Data protection

Data protection is of particularly high importance to the management of Quadriga Executive Search GmbH. Use of the Quadriga Executive Search GmbH websites is generally possible without providing any personal data. However, if a data subject wishes to make use of special services offered by our company via our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and in accordance with the country-specific data protection provisions applicable to Quadriga Executive Search GmbH. Through this data protection declaration, our company wishes to inform the public about the nature, scope and purpose of the personal data collected, used and processed by us. Furthermore, data subjects are informed about their rights through this data protection declaration.

The Quadriga Executive Search GmbH, as the data controller, has implemented numerous technical and organizational measures to ensure the most comprehensive protection of personal data processed through this website. Nevertheless, internet-based data transmissions can fundamentally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us through alternative means, such as by telephone.

Controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union, and other provisions of a data protection nature is:

Quadriga Executive Search GmbH
Werderscher Markt 13
10117 Berlin
Germany
Tel.: +49 30 84859-341

Email: anfrage@quadriga-search.eu

Website: www.quadriga-search.eu

The websites of Quadriga Executive Search GmbH use cookies. Cookies are text files that are placed on and stored by a web browser on a computer system.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters through which websites and servers can be associated with the specific internet browser in which the cookie was stored. This allows the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

By using cookies, Quadriga Executive Search GmbH can provide users of this website with more user-friendly services that would not be possible without setting cookies.

Using a cookie, the information and offers on our website can be optimized for the user. As previously mentioned, cookies allow us to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. For example, a user of a website that uses cookies does not have to re-enter their login details every time they visit the website, because this is handled by the website and the cookie stored on the user's computer system. Another example is the cookie for a shopping cart in an online shop. The online shop remembers the items a customer has placed in their virtual shopping cart via a cookie.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the data subject deactivates the setting of cookies in the internet browser used, it is possible that not all functions of our website can be used in full.

The data subject has the option to register for the candidate pool on the Quadriga Executive Search GmbH website via the candidate portal by providing personal data. For this purpose, the controller processes data such as salutation, name, date of birth, telephone number, address data, online profiles (e.g., LinkedIn), current position, employer, desired occupation, desired annual salary, and availability. In addition, documents such as resumes and certificates can be uploaded.

The personal data entered by the individual will be processed to assess suitability, for inclusion in the candidate pool, and for contact regarding suitable vacancies. The legal basis is usually Art. 6(1)(b) GDPR, insofar as the processing is in connection with pre-contractual measures or the initiation of an employment or placement relationship, and Art. 6(1)(f) GDPR, if the processing is based on the legitimate interest in effective personnel consulting and candidate management. To the extent that special categories of personal data are transmitted, these will only be processed if there is a legal basis for it or if the data subject expressly discloses them. Data will only be passed on to our clients if this is necessary and permissible for placement in suitable vacancies. Recipients of the data are potential employers (clients of Quadriga Executive Search GmbH) to whom candidate profiles are passed on as part of personnel consulting for suitability assessment. The transfer is based on the consent given (Art. 6(1)(a) GDPR) or for the performance of pre-contractual measures (Art. 6(1)(b) GDPR).

To the extent that special categories of personal data (Art. 9(1) GDPR), e.g., political statements, are processed from publicly accessible sources within the scope of media checks, this is done on the basis of Art. 9(2)(e) GDPR (data made manifestly public by the data subject). The candidates will be informed about this in advance.

To the extent that the data subject has submitted personal data to the controller through entry and submission, they will receive an email to confirm their submission with a link that must be activated by clicking it (so-called „double opt-in“). Only after confirmation can they be included in the candidate pool. For traceability, the IP address along with the time of registration/confirmation will also be stored.

In the course of its activities as a personnel consultancy, the controller also processes personal data that it collects from publicly accessible sources. This includes, in particular, professional networks and platforms such as LinkedIn or XING, company websites, trade publications, and other freely accessible professional profiles and directories.

These data are processed for the purpose of identifying, contacting, and evaluating potentially suitable candidates for positions to be filled by our clients, as well as for maintaining a candidate pool. The legal basis is Art. 6(1)(f) GDPR; our legitimate interest lies in conducting professional personnel consulting, efficiently filling open vacancies for our clients, and using the professional information publicly shared by the data subjects for this purpose.

To the extent that personal data are not collected directly from the data subject but are collected from publicly accessible sources, the controller will provide information about this in accordance with Art. 14 GDPR in a separate information letter.

The website of Quadriga Executive Search GmbH contains an inquiry form. Interested parties can use this form to contact us. In this case, the data controller processes the personal data entered there, in particular name, contact details, company, position, as well as the voluntarily provided information regarding the vacancy, search request, and other information relevant to the processing of your inquiry. The processing is carried out for the purpose of handling the inquiry and initiating a potential business relationship based on Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.

Data will not be passed on to third parties unless this is necessary to fulfill legal obligations. The data will be deleted as soon as it is no longer required for the processing of your request, insofar as no legal retention periods prevent this.

If the data subject has consented to this, the controller will also use these contact details to inform them about similar offers via email or other communication channels. The processing is based on consent pursuant to Art. 6 para. 1 lit. a GDPR. The data subject may withdraw their consent at any time with effect for the future.

• a) Right to confirmation

Every data subject has the right granted by the European directive and regulatory legislator to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact our data protection officer or another employee of the controller at any time for this purpose.

• b) Right to information

Any data subject concerned by the processing of personal data has the right, granted by the European legislator by means of directives and regulations, to obtain from the controller free information about the personal data stored concerning them and a copy of this information. Furthermore, the European legislator by means of directives and regulations has granted the data subject the right to information about the following:

• the processing purposes
• the categories of personal data that are processed
• the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations
• the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration
• the existence of a right to rectification or erasure of personal data concerning them or to restrict the processing by the controller, or a right to object to such processing
• The existence of a right to complain to a supervisory authority
• All available information as to the source of the personal data
• the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and—at least in these cases—meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject

Furthermore, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or to an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate safeguards relating to the transfer.

If a data subject wishes to exercise this right of access, they can contact our Data Protection Officer or another employee of the data controller at any time.

• Right to rectification

Every data subject shall have the right granted by the European legislator to obtain from the controller the rectification of personal data concerning him or her without undue delay. In addition, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement, taking into account the purposes of the processing.

If an affected person wishes to exercise this right of rectification, they can contact our data protection officer or another employee of the data controller at any time.

• Right to erasure (right to be forgotten)

Any data subject shall have the right granted by the European legislator to request from the controller the erasure of personal data concerning him or her without undue delay, provided that one of the following grounds applies and to the extent that the processing is not necessary:

• The personal data were collected or otherwise processed for purposes for which they are no longer necessary.
• The data subject withdraws their consent on which the processing was based according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and there is no other legal basis for the processing.
• The data subject objects to the processing pursuant to Art. 21(1) GDPR, and there are no overriding legitimate grounds for processing, or the data subject objects to the processing pursuant to Art. 21(2) GDPR.
• The personal data was processed unlawfully.
• The processing of personal data is necessary for compliance with a legal obligation to which the controller is subject under Union or Member State law.
• The personal data were collected with regard to information society services offered in accordance with Art. 8(1) GDPR.

If any of the above-mentioned reasons apply and a data subject wishes to have personal data stored by Quadriga Executive Search GmbH deleted, they may contact our Data Protection Officer or another employee of the data controller at any time. The Data Protection Officer of Quadriga Executive Search GmbH or another employee will ensure that the deletion request is fulfilled immediately.

Were the personal data disclosed by Quadriga Executive Search GmbH and is our company, as the controller within the meaning of Art. 17(1) GDPR, obligated to delete the personal data, Quadriga Executive Search GmbH shall, taking into account the available technology and the costs of implementation, take reasonable steps, including technical measures, to inform other controllers processing the published personal data that the data subject has requested from these other controllers the erasure of all links to, or copies, or replications of this personal data, insofar as processing is not required. The data protection officer of Quadriga Executive Search GmbH or another employee shall arrange for what is necessary on a case-by-case basis.

• e) Right to restrict processing

Any data subject shall have the right granted by the European Directive and Regulation to request from the controller restriction of processing in one of the following cases:

• The accuracy of personal data is contested by the data subject for a period enabling the controller to verify the accuracy of the personal data.
• The processing is unlawful, and the data subject objects to the erasure of the personal data and requests instead the restriction of the use of the personal data.
• The controller no longer needs the personal data for the purposes for which it was processed, but the data subject requires them for the establishment, exercise or defence of legal claims.
• The data subject has lodged an objection to the processing pursuant to Art. 21(1) GDPR, and it has not yet been determined whether the controller's legitimate grounds override those of the data subject.

If any of the above conditions are met and a data subject wishes to request the restriction of personal data stored by Quadriga Executive Search GmbH, they may contact our Data Protection Officer or another employee of the controller at any time. The Data Protection Officer of Quadriga Executive Search GmbH or another employee will arrange for the restriction of processing.

• Right to data portability

Every data subject has been granted the right by the European Directive and Regulation legislator to receive the personal data concerning them, which have been provided to a controller by the data subject, in a structured, common, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data have been provided, provided that the processing is based on consent pursuant to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Furthermore, in exercising its right to data portability pursuant to Art. 20(1) of the GDPR, the data subject has the right to have personal data transferred directly from one controller to another, as far as this is technically feasible and does not adversely affect the rights and freedoms of others.

To exercise the right to data portability, the data subject may contact the data protection officer appointed by Quadriga Executive Search GmbH or another employee at any time.

• g) Right to object

Any data subject shall have the right, on grounds relating to their particular situation, to object at any time to the processing of personal data concerning them which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on these provisions.

Quadriga Executive Search GmbH will no longer process the personal data in the event of an objection, unless we can prove compelling reasons worthy of protection for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing serves the establishment, exercise, or defense of legal claims.

If Quadriga Executive Search GmbH processes personal data for direct marketing purposes, the data subject has the right to object to the processing of personal data for such marketing purposes at any time. This also applies to profiling, insofar as it is related to direct marketing. If the data subject objects to Quadriga Executive Search GmbH processing personal data for direct marketing purposes, Quadriga Executive Search GmbH shall no longer process the personal data for these purposes.

Furthermore, the data subject shall have the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which takes place at Quadriga Executive Search GmbH for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject may contact the data protection officer of Quadriga Executive Search GmbH directly or any other employee. Furthermore, in connection with the use of information society services, notwithstanding Directive 2002/58/EC, the data subject is free to exercise their right to object by means of automated procedures using technical specifications.

• h) Automated individual decision-making, including profiling

Every data subject shall have the right granted by the European legislator and regulator not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them, unless the decision (1) is necessary for the conclusion or performance of a contract between the data subject and a controller, or (2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests, or (3) is based on the data subject's explicit consent.

If the decision (1) is necessary for the conclusion or fulfillment of a contract between the data subject and the controller, or (2) is based on the explicit consent of the data subject, Quadriga Executive Search GmbH shall take appropriate measures to safeguard the rights and freedoms, as well as the legitimate interests, of the data subject, including at least the right to obtain human intervention on the part of the controller, to express his or her point of view, and to contest the decision.

If the data subject wishes to assert rights regarding automated decision-making, they can contact our data protection officer or another employee of the controller at any time.

• Right of withdrawal of consent under data protection law

Any person affected by the processing of personal data has the right, granted by the European legislator, to withdraw consent for the processing of personal data at any time.

If the data subject wishes to exercise their right to withdraw consent, they may contact our data protection officer or another employee of the data controller at any time for this purpose.

For the technical operation of its infrastructure (IT systems, hosting), the data controller uses Quadriga Media Berlin GmbH as a processor in accordance with Art. 28 GDPR. A data processing agreement ensures that processing is carried out exclusively in accordance with the data controller's instructions and in compliance with data protection regulations.

The controller has integrated the Google Analytics component (with anonymization function) on this website. Google Analytics is integrated exclusively with the prior express consent of the data subject via our Consent Manager. As long as no consent has been given, Google Analytics is blocked by the Consent Manager and no data is transmitted to Google. The legal basis for the processing is Art. 6 para. 1 lit. a GDPR in conjunction with § 25 para. 1 TDDDG. The consent given can be revoked at any time with future effect via the Consent Manager.

Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analytics service records, among other things, data about which website a data subject came to a website from (so-called referrers), which subpages of the website were accessed, or how often and for how long a subpage was viewed. Web analytics is primarily used for the optimization of a website and for the cost-benefit analysis of internet advertising.

The operating company of the Google Analytics component is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The controller uses the suffix „_gat._anonymizeIp“ for web analysis via Google Analytics. This suffix shortens and anonymizes the IP address of the person's internet connection by Google when accessing our websites from a member state of the European Union or another contracting state to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze visitor traffic to our website. Google uses the data and information obtained, among other things, to evaluate the use of our website, to compile online reports for us that show activities on our website, and to provide other services related to the use of our website.

Google Analytics sets a cookie on the information technology system of the data subject. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyze the use of our website. With each call-up of one of the individual pages of this website, which is operated by the controller and on which a Google Analytics component has been integrated, the internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis. As part of this technical procedure, Google receives knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to track the origin of visitors and clicks and, consequently, to facilitate commission settlements.

Through the cookie, personal information is stored, such as the access time, the location from which access originated, and the frequency of the affected person's visits to our website. With every visit to our website, this personal data, including the IP address of the internet connection used by the affected person, is transferred to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may transfer this personal data collected through the technical process to third parties.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the internet browser used, and thus permanently object to the setting of cookies. Such a setting of the internet browser used would also prevent Google from setting a cookie on the data subject's information technology system. Furthermore, a cookie already set by Google Analytics can be deleted at any time via the internet browser or other software programs.

Furthermore, the data subject has the option to object to the collection of data generated by Google Analytics that relates to the use of this website and to the processing of this data by Google, and to prevent such collection and processing. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about website visits may be transmitted to Google Analytics. The installation of the browser add-on is considered an objection by Google. If the data subject's information technology system is later deleted, reformatted, or reinstalled, the data subject must reinstall the browser add-on to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person within their sphere of influence, it is possible to reinstall or re-enable the browser add-on.

Further information and Google's applicable data protection regulations can be accessed at https://www.google.de/intl/de/policies/privacy/ and http://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail at this link https://www.google.com/intl/de_de/analytics/.

The controller uses the Friendly Captcha tool on this website. This is offered by Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee.

This tool is used to prevent automated and abusive requests by so-called bots. As part of this process, your IP address is captured by Friendly Captcha in order to send a cryptographic task to your end device. This task is solved in the background, and as soon as it is solved, Friendly Captcha sends a confirmation to the server that you are a natural person.
Friendly Captcha processes and stores anonymized IP addresses of the requesting computers, information about the browser used and the operating system, anonymized counters per IP address for controlling cryptographic tasks, and the website from which the access occurred (so-called referrer URL) in the process described above.
For more information on data protection and data processing at Friendly Captcha, please visit: https://friendlycaptcha.com/de/privacy

Article 6(1)(a) of the GDPR serves as the legal basis for our company’s processing operations in which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party—as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration—then the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of inquiries regarding our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as to fulfill tax obligations, the processing is based on Article 6(1)(c) of the GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were injured on our premises and their name, age, health insurance information, or other vital information subsequently had to be disclosed to a doctor, a hospital, or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR. Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, provided that the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights, and fundamental freedoms of the data subject do not take precedence. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47, Sentence 2 of the GDPR).

The criterion for the duration of personal data storage is the respective statutory retention period. After the period expires, the corresponding data will be routinely deleted, unless it is still required for contract fulfillment or contract initiation.

Data in the candidate pool is stored for a period of 36 months from the confirmation of consent. Before this period expires, affected individuals will be contacted to renew their consent. If consent is not renewed, the data will be deleted. In the event of a successful placement or to comply with legal regulations, the data will be stored according to the statutory retention periods.

To support the assignment of candidates to suitable vacancies, the controller uses software-supported analysis methods that create a preliminary selection of suitable positions based on the information stored in the profile of the data subject (in particular qualifications, professional experience, salary expectations, and regional preferences) (profiling pursuant to Art. 4(4) GDPR). The legal basis for this is the consent of the data subject (Art. 6(1)(a) GDPR).

The final decision on whether a profile is presented to a client is always made by a qualified recruitment consultant – there is no solely automated decision-making as referred to in Article 22(1) of the GDPR.

The logic involved is based on matching the profile data of the affected person with the requirement profiles of open vacancies. The scope is that the affected person will be preferentially considered for a recruitment project if there is a high match. The affected person has the right at any time to object to the processing within the scope of profiling and to request exclusively manual processing of their profile.