brands, copyrights, and other industrial property rights/related rights of Mahisha Recruitment Consultancy, remain unconditionally with Mahisha.

All work results and information published by Langguth GmbH are subject to the copyright of Mahisha . This excludes only those work results and information published by Mahisha Recruitment Consultancy that were created by the customer or a third party and adopted by Mahisha unchanged for publication on the Internet.

Mahisha Recruitment Consultancy is the producer and author of its databases within the meaning of Section 87a (1), (2) UrhG and Section 4 UrhG and is the owner of all associated exclusive rights.

9 ) Provisions on API connections

Mahisha Recruitment Consultancy has developed various interface programs (hereinafter referred to as "Mahisha Recruitment Consultancy API") that Mahisha Recruitment Consultancy makes available to the customer for the purpose of linking and communicating with the Mahisha Recruitment Consultancy portals. An API (Application Programming Interface) is a machine-readable connection between the API provider and the API consumer (customer) for the purpose of communication. Mahisha Recruitment Consultancy API enables the customer to communicate with Langguth Mahisha Recruitment Consultancythe framework of the specifications set out in this section.

The customer undertakes to connect only those applications to the Mahisha Recruitment Consultancy portals that have been approved in advance by Mahisha Recruitment Consultancy. An application includes all of the customer's programs or IT systems that are to be connected, created, and/or adapted and that are directly required for connecting and/or communicating with the Mahisha API. Mahisha Recruitment Consultancy will review the application in advance to ensure that it meets the technical requirements. Mahisha Recruitment Consultancy will communicate these requirements to the customer at the start of implementation. The customer undertakes to carefully and continuously check its application to ensure that it does not contain viruses, worms, time bombs, Trojan horses, or other harmful or malicious code, files, scripts, agents, or programs, or transmits them via the Mahisha Recruitment Consultancy API. The customer undertakes not to conduct DNS attacks. DNS attacks include, in particular, DoS, DDoS, DNS spoofing/DNS cache poisoning, fast flux, reflected attacks, or reflective amplification DoS. If there are indications that the application does not meet the contractual requirements during operation, Mahisha Recruitment Consultancy will notify the customer immediately and request that the error be corrected without delay. The deadline for correction depends on the severity of the error. If the customer fails to comply with the request within the specified deadline,Mahisha Recruitment Consultancy reserves the right to block access to the API until the error is corrected.

The customer undertakes to make commercially reasonable efforts to keep its systems functional for communication via Mahisha Recruitment Consultancy API. The customer undertakes not to encode or send redundant queries to Mahisha Recruitment Consultancy API. Redundant queries are classified as DDoS-like attacks and will lead to the temporary or permanent blocking of the Mahisha Recruitment Consultancy API or, in the case of repeated or significant impairments of the Internet platform, to the termination of the contract. The Internet platform encompasses all software and hardware-like systems used to enable the performance of the Mahisha Recruitment Consultancy portals. An impairment is considered significant if it leads to data loss or interruptions in the operation of the Internet platform.

Mahisha Recruitment Consultancy grants the customer a temporally and spatially limited, non-exclusive, non-transferable right to use the Mahisha Recruitment Consultancy API for the development, testing, support, and operation of the application, within the scope of the Mahisha portals and for the duration of the agreement. The customer is not permitted to attempt to make all or part of the software available in a human-perceivable form through decompilation, disassembly, reverse engineering, or any other means.

Developer credentials (including passwords, keys, and client IDs) are intended for the customer and identify their Mahisha API link. The customer is obligated to keep their credentials confidential and to use reasonable efforts to prevent third parties from using these credentials. Developer credentials may not be embedded in open source projects. The customer receives a so-called consumer key, a string of characters that identifies and authorizes the customer to work with and on the Mahisha Recruitment Consultancy API. The customer may not disclose the consumer key to third parties and must take appropriate security measures to ensure that third parties do not gain access to the consumer key. The customer is liable for all operations performed with their consumer key.

The customer is obligated to secure and protect its applications and systems against external attacks and technical malfunctions in accordance with all generally accepted technical rules in order to prevent attacks on and damage to the Mahisha Recruitment ConsultancyInternet platform. In the event of an external attack or technical failure that could damage Mahisha Recruitment Consultancy's data or systems, the customer must notify Mahisha Recruitment Consultancy immediately, but no later than within 36 hours, in writing (email is sufficient) and take all possible and necessary measures to protect Mahisha Recruitment Consultancy's data and systems from damage. Interference may lead to the temporary or permanent blocking of the Mahisha Recruitment Consultancy API or, in the case of repeated or significant interference with the Internet platform, to the termination of the contract. The Internet platform comprises the entirety of all software and hardware-like systems used to enable the performance of the Mahisha Recruitment Consultancy portals. Interference is considered significant if it leads to data loss or interruptions in the operation of the Internet platform.

Upon termination of the agreement between the customer and Mahisha Recruitment Consultancy, all API connections to the Mahisha Recruitment Consultancy portals will be terminated within forty-eight (48) hours.

10 ) Warranty and limitation period

The basis for the provision of services is exclusively the service characteristics and scope agreed upon in writing. The customer must inspect the services immediately upon receipt and report any defects to Mahisha Recruitment Consultancy without delay. Failure to do so will result in the services being deemed to have been provided without defects.

Mahisha Recruitment Consultancy will initially attempt to fulfill its obligation to remedy the defect by remedying the defect. Only if this attempt fails twice can the customer withdraw from the contract or exercise their right to a reduction in price.

The customer's warranty claims do not extend to defects that consist of only an insignificant deviation from the agreed quality or only an insignificant impairment of usability.

All warranty claims expire within one year. The limitation period begins at the time the customer becomes aware of the defect or, in the case of gross negligence, should have become aware of it.

11 ) Liability

Mahisha Recruitment Consultancy is liable for damages regardless of the legal basis in the event of intent or gross negligence.

In other cases, Mahisha Recruitment Consultancy is only liable for breaches of a contractual obligation whose fulfillment enables the proper execution of the contract and on whose compliance the customer may regularly rely (so-called cardinal obligations), and is limited to compensation for foreseeable and typical damages. In all other cases, liability is excluded – subject to the following provision in Part A, Section 11.3.

Liability for damages resulting from injury to life, body or health and under the Product Liability Act remains unaffected by the above limitations and exclusions of liability.

The customer may only withdraw or terminate the contract due to a breach of duty that does not constitute a defect if Mahisha Recruitment Consultancy is responsible for this breach of duty.

If third parties assert claims (“Intellectual Property Claim”) against the Customer due to the infringement of patents, copyrights, trademarks, business names or trade secrets by a service provided by Mahisha Recruitment Consultancy (“Infringement of Intellectual Property Rights”), Mahisha Recruitment Consultancy shall indemnify the Customer against all costs (including reasonable legal defense costs) and claims incurred by the Customer as a result of final judgments of competent courts or by Mahisha Recruitment Consultancy through written settlements, provided that (i) the cause of the infringement of Intellectual Property Rights was not set by the Customer, for example in the case of the publication of inadmissible content according to Part B., Section 1.3.2. , (ii) the Customer notifies Mahisha Recruitment Consultancy in writing within a maximum of twenty (20) working days after the initial claim, (iii) Mahisha Recruitment Consultancy retains sole control over the defense against the Intellectual Property Claim and (iv) the Customer provides reasonable support and all information so that Mahisha Recruitment Consultancy can fulfill its obligations hereunder. The above obligation does not apply to measures or declarations to which Mahisha Recruitment Consultancy has not previously consented in writing, and not to the extent that the customer continues infringing activities after being notified of changes that would have prevented an infringement. If an infringement of intellectual property rights is determined by a competent court or is deemed possible by Mahisha Recruitment Consultancy, Mahisha may, at its own discretion and expense, either (i) replace or modify the services so that the infringement no longer exists, or (ii) procure a right of use for the customer in the intellectual property right, or (iii) if measures under (i) or (ii) are not possible or unreasonable, terminate this contract extraordinarily with immediate effect.

12 ) Confidentiality and protection of personal data

Mahisha Recruitment Consultancy undertakes to keep confidential all information marked "confidential" that company Mahisha receives from the customer within the scope of this contract. Mahisha Recruitment Consultancy will continue to fulfill this obligation even after the contract term has expired.

The customer is responsible for exercising the greatest possible care when using IDs, passwords, user names, or other security devices provided in connection with the services, and for taking every measure to ensure the confidential and secure handling of data and prevent its disclosure to third parties. The customer will be held responsible for the use of their passwords or user names by third parties if they cannot consistently demonstrate that they did not cause access to such data and that the reasons for this were beyond their control. The customer is obligated to immediately inform Langguth GmbH of any possible or already known unauthorized use of their access data. In the event of a breach of one or more of the obligations set forth in these Terms and Conditions by the customer, in particular but not exclusively those listed under this section, Mahisha Recruitment Consultancy is entitled to terminate the services without further notice and remove them from the website, without waiving any payment obligations of the customer.

The contracting parties undertake to keep confidential and not disclose to third parties all information that they have received directly or indirectly in connection with the respective contract and in the course of its implementation, and which is of a technical, financial, or other business or confidential nature. Affiliated companies of Mahisha Recruitment Consultancy within the meaning of Sections 15 et seq. of the German Stock Corporation Act (AktG) are not considered third parties.

This confidentiality obligation does not apply to information that is public knowledge or that was already known to the party, or that the party obtained from a third party in a legally permissible manner, or that it developed itself without violating any confidentiality obligations. The burden of proof rests with the party invoking this obligation.

These obligations to comprehensive confidentiality remain in effect even after termination of the respective contract.

Mahisha Recruitment Consultancy is entitled to collect, process and store the customer's personal data in compliance with the provisions of applicable data protection laws, guidelines and other regulations.

Mahisha Recruitment Consultancy further guarantees that all employees of company have been obliged to maintain data secrecy and special confidentiality in accordance with applicable data protection, telecommunications and other relevant laws

13 ) warning, court decision

If the customer has been warned by Mahisha Recruitment Consultancy regarding a publication or its content on the website, if the customer has already submitted a cease-and-desist declaration regarding certain content made available for publication or published by the customer, or if a corresponding preliminary injunction, judgment, or other court decision or official order has been served on Mahisha Recruitment Consultancy, the customer is obligated to immediately notify Mahisha \ in writing. If the customer fails to do so, the company shall not be liable. The customer is then obligated to indemnify Mahisha against any claims asserted by third parties upon first request and to compensate Mahisha Recruitment Consultancy for any resulting damages.

14 ) Term and termination

The contract enters into force upon conclusion of the contract, unless otherwise agreed. The contract ends automatically upon expiration of the agreed term, unless otherwise stated in Part B of these Terms and Conditions for specific products.

15 ) Final provisions

These Terms and Conditions and the entire legal relationship between the contracting parties are subject to the law of the Federal Republic of Germany, excluding the UN Convention on Contracts for the International Sale of Goods (CISG) and international private law as well as its choice of law clauses or conflict of law rules.

SSL and/or TLS encryption

Mahisha Recruitment Consultancy provides the customer with advertising space for the publication of job advertisements on the Langguth GmbH websites. The job advertisements ("Advertisements") are published online in the customer's name.

In addition to job advertisements,Mahisha Recruitment Consultancy also provides other job- and career-related services and information for users and customers on its websites. Considering the interests of users and customers, the user-friendly preparation and presentation of information by Mahisha Recruitment Consultancy is essential to ensure the usability of the websites. Mahisha Recruitment Consultancy therefore reserves the right to adapt the presentation of the websites at any time and at its own discretion, as well as to discontinue or expand services unless these have been contractually guaranteed.

Mahisha Recruitment Consultancy integrates a button labeled "Post a Job" or similar in its job advertisements. Candidates can use this link to enter their contact information and upload their CV and other application documents using the application form provided there. Depending on the customer's selection, this button can link either
a) to a website specified by the customer or
b) to a standardized application form operated by Mahisha Recruitment Consultancy on its platforms.
The data requested in the application form is transmitted to the customer's Mahisha Recruitment Consultancy account ("Customer Center") upon submission of the application and can be received by the customer there. In this case, Mahisha Recruitment Consultancy only has access to the candidates' application data if the application was submitted by a candidate registered with Mahisha. Mahisha Recruitment Consultancy then becomes aware of an application from the registered candidate's user profile. In this case, each party is individually responsible for data processing.
To the extent that the transmission of status information by the customer to Mahisha Recruitment Consultancy is technically set up and possible, the customer will provide Mahisha Recruitment Consultancy with information on the application status of candidates. The customer will only provide Mahisha with status information on candidates who have applied to the customer via the Langguth GmbH platform and who are registered with Mahisha Recruitment Consultancy with a user account. Status information is information on the application status of candidates with the customer. This includes, for example, the receipt of the application, the opening of the application, or the rejection of candidates. Mahisha Recruitment Consultancy ensures that a legal basis under data protection law exists for the transmission and processing of the personal data of candidates. For the processing of status information, the customer and Mahisha Recruitment Consultancy act as joint controllers, so that Part D of these General Terms and Conditions applies to this processing. If the customer's interest in not displaying certain status information, such as the rejection of candidates, outweighs the need for the candidate to be shown, Mahisha Recruitment Consultancy will not display this information to the candidate. Mahisha reserves the right to use the data anonymously for statistical analysis.

Mahisha Recruitment Consultancy assumes no responsibility for submitted data material, advertising texts, or related storage media and is, in particular, not obligated to retain or return them to the customer. Deletion after the end of the contract will be carried out in accordance with legal requirements.

Depending on the product category selected by the customer, job advertisements are published on the website for the period agreed upon in the individual contract ("Publication Period"), accessible at https://personalvermittlung-headhunter.de/de/jobs/. As long as the advertisements are published within the contract term, they will be published for the full 30-day period. After the expiration of the publication period, a job advertisement can be extended by 30 days at a time, provided this occurs within the contract term. The customer can request an extension by extending their purchased package. The customer can make changes themselves in the customer center. The extension of the publication of a job advertisement is considered a new, chargeable publication based on the contract existing between Mahisha Recruitment Consultancy and the customer.

Job advertisements can be saved by registered users in their account for a maximum period of six months and can therefore be visible to registered users beyond the placement period according to Part A, Section 1.1.5.

The job advertisement can only be placed within the agreed contract term. Upon expiration of the contract term, the customer's right to use the advertising spaces not used within the contract term expires. The agreed number of job advertisements can only be accessed within the agreed contract term. Upon expiration of the contract term, the customer's right to use the advertising spaces not used within the contract term expires.

Job advertisements and use of the platform

When creating job advertisements, the customer must comply with Mahisha Recruitment Consultancy's quality standards. These include, in particular, providing the job title and description, as well as the customer's company logo, in accordance with the quality standards and other requirements.

The customer bears sole responsibility for the content submitted by the customer for publication under press, competition, data protection, and other law. The customer is, in particular, solely responsible for compliance with the applicable legal provisions concerning the content submitted. The customer further guarantees that the content of the advertisements does not violate any legal prohibition or the rights of third parties.

The customer must configure its own infrastructure in accordance with the current state of the art in such a way that it is neither the target nor the source of disruptions that are likely to impair the Internet service offered by Mahisha Recruitment Consultancy or, in general, the smooth and error-free operation of the network.

Mahisha Recruitment Consultancy reserves the right not to execute orders placed by the customer, or, with regard to job advertisements already published, to remove them again if the content to be published violates legal requirements, official prohibitions, the rights of third parties, common decency, or the General Terms and Conditions of Mahisha Recruitment Consultancy. The same applies if links are placed on behalf of the customer to service elements that lead directly or indirectly to pages with inadmissible content. The customer's obligation to pay remains unaffected. Mahisha Recruitment Consultancy is only obligated to remove such inadmissible content within the framework of the legal provisions and upon request from the customer. Mahisha Recruitment Consultancy reserves the right to (re-)publish removed or unexecuted orders, provided that the customer has remedied the cause and the company has considered asserting its right of rejection. If Mahisha is held liable for inadmissible content or other violations of the law for which the customer is responsible, the customer will indemnify Mahisha Recruitment Consultancy upon first request. The indemnity includes the necessary legal costs.

A right of refusal also exists in particular if the following requirements are not met by the customer:

If self-employment or freelance work is advertised, it must be clearly identified as such in the text.

The job advertisement posted on the website must be accessible and available to candidates so that they can view it and apply. If Langguth GmbH becomes aware that a job advertisement no longer exists or is not accessible to candidates, Mahisha Recruitment Consultancy reserves the right to remove the job advertisement from the job board without prior notice to the customer . This also applies if the job advertisement no longer exists within the term agreed upon in the customer's order form. If candidates are required to provide advance services or make their own financial investments (including participation in training courses and travel expenses), this must be clearly stated in the text. The same applies if commission is paid for the successful recruitment of new members for a self-contained system.

The content must relate to a vacant position or activity. Advertising for club or association memberships is prohibited. Advertising for participation in illegal network marketing (Section 16 of the German Act Against Unfair Competition) is also prohibited.

Websites that are named or sent to Mahisha Recruitment Consultancy for linking must comply with the minimum legal requirements and, in particular, contain an imprint that complies with the legal principles and those developed by case law.

Permitted links are only permitted as so-called "no follow" links, i.e., they must be configured in such a way that they are not used by search engines to calculate link popularity.

All content of an ad must be directly visible to users. Unless explicitly offered by Mahisha Recruitment Consultancy as part of special advertising products, the customer's own tracking codes and interactive elements that can be controlled, for example, by clicks or mouse-overs are not permitted. Exceptions to this are links to other pages and email addresses, which otherwise meet the requirements of this section. In any case, links must be designed in such a way that it is recognizable when they link to external pages.

The provisions of the General Equal Treatment Act must be complied with.

Even if the above requirements are met, no content unrelated to the job search may be published in addition to content related to the position or activity, such as competitions, events without career relevance, pure advertising campaigns, etc. If these requirements are not met, the content is considered inadmissible content with consequences as per Part B, Section 1.3.1.

Mahisha Recruitment Consultancy transmits messages from the customer to the applicant only as a messenger. The customer guarantees that it will provide Mahisha with all legally required messages for transmission to applicants and that the messages provided do not violate applicable law. In this context, particular attention is drawn to the obligation to provide reasons for candidates with disabilities according to Section 81 of the German Social Code (SGB IX). In the event of unlawfully omitted or unlawful messages from the customer to candidates, the customer shall indemnify Mahisha Recruitment Consultancy upon first request from all claims by third parties, and Mahisha Recruitment Consultancy reserves the right to disclose the customer's contact details to affected candidates.

We point out that certain legal requirements and prohibitions regarding job advertisements may also exist in other countries. These must be observed. The customer is responsible for informing themselves about any specific regulations and restrictions.

Mahisha Recruitment Consultancy strives to continuously optimize the response rate to the customer's job advertisements and to increase the quantity and quality of the available applications. This includes:

The entering into cooperations in all media (including online, offline, TV, mobile, and moving image products, as well as new types of use). The customer agrees that the service elements may be published online and/or offline in print, audio, or image by Mahisha Recruitment Consultancy, including in print or online media of cooperation partners. In all cooperations, Langguth GmbH pays attention to the image and quality of the cooperation partner.

Ensuring user-friendly readability on all devices by optimising the display of the advertisement.

Mahisha Recruitment Consultancy reserves the right to adjust or change the categorization, headings, or presentation of job advertisements at any time at its sole discretion. The customer has no right to have their job advertisements published in a specific category, heading, or presentation selected by them.

In order to improve ad quality across devices, Mahisha Recruitment Consultancy reserves the right to convert the ad layout accordingly.

A job advertisement on https://personalvermittlung-headhunter.de/de may be displayed together with a salary forecast. The customer can independently specify a salary range for their job advertisement posted on the Mahisha website. Alternatively, Mahisha Recruitment Consultancy reserves the right to independently provide a salary forecast for the job advertisement placed by the customer. The salary forecast will be published in connection with the job advertisement with the addition "powered by Mahisha Recruitment Consultancy."

When creating an ad, the customer has the option of viewing and adjusting the salary forecast for the position in the customer center by opening the salary forecast widget on the right side of the editor. The customer must specify an annual gross minimum and maximum amount in euros. The salary forecast is not an absolute value in euros, but merely a salary range.

The respective salary forecast displayed by Mahisha Recruitment Consultancy is based on a data analysis conducted by Mahisha of anonymized data sets. This involves the evaluation of salary data received by Mahisha Recruitment Consultancy as part of annual salary reports, other regular surveys, via the salary planner tool, or via the information provided by a company in accordance with Part B, Section 1.3.7.1. Using a forecast model created by Mahisha Recruitment Consultancy, a salary forecast is created for the relevant job advertisement based on the aforementioned data analysis. This forecast is displayed to candidates who are registered and logged in to Mahisha Recruitment Consultancy when they view the job advertisement. The result of the forecast is based on the evaluation of the following calculation characteristics in particular:

Salary data (e.g. job title, location, salary)
Industry
Company size
Job-specific factors (e.g. professional experience, level of management responsibility, qualifications, etc.)

If the customer chooses to specify a salary range in the editor for the job advertisement in question, the specified values must be accurate. Mahisha Recruitment Consultancy reserves the right not to display a salary range specified by the customer in the advertisement or to adjust it if there is reasonable cause to suspect that the values are inaccurate or have been misused.

To further develop our services, particularly with regard to industry-specific trends and a proactive response to market changes, Mahisha Recruitment Consultancy regularly conducts A/B tests. These tests determine which presentation styles, product changes, or services are more readily accepted by users and customers. As a general rule, Mahisha Recruitment Consultancy will not inform customers in advance about such tests. However, the customer generally has no right to object to the conduct of a test.

The customer is aware that content published on the Internet is searched by searchengines such as Google and others, and that these search engines archive the published content. Mahisha Recruitment Consultancy will specify in the metadata of the advertisements that the advertisements should not be archived. If an advertisement is nevertheless archived by a search engine, Langguth GmbH is not responsible for this. Requests for deletion of the archived data must be directed to the operator of the respective search engine.

We point out that Mahisha Recruitment Consultancy cannot prevent unauthorized publication of job advertisements by third parties. However, Mahisha Recruitment Consultancy will endeavor to prevent such publications within the limits of legal and technical possibilities, including on behalf of the customer.

The customer transfers to Mahisha Recruitment Consultancy all ownership rights to databases that it has submitted to Mahisha for publication in connection with multiple advertisements. In particular, Mahisha Recruitment Consultancy shall be granted the sole right to assert economic ownership of its job advertisement database against third parties.

An offer from Mahisha Recruitment Consultancy at a lower price than stated in the price list is only valid under the specific conditions and for the specific customer. It is not possible to have a third party, such as an agency , act as the contractual partner instead of the customer .

If individual performance elements are used in a performance comparison, average values are decisive. The key figure is determined by comparing the average of a significant number of products without the respective performance element with those with the respective performance element.

Mahisha Recruitment Consultancy offers the publication of job advertisements as so-called boxed advertisements. In a boxed advertisement, the author of the advertisement – the client – is not named. The requirements and obligations of this section apply accordingly.

Pursue

A customer's company profile is published on the company website. Mahisha Recruitment Consultancy provides input fields for this purpose, which the company can fill out itself. Links to competitor websites and content, or the use of competitor content from Mahisha Recruitment Consultancy, are not permitted unless the customer is itself a competitor of Mahisha and links to its own web content.

If the customer creates a company, Mahisha reserves the right to fill the input fields with publicly available company information itself, unless the company expressly objects to this in writing.

The company may also be visible on the Mahisha Recruitment Consultancy website beyond the duration of a job advertisement.

Mahisha Recruitment Consultancy maintains online databases containing candidate resumes. Candidates can upload their profiles or resumes to these databases. Once activated, candidates publish their profiles or resumes in the Mahisha Recruitment Consultancy database either in a format that discloses only certain data ("partially active profile") or in such a way that all of their profile data is immediately visible in the database ("open profile"). Customers who book access to the applicant database can directly view open profiles with their personal data and enter a message, or, for partially active profiles, a contact request, which Mahisha Recruitment Consultancy then forwards to candidates via email.

Furthermore, as a free additional service, the customer can save comments on candidates whose profiles they can view in their account. Mahisha Recruitment Consultancy saves and processes these comments on behalf of the customer within the meaning of Art. 28 GDPR. The terms and conditions for order processing in Part C of these General Terms and Conditions apply. For the avoidance of doubt, the other services within the scope of the DirectSearch Database are not provided as order processing; in this case, Mahisha Recruitment Consultancy merely provides the content stored by candidates at Mahisha Recruitment Consultancy and remains the controller under data protection law. If the customer uses this data, they may become an additional controller.

Access to the applicant database is strictly personal and is permitted to the customer exclusively for their own use. Access to the applicant database and the viewed profiles may not be disclosed to third parties. Access for the purpose of poaching customers is prohibited. No customer may establish hyperlinks ("deep links") from their website to the Mahisha Recruitment Consultancy applicant database. Mahisha Recruitment Consultancy reserves the right to prosecute any violation of this provision immediately and without prior warning.

If candidates delete their CV or do not make it visible, it will be automatically deleted from the Direct Search Database and access will no longer be possible. The respective comment saved in accordance with Part B, Section 8.1.2 will also no longer be available.

The applicant database may not be used to search for candidates using search criteria that violate the General Equal Treatment Act (AGG).

The customer must act in accordance with legal regulations, laws protecting third parties, and common decency.

The customer undertakes, in particular, not to disclose personal data of candidates unless this is necessary to fill a specific vacancy, to treat this data confidentially, and to comply with all data protection regulations. Candidate data may only be processed in connection with filling a specific vacancy, and candidates may only be contacted for this purpose. Mahisha Recruitment Consultancy assumes that storage is necessary for a maximum of 12 months, also taking into account possible defense against AGG claims. The customer therefore undertakes to delete all data of the data subjects stored by it and received by Mahisha Recruitment Consultancy no later than 12 months after access to the data. Mahisha Recruitment Consultancy reserves the right to block the customer's access in the event of a violation.

If Mahisha Recruitment Consultancy is requested by candidates to delete their personal data and Mahisha Recruitment Consultancy notifies the customer of this, the customer must immediately delete all copies, files or data belonging to specific candidates, unless the customer has a right to retain this data.

The information provided by candidates is provided solely by the candidates themselves, so Mahisha Recruitment Consultancy cannot guarantee its completeness, accuracy, diligence, or availability. Nor does Mahisha Recruitment Consultancy guarantee a specific number of responses or applications to job advertisements.

The Customer acknowledges that special rules apply to data transfers outside the scope of the European Union or the EEA. The Customer will therefore only transfer personal data to third countries under the conditions set out in Articles 44-49 of the GDPR.

The customer shall indemnify Mahisha Recruitment Consultancy against all losses, costs, claims, damages and other expenses incurred by Mahisha as a result of the customer's failure to comply with its obligations.

Mahisha Recruitment Consultancy Dashboard

Mahisha Recruitment Consultancy grants the customer a non-exclusive and non-transferable right, limited to the term of the contract, to use the Langguth GmbH Customer Center. The Customer Center allows the customer to create and publish their own advertisements.

The customer creates access data for user identification. The customer can change the password at any time. Within their general area of responsibility, the customer is responsible for ensuring that both the user ID and password can only be used by persons authorized to access the Mahisha Recruitment Consultancy Customer Center. The customer must also observe any additional security criteria that may be communicated to them. If an agency acts for or on behalf of the customer, the same provisions apply.

If applications have been submitted to the customer in their customer center, the customer can view them there and, depending on the functionality, record the status of the application and communicate with candidates.

Candidates' application data will be deleted from Mahisha Recruitment Consultancy's applicant management system if retention periods have expired or if candidates assert their right to be forgotten against Mahisha Recruitment Consultancy in accordance with Article 17 GDPR.

Mahisha Recruitment Consultancy's services regarding the customer center and applicant management do not include the permanent storage of data. The customer is responsible for creating backup copies of this data.

With regard to applicant management and the processing of applications from non-registered candidates in the customer center, Langguth GmbH processes personal data on behalf of the customer within the meaning of Art. 28 GDPR; the conditions for order processing in Part C of these General Terms and Conditions apply.

With regard to applicant management and the processing of applications from registered candidates in the customer center, Mahisha Recruitment Consultancy processes personal data jointly with the customer as part of a joint controllership within the meaning of Art. 26 (1) GDPR. The conditions regarding joint controllership in Part D of these General Terms and Conditions apply.

In connection with the application, the customer can also access candidate user profiles via the applicant management system. These services are not provided as contract processing. Mahisha Recruitment Consultancy merely provides the content stored by candidates at Mahisha and remains the controller under data protection law; if the customer uses this data, they may become an additional controller.

Customer information obligations

Pursuant to Section 312i of the German Civil Code (BGB), Article 246c of the Introductory Act to the German Civil Code (EGBGB), Mahisha Recruitment Consultancy provides the following information:

The customer is guided to the advertising contract via the following individual technical steps:

Completion of the order form including ad sample
When viewing a job advertisement in the standard layout, a preview can be viewed on certain pages until the order is placed. Before completing the order, the order can be checked for input errors by clicking the "Check Order" button. Corrections can be made by returning to the previous steps by clicking the corresponding button.
Reading and acceptance of the terms and conditions by the customer
Click on “Place order” by the customer
Electronic confirmation of receipt of the order by Mahisha Recruitment Consultancy (this is not an order confirmation, but serves to confirm receipt of the order)
Order confirmation by Mahisha Recruitment Consultancy

The contract has thus been concluded in accordance with Part A, Section 3 of these Terms and Conditions. The advertisement will now be posted online.

The customer is guided through the following individual technical steps to the contract for applicant database access:

Fill out the contact form
Reading and acceptance of the terms and conditions by the customer
Click on “Place order” by the customer
Electronic confirmation of receipt of the order by Mahisha Recruitment Consultancy (this is not an order confirmation, but serves to confirm receipt of the order)
Order confirmation by Mahisha Recruitment Consultancy

The contract was thus concluded in accordance with Section 3 of Part A of these General Terms and Conditions.

These terms and conditions (general terms and conditions, product-related terms and conditions for advertisements, product-related terms and conditions for the applicant database (DirectSearch Database), or product-related terms and conditions for online submission) contain the complete contract text for both the online placement of an advertisement and the online booking of access to the applicant database. The price for an online submission is based on the price list published at http://www.my-job.work/ at the time the contract offer was made to the customer by Mahisha Recruitment Consultancy. The legal relationships arising from the (free) visit to the Mahisha Recruitment Consultancy website are explained and defined in more detail in our terms of use. After the contract has been concluded, we save the customer's entries during online submission. These entries are not accessible to the customer after the contract has been concluded. Furthermore, we would like to point out that we only publish the current terms and conditions and price lists online and that the terms and conditions and price lists applicable at the time the contract is concluded are therefore no longer accessible to the customer if they are updated later.

Pursuant to Section 312i (1) Sentence 1 No. 3 of the German Civil Code (BGB), Mahisha Recruitment Consultancy provides technical means to detect and correct input errors before the order is placed. The most important element in online advertising is the ad preview on each of the three form pages.

The language available for concluding the contract is German.

Mahisha Recruitment Consultancy is committed to the German data protection standards, the codes set out in the Terms of Use and the Privacy Policy of Mahisha Recruitment Consultancy.

Processing of personal data on behalf of the customer by Mahisha Recruitment Consultancy – Data Processing Agreement (DPA)
Order processing

Within the scope of sections 1.1.1 to 1.1.4 of this DPA, Mahisha Recruitment Consultancy processes personal data on behalf of the customer within the meaning of Article 28 of the General Data Protection Regulation (“GDPR”):

Mahisha Recruitment Consultancy processes personal data on behalf of the customer, provided that the customer does not use an applicant management system and unregistered candidates apply for the customer's job advertisement, so that the candidate data is forwarded to the customer's Mahisha Recruitment Consultancy customer center.

Finally, Mahisha Recruitment Consultancy processes personal data on behalf of the customer within the framework of applicant management, provided that the customer processes applications from non-registered candidates in its customer center.

Data processing (see sections 1.1.1 to 1.1.4) within the meaning of Art. 28 GDPR is carried out in compliance with the following regulations.

Mahisha Recruitment Consultancy processes personal data exclusively within the scope of an order and in accordance with the documented instructions of the customer. Unless an exceptional case exists within the meaning of Art. 28 (3) lit. a GDPR.

The processing takes place in member states of the European Union or in another contracting state to the Agreement on the European Economic Area, unless instructions to the contrary have been given and transmission is permitted in accordance with the provisions of Articles 44 to 49 GDPR.

The duration of the order processing corresponds to the duration of use of the respective services. With regard to the forwarding of candidate data to the customer's customer center according to section 1.1.1 and applicant management according to section 1.1.4 of this DPA, the duration of the order processing corresponds to the duration of the application process, whereby the data is deleted by the system 12 months after receipt of an application. The same applies to comments added by the customer to candidate profiles as part of the comment function according to section 1.1.2 of this DPA. The duration of processing of the video interview service according to section 1.1.3 of this DPA is as follows:

Obligations of the customer as client

According to Art. 4 No. 7 GDPR, the customer is responsible for the personal data collected and processed by Mahisha Recruitment Consultancy in accordance with the contract.

The customer shall inform Mahisha Recruitment Consultancy immediately and completely if, when reviewing the order results, he discovers any errors or irregularities regarding data protection regulations.

The customer maintains a register of processing activities in accordance with Art. 30 (1) GDPR.

Obligations of Mahisha Recruitment Consultancy as contractor

Mahisha Recruitment Consultancy will notify the customer immediately if Mahisha Recruitment Consultancy believes that an instruction from the customer violates applicable laws. Mahisha Recruitment Consultancy may suspend implementation of the instruction until the customer confirms it as permissible or amends it.

Mahisha Recruitment Consultancy complies with the provisions of this data processing agreement and relevant applicable data protection laws, in particular the GDPR.

Mahisha Recruitment Consultancy takes appropriate organizational and technical measures in accordance with the relevant data protection laws, including the GDPR and in particular Art. 32 GDPR, to protect the personal data of data subjects and their rights and freedoms, taking into account implementation costs, the state of the art, the nature, scope, and purpose of processing, as well as the likelihood and severity of the risk. These protective measures are set out in the overview of technical and organizational measures, which can be accessed in Appendix 2. The technical and organizational measures are subject to technological progress and further development. Therefore, Mahisha Recruitment Consultancy is obligated to review their effectiveness and adapt them accordingly in line with advances in technology. Alternative security measures are permitted as long as they do not fall below the security level of the specified measures. Significant changes must be documented and reported to the customer immediately. If the measures are changed in such a way that, from the customer's perspective, Mahisha Recruitment Consultancy cannot guarantee equivalent or greater data protection, the customer, after unsuccessfully issuing instructions, has the right to terminate the contract for good cause with regard to the services covered by these Additional Terms and Conditions for Data Processing. The same applies if such changes are not notified.

Mahisha Recruitment Consultancy provides the customer with the information necessary for the list of processing activities pursuant to Art. 30 (1) GDPR and maintains its own list of all categories of processing activities carried out on behalf of customers in accordance with Art. 30 (2) to (5) GDPR.

All persons who have access to personal data processed on behalf of the customer must be bound to confidentiality in accordance with Art. 28 (3) lit. b GDPR and must be informed of the special data protection obligations arising from this contract as well as the existing binding instructions and purpose.

Mahisha Recruitment Consultancy is obligated to appoint a company data protection officer. The officer's current contact details are readily available on the Mahisha Recruitment Consultancy website.

Mahisha Recruitment Consultancy guarantees the protection of the rights of data subjects and supports the customer to the extent necessary in responding to requests for the exercise of data subject rights in accordance with Articles 12 to 23 of the GDPR. Mahisha Recruitment Consultancy will inform the customer immediately if a data subject contacts Mahisha directly for the purpose of access, correction, deletion, or restriction of the processing of their personal data. Mahisha Recruitment Consultancy supports the customer in conducting data protection impact assessments pursuant to Art. 35 GDPR and the resulting consultation with the supervisory authority pursuant to Art. 36 GDPR to the extent necessary. Mahisha Recruitment Consultancy supports the customer in ensuring compliance with reporting and notification obligations in the event of data breaches within the meaning of Art. 33 and 34 GDPR.

Mahisha Recruitment Consultancy will immediately notify the customer in writing of any disruptions to operations, suspected data protection violations pursuant to Art. 4 No. 12 GDPR in connection with data processing, or other irregularities in the processing of data for the customer. Mahisha, in consultation with the customer, must take appropriate measures to secure the data and mitigate potential adverse consequences for those affected, provided the data protection violation was the responsibility of Mahishan Recruitment Consultancy.

In the event of investigations by the data protection authority at Mahisha Recruitment Consultancy, the customer must be informed immediately – insofar as these investigations concern the subject matter of the contract.

In the event that Mahisha intends to process data from the customer - including transferring it to a third country or to an international organization - without having been instructed to do so by the customer, i.e. because Mahisha Recruitment Consultancy is obliged to do so in accordance with Art. 28 (3) S. 1 lit. a GDPR, Mahisha Recruitment Consultancy will immediately inform the customer about the purpose, legal basis and data affected, insofar as and as long as Mahisha Recruitment Consultancy is not prohibited by law from making such a notification.

To the extent that a transfer of the controller's personal data to third countries outside the European Union is planned or already carried out by Mahisha Recruitment Consultancy and no adequacy decision of the European Union pursuant to Art. 45 GDPR has been issued, Mahisha Recruitment Consultancy has or will conclude the EU standard contractual clauses. It is hereby agreed that the controller, as the independent holder of rights and obligations, will accede to these EU standard contractual clauses (accession model). The controller remains free to conclude the EU standard contractual clauses directly with the data importer.

Checks including inspections

Mahisha Recruitment Consultancy will provide the customer with all necessary information to demonstrate compliance with the obligations set forth in this contract. Mahisha Recruitment Consultancy will allow the customer to conduct audits, including inspections in accordance with Art. 28 (3) lit. h GDPR, before the start and during the term of this agreement, after reasonable prior notice, and during normal business hours (9:00 a.m. to 6:00 p.m.). The customer is entitled to verify compliance with the technical and organizational measures, either personally or through suitable third parties bound to professional secrecy, before the start and during order processing, after timely registration at the business premises during normal business hours without disrupting operations. The results of these audits will be documented and must be signed by both parties.

To demonstrate the technical and organizational measures, Mahisha Recruitment Consultancy can also submit current certificates, reports or report extracts from independent bodies (e.g. auditors, internal audits, data protection officers, IT security departments, data protection auditors, quality auditors) or a suitable certification through an IT security or data protection audit (e.g. according to BSI-Grundschutz).

Other processors

Upon placement of the order, the sub-processors listed in the sub-contractor directory, which can be accessed in Appendix 1 below, are approved. Mahisha Recruitment Consultancy may award contracts to additional sub-processors (sub-processors) if Mahisha Recruitment Consultancy notifies the customer in advance of the addition or replacement of new sub-processors by notifying the customer in text form of the change to the sub-contractor directory, and the customer does not raise an objection within four weeks.

Mahisha Recruitment Consultancy must impose the same data protection obligations on the subcontractors as set out in this Data Processing Agreement so that the processing complies with the requirements of the GDPR.

Any further outsourcing by the subcontractor requires the express consent of the main contractor (at least in text form); all contractual provisions in the contract chain must also be imposed on the further subcontractor.

Services provided by third parties as ancillary services to support the execution of the order are not considered subcontracting. These include, for example, telecommunications services, maintenance and user support, cleaning staff, auditors, or the disposal of data storage devices. However, Mahisha Recruitment Consultancy is obligated to enter into appropriate and legally compliant contractual agreements and to implement audit measures to ensure the protection and security of the customer's data, even for outsourced ancillary services. Appendix 1 to Mahisha Recruitment Consultancy Contract Processing – Contractor Directory The processors listed below by Mahisha Recruitment Consultancy will be approved upon placement of the order. Mahisha Recruitment Consultancy, Große Ziegelohstr. 2, 06636 Laucha/ Unstrut, Germany Services:

Hosting and related security services
Back-up services
Customer service support for troubleshooting
Provision of a web application firewall

Appendix 2 to Mahisha Recruitment Consultancy order processing – technical and organizational measures

16 )Technical and organizational measures

Confidentiality (Art. 32 (1) lit. b GDPR)

Access Control: No unauthorized access to data processing systems, ensured by: The data centers have a multi-layered security structure. The facilities are monitored by security cameras. Access to the server rooms is secured by magnetic cards. The systems are stored in locked server cabinets. Access is only possible with magnetic cards, and visitors must be specifically granted access.

Access control: No unauthorized use of the system, guaranteed by: The customer can only access the data processed on their behalf after logging into the customer area using the password they have defined. Mahisha Recruitment Consultancy stores log-in details exclusively in encrypted form. The data flow between users and the system is end-to-end encrypted by default, using the Transport Layer Security (TLS) protocol. Mahisha Recruitment Consultancy has an internal password policy for its employees, which requires, among other things, that passwords must be at least eight characters long and changed regularly; must not be identical or similar to the user name; and must contain at least three of the following four characters:

uppercase letters
lowercase letters
numbers
symbols

Access control: No unauthorized reading, copying, modification, or deletion within the system, ensured by: The customer's access rights are strictly limited to the data actually processed on behalf of the respective customer. Only specifically designated Langguth GmbH personnel may access data processed on behalf of the customer, to the extent necessary for system administration and customer service purposes at the customer's request. The system logs all data processing operations on behalf of the customer.

Separation control: Separate processing of data collected for different purposes is ensured by: The Mahisha Recruitment Consultancy customer center is multi-client capable, so that each logged-in customer can only view the data associated with his or her account.

Pseudonymization (Art. 32 (2) lit. a GDPR; Art. 25 (1) GDPR): Not applicable, as the customer requires non-pseudonymized access to the data.

Integrity (Art. 32 (1) lit. b GDPR)

Distribution Control: No unauthorized reading, copying, modification, or removal during electronic transmission or transport, ensured by: All data sent over publicly accessible networks is end-to-end encrypted.

Input control: Determination of whether and by whom personal data has been entered, modified or removed in data processing systems, ensured by: The Mahisha Recruitment Consultancy system logs the activities of each log-in and log-out as well as any processing, addition, modification and deletion of data by the respective user, as well as the time (by time stamp).

Availability and resilience (Art. 32 (1) lit. b GDPR)

Availability Control: Antivirus programs and firewalls are in place. Mahisha Recruitment Consultancy uses Akamai services as a web application firewall for its systems. The hosting environment is equipped with fire alarms, water leak detectors, and raised floors. Temperature and humidity are constantly monitored to ensure predefined values are maintained. A continuous power supply of at least 72 hours is provided.

Rapid recovery (Art. 32 (1) lit. c GDPR) is ensured by

Backup procedures;
Uninterruptible power supply (UPS);
Separate storage;
Virus protection and firewalls;
Emergency plans and crisis plans;
Employee training;

Procedures for regular review, assessment and evaluation (Art. 32 (1) lit. d GDPR; Art. 25 (1) GDPR) are ensured by:

Mahisha Recruitment Consultancy conducts regular audits with external service providers to verify its data security standards and processes. Network penetration tests are conducted regularly.

We track and review logs at two levels before the request reaches our application servers. This occurs at a firewall and a web application firewall level. This allows us to analyze and block any unusual requests at the data delivery level to the database.

Our data protection measures are continuously reviewed

Processing of personal data by Mahisha Recruitment Consultancy and the customer as joint controllers in accordance with Art. 26 (1) S. 1 GDPR – Joint Controller Agreement
Purpose of this Joint Controllership Agreement

This agreement governs the rights and obligations of the controllers (hereinafter referred to as the "parties") regarding the joint processing of personal data. This agreement applies to all activities in which employees of the parties or processors commissioned by them process personal data for the controllers. The parties agree on the means and purposes of the processing activities described in more detail below.

In order to select and manage suitable candidates for one or more job advertisements posted by the customer, personal data will be processed within Mahisha Recruitment Consultancy's applicant management system in the following cases under joint controllership. The parties determine the process steps in which personal data will be processed under joint controllership (Article 26 GDPR).

When the customer and registered candidates apply for their job advertisements, they are jointly responsible. Therefore, Mahisha Recruitment Consultancy and the customer process the candidates' personal data within the scope of the customer center and the candidate's user profile.

Joint responsibility also exists within the framework of applicant management, provided that the customer processes applications from registered candidates in its customer center

To the extent that the transmission of status information by the customer to Mahisha Recruitment Consultancy is technically set up and possible, the customer will provide Mahisha Recruitment Consultancy with information on the application status of candidates. The customer will only provide Mahisha with status information on candidates who have applied to the customer via the Mahisha Recruitment Consultancy platform and who are registered with a user account at Mahisha Recruitment Consultancy. Status information is information on the application status of candidates with the customer. This includes, for example, the receipt of the application, the opening of the application, or the rejection of candidates. Mahisha Recruitment Consultancy ensures that a legal basis under data protection law exists for the transmission and processing of the personal data of candidates. The customer and Mahisha Recruitment Consultancy act as joint controllers for the processing of status information.

For the remaining process steps, where there is no joint determination of the purposes and means of individual phases of data processing, each contracting party is an independent controller within the meaning of Art. 4 No. 7 GDPR. To the extent that the contracting parties are joint controllers under data protection law within the meaning of Art. 26 GDPR, the following agreements apply:

Areas of influence of the parties

Within the framework of joint controllership, Mahisha Recruitment Consultancy is responsible for processing the personal data of candidates registered on Mahisha Recruitment Consultancy as part of the application process for a customer job posting (Scope A). Such processing includes, for example, the submission and processing of candidate applications in the customer center or the display of status information in the candidate's user profile that has been provided to Mahisha Recruitment Consultancy by the customer. The subject of the processing, the legal basis for which, according to Art. 6 (1) (b) GDPR, is the contract with candidates registered on Mahisha Recruitment Consultancy, is all personally identifiable and personal data provided and submitted by candidates. This data generally includes all CV-related data, such as name, address, telephone number, date of birth, as well as information on educational background and professional experience. Information on the candidate's application status is also processed.

Within the framework of joint controllership, the customer is responsible for processing the personal data of candidates after receipt of applications in the customer center (area of operation B). The legal basis for processing is, in accordance with Art. 6 (1) lit. a GDPR, the consent of candidates to the processing of their application, as well as Art. 88 (1) GDPR in conjunction with Section 26 (1) sentence 1 BDSG. Area of operation B also includes status information on applications from candidates that the customer submits to Mahisha Recruitment Consultancy via the customer's ATS. The legal basis for transmitting this data is, in accordance with Art. 6 (1) lit. b GDPR, the contract between the customer and Mahisha Recruitment Consultancy. The subject of processing is all personally identifiable and personal data that was provided and submitted by candidates. This data generally includes all CV-related data, such as name, address, telephone number, date of birth, as well as information on educational background and professional experience. In addition, this data may be supplemented by data collected by the customer for the application.

Legality of data processing

Each party guarantees compliance with the statutory provisions, in particular the legality of the data processing carried out by them, even within the framework of joint controllership. The parties shall take all necessary technical and organizational measures to ensure that the rights of the data subjects, in particular those pursuant to Articles 12 to 22 GDPR, can be and are guaranteed at all times within the statutory deadlines.

Data minimization

The parties shall ensure that only personal data that is absolutely necessary for the lawful execution of the processing and for which the purposes and means of processing are specified by Union or Member State law are collected. Furthermore, both parties shall observe the principle of data minimization within the meaning of Art. 5 (1) (c) GDPR.

Rights of those affected

The parties undertake to provide the data subject with the information required pursuant to Articles 13 and 14 of the GDPR, free of charge, in a concise, transparent, intelligible, and easily accessible form using clear and plain language. The parties agree that Mahisha Recruitment Consultancy will provide the information regarding the processing of personal data in Scope A, and the customer will provide the information regarding the processing of personal data in Scope B.

Data subjects may assert the rights to which they are entitled under Articles 15 to 22 of the GDPR against both contracting parties. If a data subject contacts one of the parties in exercising their data subject rights, in particular regarding access to, correction of, or deletion of their personal data, the parties undertake to forward this request to the other party without delay, regardless of the obligation to guarantee the data subject's rights.

The parties undertake to comply with the obligation to provide information pursuant to Art. 15 GDPR and to provide data subjects with the information to which they are entitled pursuant to Art. 15 GDPR upon request. Data subjects will generally receive the information from the contracting party to whom the request was made. The parties will make the necessary information from their respective spheres of activity available to each other as needed. The parties' contact person responsible for this purpose is a person responsible for data protection within the parties' organization. Any change of contact person must be communicated to the other party immediately. However, the parties shall also have fulfilled their obligation pursuant to sentence 5 if the person responsible for data protection stated in the data protection declaration or in the imprint of a party is contacted.

If personal data is to be deleted, the parties will inform each other beforehand. The other party may object to the deletion for legitimate reasons, for example, if it is subject to a statutory retention obligation.

Mutual information obligations

The parties shall inform each other promptly and fully if they discover errors or irregularities with regard to data protection regulations when examining the processing activities or the results of the order.

Making this agreement available

The parties undertake to make the essential content of the agreement on joint data protection responsibility available to the data subjects in accordance with Art. 26 (2) GDPR.

Reporting and notification obligations

Both parties are subject to the reporting and notification obligations arising from Articles 33 and 34 of the GDPR towards the supervisory authority and the individuals affected by a personal data breach within their respective areas of responsibility. The parties will promptly inform each other of any notification of personal data breaches to the supervisory authority and will promptly provide each other with the information necessary to process the notification.

Data protection impact assessment

If a data protection impact assessment is required pursuant to Art. 35 GDPR, the parties shall support each other.

Documentation and storage obligations

Documentation within the meaning of Art. 5 (2) GDPR, which serves to prove proper data processing, will be retained by each party in accordance with its legal powers and obligations beyond the end of the contract.

The parties are responsible for ensuring that they comply with all applicable statutory retention obligations with regard to data. They must implement appropriate data security measures (Art. 32 et seq. GDPR) to this end. This applies in particular in the event of termination of the collaboration.

Upon termination of the main contract, Mahisha Recruitment Consultancy will delete the data contained in the applicant management system, but no later than one year after receipt of the application in the applicant management system. The customer may request Mahisha Recruitment Consultancy to delete the data within its own area of responsibility at any time. Mahisha will delete the data immediately, unless Mahisha Recruitment Consultancy is authorized or obligated to retain it.

Data secrecy and confidentiality

The parties shall ensure, within their sphere of responsibility, that all employees involved in data processing maintain the confidentiality of the data in accordance with Articles 28 (3), 29 and 32 GDPR for the duration of their employment as well as after termination of the employment relationship, and that they are obliged to maintain data confidentiality and instructed in the data protection provisions relevant to them before commencing their employment.

Technical and organizational measures

The implementation, pre-configuration and operation of the systems must be carried out in compliance with the requirements of the GDPR and other regulations, in particular with regard to the principles of data protection through design and data protection-friendly default settings, as well as using appropriate technical and organizational measures that correspond to the state of the art.

The parties shall implement appropriate organizational and technical measures in accordance with the relevant data protection laws, including the GDPR and in particular Art. 32 GDPR, to protect the personal data of the data subjects and their rights and freedoms, taking into account implementation costs, the state of the art, the nature, scope, and purpose of the processing, as well as the likelihood and severity of the risk. The technical and organizational measures are subject to technological progress and further development. In this respect, the parties are obligated to review their effectiveness and adapt them accordingly in line with advances in technology. Alternative security measures are permitted, provided they do not fall below the security level of the specified measures. Significant changes must be documented and reported to the other party immediately.

The personal data to be processed in the course of providing services on the Mahisha Recruitment Consultancy platform or in the customer center are stored on specially protected servers.

Contract processor

The processors listed in Appendix 1 provide services on behalf of Mahisha Recruitment Consultancy. The parties may award contracts to additional processors and will provide the other party with an updated list of processors for information purposes, insofar as this affects the scope of this agreement. A reference to the publication of the updated list on the party's own website is sufficient to fulfill this obligation to provide information. If the other party objects to the change within four weeks of notification, the changing party is obligated to discontinue the service in its area of activity without this giving rise to a right to terminate the main contract. An objection to a change can only be raised if there are important reasons, in particular if data transfer to a third country is necessary to execute the contract.

When using processors within the scope of this agreement, the parties undertake to conclude a contract in accordance with Art. 28 GDPR and to engage only those subcontractors who meet the requirements of data protection law and the provisions of this agreement.

Services obtained from third parties as ancillary services to support the execution of the contract are not considered contract processing. These include, for example, telecommunications services, maintenance and user support, cleaning staff, auditors, or the disposal of data storage devices. However, the parties are obligated to enter into appropriate and legally compliant contractual agreements and to implement verification measures to ensure the protection and security of the data, even for outsourced ancillary services .

Processing records

The parties shall include the processing activities in the processing register pursuant to Art. 30 (1) GDPR, including and in particular with a note on the nature of the processing procedure under joint or sole responsibility.

Liability

Notwithstanding the provisions of this Agreement, the parties are jointly liable to the data subjects for any damage caused by processing that does not comply with the GDPR. Internally, the parties are only liable for damages that occurred within their respective spheres of influence, notwithstanding the provisions of this Agreement.

Annex 1 to the processing of personal data by Mahisha Recruitment Consultancy and the customer as joint controllers pursuant to Art. 26 (1) S. 1 GDPR

Contractor Directory

The processors listed below by Mahisha Recruitment Consultancy will be approved upon placement of the order.

Mahisha Recruitment Consultancy, Große Ziegelohstr. 2, 06636 Laucha/ Unstrut, Germany Services:

Hosting and related security services
Back-up services
Customer service support for troubleshooting
Provision of a web application firewall

Imprint

1 ) Information pursuant to Section 5 of the German Telemedia Act (TMG)

Mahisha Recruitment Consultancy
Rudower Straße 132

12351 Berlin, Germany

Mail : info@mahisha.de
Mail : mahisha.germany@gmail.com
Call : +49 15560 055007

2 ) Contact

Mahisha Recruitment Consultancy

Mail : info@mahisha.de
Mail : mahisha.germany@gmail.com
Call : +49 15560 055007

3 ) VAT ID

VAT identification number according to Section 27a of the VAT Act: DE 321 694 971

4 ) EU dispute settlement

The European Commission provides a platform for online dispute resolution (ODR): https://ec.europa.eu/consumers/odr/.
Our email address can be found above in the website's imprint.

5 ) Dispute resolution proceedings before a consumer arbitration board

We are not willing or obliged to participate in dispute resolution proceedings before a consumer arbitration board.

1 ) Your Privacy, Our Priority: A Data Protection Summary

The following information provides you with an easy-to-understand overview of what happens to your personal data when you visit this website. The term "personal data" includes all data that can be used to identify you personally. Detailed information on data protection can be found in our Privacy Policy, which we have included below this copy.

Your Privacy, Our Priority: A Data Protection Summary

Who manages the information gathered through this site? The data on this website is processed by the website operator, whose contact information can be found in the section “Information about the responsible party ” in this privacy policy.

What methods do we use to gather your information?

We collect your data when you provide it to us. This may, for example, be information you enter into our contact form. Other data is recorded automatically by our IT systems or after you have consented to recording during your website visit. This data primarily consists of technical information (e.g., web browser, operating system, or time of website access). This information is recorded automatically when you access this website.

For what do we use your information?

Some of the information is generated to ensure the error-free delivery of the website. Other data may be used to analyze your usage behavior.

What rights do you have regarding your data?

You have the right to obtain information about the origin, recipient, and purpose of your archived personal data at any time, free of charge. You also have the right to request that your data be corrected or deleted. If you have consented to data processing, you have the option of withdrawing this consent at any time, which will affect all future data processing. You also have the right to request that the processing of your data be restricted under certain circumstances. You also have the right to lodge a complaint with the competent supervisory authority. Please do not hesitate to contact us at any time if you have any questions about this or any other data protection-related topic.

Analysis tools and third-party tools

It is possible that your browsing behavior may be statistically analyzed when you visit this website. Such analyses are primarily carried out using so-called analytics programs. Detailed information about these analysis programs can be found in our privacy policy below.

2 ) Hosting and Content Delivery Networks

HostGator

We host our website with HostGator. The provider is HostGator.com LLC, 5005 Mitchelldale St., Suite 100, Houston, TX 77092, USA (hereinafter: HostGator). Each time you visit our website, HostGator records various log files along with your IP address. For details, please refer to the HostGator privacy policy: https://www.hostgator.com/privacy. We use HostGator on the basis of Art. 6 (1)(f) GDPR. Our company has a legitimate interest in presenting the most reliable website possible. If consent has been given, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Data processing

We have entered into a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required by data protection laws and guarantees that they will only process the personal data of our website visitors based on our instructions and in compliance with the GDPR.

3 ) General information and mandatory information

Data protection

The operators of this website and its pages take the protection of your personal data very seriously. Therefore, we treat your personal data as confidential information and in accordance with the statutory data protection regulations and this privacy policy. Whenever you use this website, various personal information is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and the purposes for which we use that data. It also explains how and for what purpose the information is collected. Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities. It is not possible to completely protect data from access by third parties.

Information about the responsible party (referred to as the “controller” in the GDPR)

Our Address
Rudower Straße 132
12351 Berlin, Germany

Our Phones
+49 15560 055007

Our Emails
mahisha.germany@gmail.com
info@mahisha.de

The controller is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).

Duration of storage

Unless a more precise retention period is specified in this privacy policy, your personal data will remain with us until the purpose for which it was collected no longer applies. If you make a legitimate request for deletion or withdraw your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., retention periods under tax or commercial law); in the latter case, deletion will occur once these reasons no longer apply.

General information about the legal basis for data processing on this website

If you have consented to data processing, we process your personal data on the basis of Art. 6(1)(a) GDPR or Art. 9 (2)(a) GDPR if special categories of data pursuant to Art. 9 (1) GDPR. In the case of explicit consent to the transfer of personal data to third countries, the data processing is also based on Art. 49 (1)(a) GDPR. If you have consented to the storage of cookies or to access information on your device (e.g. via device fingerprinting), the data processing is additionally based on Section 25 (1) TTDSG. Consent can be withdrawn at any time. If your data is necessary for the fulfillment of a contract or for the implementation of pre-contractual measures, we process your data on the basis of Art. 6(1)(b) GDPR. If your data is also necessary to fulfill a legal obligation, we process it on the basis of Art. 6(1)(c) GDPR. Furthermore, data processing may be based on our legitimate interest pursuant to Art. 6(1)(f) GDPR. Information on the respective legal basis in individual cases can be found in the following paragraphs of this privacy policy.

Information on data transfer to the USA and other non-EU countries

Among other things, we use tools from companies based in the United States or other non-EU countries that are unsafe from a data protection perspective. If these tools are active, your personal data may be transferred to these non-EU countries and processed there. We must point out that a level of data protection comparable to that in the EU cannot be guaranteed in these countries. For example, US companies are obliged to pass on personal data to the security authorities, and you as the data subject have no recourse in court. It cannot therefore be ruled out that US authorities (e.g. the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activitie

Revocation of your consent to the processing of data

Many data processing operations are only possible with your express consent. You can also revoke your previously granted consent at any time. The legality of the data collection that occurred before your revocation remains unaffected.

Right to object to the collection of data in special cases; right to object to direct marketing (Art. 21 GDPR)

In the event that data is processed on the basis of Article 6(1)(E) or (F) GDPR, you have the right to object to the processing of your personal data at any time, for reasons related to your particular situation. This also applies to profiling based on these provisions. The legal basis for the processing of your data can be found in this privacy policy. IF YOU OBJECT, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA UNLESS WE CAN PRESENT COMPELLING LEGITIMATE GROUNDS FOR PROCESSING YOUR DATA WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PURPOSE OF THE PROCESSING IS THE ASSERTION, EXERCISE OR DEFENSE OF LEGAL CLAIMS (OBJECTION PURSUANT TO ART. 21(1) GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing purposes. This also applies to profiling insofar as it is associated with such direct marketing. If you object, your personal data will subsequently no longer be used for direct marketing purposes (objection pursuant to Art. 21(2) GDPR).

Right to lodge a complaint with the competent supervisory authority

In the event of a breach of the GDPR, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which they habitually reside, work, or the place where the alleged breach occurred. This right to lodge a complaint applies independently of any other administrative or judicial procedure available as a remedy.

Right to data portability

You have the right to request that we provide you or a third party with all data that we process automatically based on your consent or to fulfill a contract in a common, machine-readable format. If you request that the data be transferred directly to another controller, this will only be done if technically feasible.

Information about, correction and deletion of data

Within the scope of applicable law, you have the right to request information about your archived personal data, its origin and recipients, as well as the purpose of processing your data at any time. You may also have the right to have your data corrected or deleted. If you have any questions about this or other issues related to personal data, please do not hesitate to contact us at any time.

Right to restriction of processing

You have the right to request restrictions on the processing of your personal data. You can contact us at any time to do so. The right to request restriction of processing applies in the following cases:

If you dispute the accuracy of the data we have stored about you, we generally need some time to verify this claim. While this investigation is ongoing, you have the right to request that we restrict the processing of your personal data.
If the processing of your personal data has been/is unlawful, you have the option of requesting that the processing of your data be restricted instead of requesting that this data be deleted.
If we no longer need your personal data and you require it to exercise, defend or assert legal claims, you have the right to request that the processing of your personal data be restricted instead of erased.
If you have lodged an objection pursuant to Art. 21(1) GDPR, your rights and our rights must be balanced against each other. Until it is clarified whose interests prevail, you have the right to request a restriction of the processing of your personal data.

If you have restricted the processing of your personal data, this data – with the exception of its archiving – may only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of other natural or legal persons or for important reasons of public interest cited by the European Union or a member state of the EU.

SSL and/or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the website operator, this website uses either an SSL or TLS encryption program. You can recognize an encrypted connection by the fact that the browser's address line changes from "http://" to "https://" and the lock symbol appears in the browser line. If SSL or TLS encryption is activated, the data you send to us cannot be read by third parties

Rejection of unsolicited emails

The use of contact information published in accordance with the imprint obligation to send unsolicited advertising and information materials is hereby prohibited. The operators of this website and its pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, for example through spam messages.

4 ) Recording of data on this website

Our websites and pages use what is known in the industry as "cookies." Cookies are small text files that do not harm your device. They are either temporarily stored for the duration of a session (session cookies) or permanently archived on your device (persistent cookies). Session cookies are automatically deleted once you end your visit. Persistent cookies remain archived on your device until you actively delete them or they are automatically deleted by your web browser. In some cases, third-party cookies may be stored on your device when you visit our website (third-party cookies). These cookies enable you or us to use certain services provided by the third party (e.g., cookies for processing payment services). Cookies serve a variety of functions. Many cookies are technically essential, as certain website features wouldn't work without them (e.g., the shopping cart function or displaying videos). Other cookies may be used to analyze user patterns or display advertising messages. Cookies that are necessary to carry out electronic communication transactions or to provide certain functions that you wish to use (e.g. for the shopping cart function), or those that are necessary for the optimization (required cookies) of the website (e.g. cookies that provide measurable insights about the web audience) are stored on the basis of Art. 6(1)(f) GDPR, unless another legal basis is stated. The website operator has a legitimate interest in storing the necessary cookies in order to ensure the technically error-free and optimized provision of the operator's services. If your consent to the storage of cookies and similar recognition technologies has been obtained, the processing will take place exclusively on the basis of the consent obtained (Art. 6(1)(a) GDPR and Section 25 (1) TTDSG); this consent can be revoked at any time. You have the option of setting your browser to notify you each time cookies are set and to only allow cookies in certain cases. You can also refuse the acceptance of cookies in certain cases or in general, or activate the deletion function for automatic deletion of cookies when you close your browser. If you disable cookies, the functionality of this website may be limited. If third-party cookies or cookies for analytical purposes are used, we will inform you separately in connection with this privacy policy and, where appropriate, ask for your consent.

Consent to Cookie Notice & Compliance

Our website uses Cookie Notice & Compliance for GDPR consent technology to obtain your consent to archiving certain cookies on your device or to using certain technologies and to document the former in a privacy-compliant manner. Cookie Notice & Compliance for GDPR is installed locally on our servers, so no connection is established with third-party servers. Cookie Notice & Compliance for GDPR stores a cookie in your browser to assign the consent granted and its revocation to you. The cookie remains active for 1 month. Your data will be stored until you request deletion, delete the consent cookie yourself, or the purpose of data archiving no longer applies. The legally prescribed retention periods remain unaffected. Cookie Notice & Compliance for GDPR is used to obtain legally required consent for the use of cookies. The legal basis is Art. 6(1)(c) GDPR.

Server log files

The provider of this website and its pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This information includes:

The type and version of the browser used
The operating system used
Referrer URL
The hostname of the accessing computer
The time of the server request
The IP address

This data will not be merged with other data sources.

This data is processed on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of the website. To achieve this, the server log files must be recorded.

Contact form

If you send us inquiries via the contact form, your information from the form, including the contact details you provided there, will be stored by us for the purpose of processing your inquiry and in case of follow-up questions. We will not share this information without your consent. This data is processed on the basis of Art. 6(1)(b) GDPR if your request is related to the performance of a contract or if it is necessary to take steps prior to entering into a contract. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if requested; consent can be withdrawn at any time. The information you entered into the contact form will remain with us until you request us to delete the data, revoke your consent to data archiving, or until the purpose for which the information is being archived no longer exists (e.g., after we have completed our response to your inquiry). Mandatory legal provisions, in particular retention periods, remain unaffected.

Inquiry by email, telephone or fax

If you contact us by email, phone, or fax, your inquiry, including all resulting personal data (name, inquiry), will be stored and processed by us for the purpose of processing your inquiry. We will not share this data without your consent. This data is processed on the basis of Art. 6(1)(b) GDPR if your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the data is processed on the basis of our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR), if this has been obtained; consent can be withdrawn at any time. The data you send to us via contact request will remain with us until you request its deletion, revoke your consent to storage, or the purpose for storing the data no longer applies (e.g., after your request has been processed). Mandatory legal provisions—in particular, statutory retention periods—remain unaffected.

Typeform

Typeform enables us to create online forms and integrate them into our website. The data you enter into our Typeform forms will be stored on Typeform's servers until you request us to delete it, revoke your consent to storage, or the purpose for storage no longer applies (e.g., after we have completed processing your request). Mandatory legal provisions—in particular, retention periods—remain unaffected. The use of Typeform is based on Art. 6(1)(f) GDPR. The website operator has a legitimate interest in ensuring that the online forms function. If consent has been given, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time

Data processing

Google Forms

Google Forms allows us to create online forms to collect messages, inquiries, and other input from visitors to our website. All input you provide is processed on Google's servers. Google Forms stores a cookie in your browser containing a unique ID (NID cookie). This cookie stores a variety of information, such as your language preferences. We use Google Forms based on our legitimate interest in determining your needs as effectively as possible (Art. 6(1)(f) GDPR). If consent has been given, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time. The data you enter into the form will remain in our possession until you request us to delete it, revoke your consent to archiving your data, or until the purpose for archiving the data no longer exists (e.g., after your request has been processed). Mandatory legal provisions—in particular, those regarding retention periods—remain unaffected. For more information, please see Google’s privacy policy at https://policies.google.com/.

Data processing

Registration on this website

You have the option of registering on this website to use additional features of the website. We use the data you enter only for the purpose of using the respective offer or service for which you have registered. The information we request during registration must be entered in full. Otherwise, we will reject your registration. To inform you about important changes to the scope of our portfolio or in case of technical changes, we use the email address provided during registration. We process the data entered during registration on the basis of your consent (Art. 6(1)(a) GDPR). The data collected during registration will be stored by us for as long as you are registered on this website. Afterward, this data will be deleted. Mandatory statutory retention periods remain unaffected.

5 ) Social media

Social media elements with Shariff

We use elements of social networks (e.g. Facebook, Twitter, Instagram, Pinterest, XING, LinkedIn, Tumblr) on this website and its pages. You can usually recognize these social media elements by the corresponding social media logos that appear. To ensure data protection on this website, we only use these elements in combination with the so-called "Shariff" solution. This application prevents the social media elements integrated into this website from transmitting personal data to the respective provider as soon as you enter our website. A direct connection to the provider's server is only established once you have activated the respective social media element by clicking the corresponding button (which signals your consent). As soon as you activate the social media element, the respective provider receives the information that you have visited this website using your IP address. If you are simultaneously logged into your respective social media account (e.g., Facebook), the respective provider can assign your visit to this website to your user account. Activating the plug-in constitutes a declaration of consent within the meaning of Art. 6(1)(a) GDPR and Section 25 (1) TTDSG. You have the option to revoke this consent at any time, which will affect all future transactions. This service is used to obtain legally required consent for the use of certain technologies. The legal basis for this is Art. 6(1)(c) GDPR.

Facebook

We have integrated elements of the social network Facebook on this website. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Facebook's statement, the collected data is transferred to the USA and other third countries. An overview of Facebook’s social media elements can be found at the following link: https://developers.facebook.com/docs/plugins/. If the social media element is activated, a direct connection is established between your device and the Facebook server. As a result, Facebook receives information that confirms your visit to this website with your IP address. If you click the Facebook Like button while logged into your Facebook account, you can link content from this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We must emphasize that as the provider of the website, we do not receive any information about the content of the data transferred or how it is used by Facebook. For more information, see Facebook's privacy policy at: https://de-de.facebook.com/privacy/explanation. If your consent has been obtained, the use of the above-mentioned service is based on Art. 6 Sect. 1 Lit. a GDPR and Section 25 TTDSG (German Telecommunications Act). This consent can be revoked at any time. If your consent has not been obtained, the use of the service is based on our legitimate interest in making our information as visible as possible on social media. To the extent that personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the data is forwarded is not part of the joint responsibility. The obligations that are incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. You can assert your data subject rights (e.g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert your data subject rights with us, we are obliged to forward these to Facebook. Data transfer to the USA is based on the European Commission's Standard Contractual Clauses (SCC). Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum
https://de-de.facebook.com/help/566994660333381
https://www.facebook.com/policy.php.

Instagram

We have integrated features of the public media platform Instagram into this website. These features are offered by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. When the social media element is activated, a direct connection is established between your device and the Instagram server. As a result, Instagram receives information about your visit to this website. If you are logged into your Instagram account, you can click the Instagram button to link content from this website to your Instagram profile. This allows Instagram to associate your visit to this website with your user account. We would like to point out that, as the provider of the website and its pages, we have no knowledge of the content of the transmitted data or its use by Instagram. If your consent has been obtained, the use of the above-mentioned service is based on Art. 6(1)(a) GDPR and Section 25 of the German Telecommunications Act (TTDSG). This consent can be revoked at any time. If your consent has not been obtained, the use of the service is based on our legitimate interest in making our information as visible as possible on social media. To the extent that personal data is collected on our website with the help of the tool described here and forwarded to Facebook or Instagram, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook or Instagram. The processing by Facebook or Instagram that takes place after the data has been forwarded is not part of the joint responsibility. The obligations that are incumbent on us have been set out in a joint processing agreement. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook or Instagram tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook or Instagram products. You can assert your rights as a data subject (e.g. requests for information) regarding the data processed by Facebook or Instagram directly with Facebook. If you assert your data subject rights with us, we are obliged to forward them to Facebook. Data transfer to the USA is based on the European Commission's Standard Contractual Clauses (SCC). Details can be found here:

https://www.facebook.com/legal/EU_data_transfer_addendum
https://help.instagram.com/519522125107875
https://de-de.facebook.com/help/566994660333381.

For more information on this topic, please see Instagram’s privacy policy at: https://instagram.com/about/legal/privacy

This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Every time you visit a page on this website that contains LinkedIn elements, a connection is established to LinkedIn's servers. LinkedIn is informed that you have visited this website using your IP address. If you click the LinkedIn "Recommend" button and are logged into your LinkedIn account at the time, LinkedIn will be able to associate your visit to this website with your user account. We would like to point out that, as the provider of the website, we have no knowledge of the content of the transmitted data or its use by LinkedIn. If your consent has been obtained, the use of the above-mentioned service is based on Art. 6 (1)(a) GDPR and Section 25 TTDSG (German Telecommunications Act). This consent can be revoked at any time. If your consent has not been obtained, the use of the service is based on our legitimate interest in making our information as visible as possible on social media. Data transfer to the USA is based on the European Commission's Standard Contractual Clauses (SCC). Details can be found here: https://www.linkedin.com/help/linkedin/answer/62538/datenubertragung-aus-der-eu-dem -ewr-und-der-schweiz?lang=en. For more information on this topic, please see LinkedIn’s privacy policy at: https://www.linkedin.com/legal/privacy-policy.

6 ) Analysis tools and advertising

Google Tag Manager

We use Google Tag Manager, a service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It only manages and operates the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transmitted to Google's parent company in the United States. Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and management of various tools on their website. If corresponding consent has been given, processing will be carried out exclusively on the basis of Art. 6(1)(a) GDPR and Section 25 (1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time.

Google Analytics

This website uses features of the web analysis service Google Analytics. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior patterns of website visitors. For this purpose, the website operator receives a variety of user data, such as the pages viewed, the time spent on the site, the operating system used, and the user's origin. This data is summarized in a user ID and assigned to the respective device of the website visitor. Google Analytics also allows us to record, among other things, your mouse and scroll movements and clicks. Google Analytics uses various modeling approaches to expand the collected data sets and leverages machine learning technologies in data analysis. Google Analytics uses technologies that enable user recognition for the purpose of analyzing user behavior (e.g., cookies or device fingerprinting). The information collected by Google about website usage is usually transferred to a Google server in the United States and stored there. The use of these services is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TTDSG. You can revoke your consent at any time. Data transfer to the USA is based on the European Commission's Standard Contractual Clauses (SCC). Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/

IP anonymization

We have activated the IP anonymization function on this website. As a result, your IP address will be shortened by Google within the member states of the European Union or in other countries that have ratified the Agreement on the European Economic Area before being transmitted to the United States. The full IP address will be transmitted to a Google server in the United States and shortened there only in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide the operator of this website with other services relating to website activity and internet usage. The IP address transmitted by your browser in connection with Google Analytics will not be merged with other data held by Google.

Browser plugin

You can prevent Google from collecting and processing your data by downloading and installing the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. For more information about how Google Analytics handles user data, please see Google’s privacy policy at: https://support.google.com/analytics/answer/6004245?hl=en.

Demographic parameters provided by Google Analytics

This website uses the "Demographic Features" feature of Google Analytics to show website visitors suitable ads within the Google advertising network. This allows you to create reports that contain information about the age, gender, and interests of website visitors. The sources of this information are interest-based advertising from Google and visitor data that we receive from third parties. This data cannot be assigned to a specific person. You have the option of deactivating this function at any time by making the appropriate advertising settings in your Google Account, or you can generally prohibit the collection of your data by Google Analytics, as explained in the "Objection to the collection of data" section.

Processing of contract data

We have concluded a data processing agreement with Google and fully implement the strict regulations of the German data protection authorities when using Google Analytics.

Google Conversion Tracking

This website uses Google Conversion Tracking. This service is provided by Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. With the help of Google Conversion Tracking, we are able to recognize whether the user has completed certain actions. For example, we can analyze how often which buttons on our website were clicked and which products were rated or purchased most frequently. The purpose of this information is to compile conversion statistics. We learn how many users clicked on our ads and what actions they performed. We do not receive any information that would allow us to personally identify users. Google, as such, uses cookies or similar recognition technologies for identification purposes. The use of these services is based on your consent in accordance with Art. 6(1)(a) GDPR and Section 25(1) TTDSG. You can revoke your consent at any time. For more information about Google Conversion Tracking, please see Google's privacy policy at: https://policies.google.com/privacy?hl=en

Data processing

7 ) Plug-ins and tools

Google Web Fonts (Local Embedding)

This website uses so-called web fonts provided by Google to ensure consistent typography across the site. These fonts are embedded locally, so no external connection to Google's servers is made when you visit this site.

Font Awesome (via CDN)

This website uses Font Awesome to display icons in a visually consistent way. Font Awesome is loaded via a CDN (Content Delivery Network) hosted by Fonticons, Inc., which may establish a connection to external servers

Bootstrap Framework

This website uses Bootstrap, a frontend framework for building responsive and mobile-first websites. JavaScript components (such as modals, tooltips, and dropdowns) are loaded locally along with Popper.js for positioning.

jQuery (if applicable)

This website may use jQuery, a JavaScript library that simplifies DOM manipulation and event handling. The library is embedded locally and does not send or collect any data.

Locomotive Scroll (via CDN)

This site uses the Locomotive Scroll plugin to create smooth scrolling and parallax effects. The library is included via jsDelivr CDN. When loaded via CDN, your browser may connect to jsDelivr’s servers.

Data processing

7 ) Customer-specific services

Handling applicant data

We offer visitors to our website the opportunity to apply to us (e.g., by email, mail, or via the online application form). Below, we inform you about the scope, purpose, and use of the personal data collected from you as part of the application process. We assure you that the collection, processing, and use of your data will be carried out in compliance with applicable data protection laws and all other legal provisions, and that your data will always be treated with the strictest confidentiality.

Scope and purpose of data collection

If you apply for a position with us, we will process the associated personal data (e.g. contact and communication details, application documents, notes from interviews, etc.) if this is necessary to decide whether to establish an employment relationship. The legal basis for this is Section 26 of the Federal Data Protection Act (BDSG) under German law (initiation of an employment relationship), Art. 6(1)(b) GDPR (general contract negotiations), and – if you have given us your consent – Art. 6(1)(a) GDPR. You can revoke your consent at any time. Within our company, your personal data will only be passed on to people involved in processing your application. Should your application lead to a hiring, the data you submit will be stored in our data processing system on the basis of Section 26 BDSG and Art. 6(1)(b) GDPR for the purpose of carrying out the employment relationship

Data archiving period

If we are unable to make you a job offer, or if you reject a job offer, or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months after the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6(1)(f) GDPR). After that, the data will be deleted and the physical application documents destroyed. Storage primarily serves as evidence in the event of legal disputes. If it is obvious that the data will be required after the 6-month period (e.g., due to impending or pending legal proceedings), deletion will only occur when the purpose for further storage no longer applies.Longer storage may also occur if you have given your consent (Article 6(1)(a) GDPR) or if legal retention obligations prevent deletion.

Inclusion in the applicant pool

If we do not offer you a job, you may be added to our applicant pool. If accepted, all documents and information from your application will be forwarded to the applicant pool so that we can contact you if suitable vacancies arise. Inclusion in the applicant pool is based solely on your express consent (Art. 6(1)(a) GDPR). The submission agreement is voluntary and unrelated to the ongoing application process. The data subject may revoke their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, unless there are legal reasons for its retention. The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.