Privacy Policy

1. General Information

This privacy policy explains how Curicum Personalberatung GmbH processes personal data when you visit our website, contact us, submit an enquiry, or provide personal data in the context of a candidate, application or employer enquiry.

Personal data means any information relating to an identified or identifiable natural person. This includes in particular names, contact details, professional information, application documents, qualification certificates, communication content and technical data generated when you visit our website.

We process personal data exclusively in accordance with the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (BDSG) and all other applicable data protection provisions.

2. Controller

The controller within the meaning of the General Data Protection Regulation is:

Curicum Personalberatung GmbH
Obermeiers Feld 2-4
33104 Paderborn
Germany

Managing Director: Sheng Huang
Phone: +49 (0) 5254 937 96 83
E-Mail: info@curicum.de
Website: www.curicum.de

For data protection enquiries, you can reach us at the above contact details or by e-mail at: datenschutz@curicum.de

3. Accessing and Using Our Website

When you access our website, our web server automatically processes certain technical information, which may include:

• IP address of the requesting device
• Date and time of access
• Page or file accessed
• Referrer URL
• Browser used and browser version
• Operating system used
• Amount of data transferred
• Server status messages

This data is processed to provide the website technically, to ensure its stability and security, and to detect misuse or technical disruptions.

The legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the secure, stable and functional provision of our website.

Server log files are only stored for as long as necessary to achieve the above purposes and are then deleted or anonymised, unless further retention is required for security reasons.

4. Hosting and Technical Service Providers

Our website is hosted by a technical service provider. The hosting provider processes personal data generated when you visit the website on our behalf or as part of the technical provision of the website.

Hosting provider: [please confirm hosting provider name]
Server location: [EU / Germany / please confirm]

Where the hosting provider acts as a processor for us, we have concluded a data processing agreement with them in accordance with Art. 28 GDPR.

The legal basis for using the hosting service provider is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the reliable and secure provision of our website.

5. Contact via Contact Form, E-Mail or Telephone

If you contact us by contact form, e-mail, telephone or other means of communication, we process the information you provide in order to handle your enquiry and communicate with you.

Depending on the contact method, the following data may be processed in particular:

• Name
• E-mail address
• Phone number
• Company or organisation
• Content of your message
• Time of contact
• Further information you voluntarily provide

The legal basis is Art. 6 (1) (b) GDPR where your enquiry relates to the initiation or performance of a contract. In all other cases, processing is based on Art. 6 (1) (f) GDPR. Our legitimate interest lies in handling and responding to your enquiry.

The transmitted data will be deleted as soon as it is no longer required for the processing of your enquiry and no legal retention obligations or legitimate interests in further storage exist.

6. Employer Enquiries and Client Communication

If you contact us as an employer, institution, clinic, care facility, company or cooperation partner, we process the data you provide to handle your enquiry, coordinate possible services, prepare offers and conduct pre-contractual or contractual communication.

The following data may be processed in particular:

• Name and professional contact details of contact persons
• Position, department and organisation
• Professional phone number and e-mail address
• Information on staffing needs, roles, qualification requirements or projects
• Communication content and correspondence history

The legal basis is Art. 6 (1) (b) GDPR where processing is required for the performance of pre-contractual measures or a contract. Where professional contact data is processed for general business initiation or the maintenance of business relationships, the legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the initiation and implementation of business contacts in the field of HR consulting and recruiting.

7. Candidate Enquiries, Application Documents and Talent Pool

If you contact us as a candidate, are interested in a professional opportunity, submit application documents or wish to be included in a talent pool, we process the personal data you provide to review, advise, communicate and, where applicable, place or support you in the application and recognition process.

Depending on the individual case, the following data may be processed in particular:

• Name, date of birth, contact details and place of residence
• CV, professional background and qualifications
• Certificates, educational and academic records
• Language certificates and information on language skills
• Professional licences, recognition documents or notices
• Information on desired areas of work, availability and professional goals
• Communication content and consultation history
• Where necessary: passport copies, visa documents or further documents required for the specific process

Processing is carried out to handle your enquiry, to identify suitable professional opportunities, to communicate with you, to prepare employer contacts and to support recognition, employment or residence-related process steps where required in the specific case.

The legal basis is Art. 6 (1) (b) GDPR where processing is required for the performance of pre-contractual measures or a placement, advisory or support relationship. Where you expressly consent to inclusion in a talent pool or to longer-term storage of your data, the legal basis is Art. 6 (1) (a) GDPR. Any consent given can be withdrawn at any time with effect for the future.

We only process special categories of personal data within the meaning of Art. 9 GDPR where this is legally permissible, required or expressly initiated by you in the specific individual case. Please do not send us sensitive data that is not necessary for the respective purpose.

8. Disclosure of Data to Employers, Cooperation Partners and Service Providers

Personal data is only disclosed where there is a legal basis for doing so, where it is necessary to process your enquiry or carry out a specific process, or where you have previously given your consent.

Depending on the individual case, data may be disclosed to the following categories of recipients:

• Potential employers or placement sites
• Cooperation partners in the context of HR consulting or process support
• Translators or interpreters
• Advisory and support service providers
• Authorities, chambers, recognition bodies or other public offices where required in the specific process
• IT, hosting and form service providers

Candidate data is generally only disclosed to potential employers where this is necessary for the specific application, placement or coordination process, or where you have given us your corresponding consent.

We only transmit the data that is necessary for the respective purpose. Recipients are obliged to maintain confidentiality where required or are involved on the basis of appropriate data protection agreements.

9. International Data Transfer and Third-Country Relevance

As Curicum operates in the German-Chinese HR and recruiting context, it may in individual cases be necessary to exchange personal data with persons, bodies or service providers outside the European Union or the European Economic Area, in particular where candidates are located abroad or an international application, recognition or preparation process is being supported.

Personal data is only transferred to third countries where this is necessary in the specific individual case, an appropriate legal basis exists and the data protection requirements are met. Where required, appropriate safeguards within the meaning of Art. 44 et seq. GDPR are used, for example EU Standard Contractual Clauses or other permissible protective mechanisms.

Please note that third countries outside the EU/EEA may not have a level of data protection comparable to the European Union. We take care to limit data transfers to what is necessary and to implement appropriate protective measures.

10. Use of Typeform for Online Forms

For certain online forms on our website, we may use the Typeform service. The provider is Typeform S.L., Spain.

When you fill in a form embedded via Typeform, the data you enter is processed by Typeform and transmitted to us. Depending on the form, this may include in particular your name, e-mail address, phone number, company, professional information, message content or further voluntary information.

We use Typeform to provide online enquiries technically, to record them in a structured manner and to process them internally. The legal basis is Art. 6 (1) (b) GDPR where the form serves to initiate or perform a contract. In other cases, the legal basis is Art. 6 (1) (f) GDPR. Our legitimate interest lies in the user-friendly and efficient recording of enquiries.

Where Typeform processes personal data on our behalf, this is done on the basis of a data processing agreement in accordance with Art. 28 GDPR. Please note that Typeform may itself use sub-processors. Further details can be found in Typeform’s privacy and data processing information.

11. Cookies and Similar Technologies

Our website uses cookies and similar technologies. Cookies are small text files stored on your end device. Some cookies are technically necessary for the website to function correctly. Other cookies or technologies may serve the purposes of statistics, reach measurement, improving our offering or embedding external content.

Technically necessary cookies are used on the basis of Section 25 (2) TDDDG and Art. 6 (1) (f) GDPR. Our legitimate interest lies in providing our website in a functional, secure and user-friendly manner.

Non-technically necessary cookies and similar technologies are only used where you have previously given your consent. The legal basis is Section 25 (1) TDDDG in conjunction with Art. 6 (1) (a) GDPR. You can withdraw or change your consent at any time with effect for the future.

The specific cookie categories and selection options can be found in our cookie banner or under “Cookie Settings” in the footer of the website.

12. External Content, Analytics and Marketing Services

Where external content or services are embedded on our website, for example maps, videos, analytics tools, tracking technologies, social media elements or appointment booking tools, we will provide information about this separately in this privacy policy or in the cookie settings.

Currently used external services: [please review and add — website administrator action required]

Non-technically necessary external services are only loaded after prior consent, where information is stored or accessed on your end device or personal data is processed for analytics or marketing purposes.

13. Storage Duration

We store personal data only for as long as necessary for the respective purposes or as required by statutory retention obligations.

Contact and enquiry data is generally deleted as soon as the enquiry has been fully processed and no statutory retention obligations or legitimate interests in further storage exist.

Data from employer or client communication may be stored for the duration of the business relationship and in accordance with statutory retention periods.

Candidate data and application documents are deleted as soon as they are no longer required for the specific application, placement, recognition or advisory process, provided there is no consent to longer storage, no statutory retention obligations and no legitimate interest in further storage.

Data processed on the basis of consent is stored until the consent is withdrawn or the purpose of storage no longer applies.

14. Rights of Data Subjects

Subject to the applicable statutory conditions, you have the following rights:

• Right of access pursuant to Art. 15 GDPR
• Right to rectification pursuant to Art. 16 GDPR
• Right to erasure pursuant to Art. 17 GDPR
• Right to restriction of processing pursuant to Art. 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to object pursuant to Art. 21 GDPR
• Right to withdraw a given consent pursuant to Art. 7 (3) GDPR

To exercise any of these rights, please contact us at any time using the contact details above.

15. Right to Object to Processing Based on Legitimate Interests

Where we process personal data on the basis of Art. 6 (1) (f) GDPR, you have the right to object to this processing at any time on grounds relating to your particular situation.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

16. Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority if you consider that the processing of your personal data infringes data protection law.

The competent authority for North Rhine-Westphalia is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Kavalleriestraße 2-4
40213 Düsseldorf
Phone: +49 (0)211 / 38424 – 0
E-Mail: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

You may also contact any other competent data protection supervisory authority.

17. Security of Processing

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures include in particular, depending on the processing: access restrictions, encryption, role and authorisation concepts, secure communication channels and organisational confidentiality measures.

Please note that data transmission over the internet may have security vulnerabilities. Complete security of data transmission cannot be guaranteed.

18. Updates to This Privacy Policy

We reserve the right to update this privacy policy if our data processing activities, our website, the services used or legal requirements change. The current version published on this website shall apply in each case.