Processing of (personal) data by the entity in charge of the online application process

Privacy Policy

1. Introduction

With the following information, we aim to provide you — the “data subject” — with an overview of how your personal data is processed by us and of your rights under data protection laws. In general, our website can be used without entering personal data. However, if you wish to use specific services provided by our company via the website, the processing of personal data may be required. If such processing is necessary and no legal basis exists, we will generally obtain your consent.

The processing of personal data, such as your name, address, or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and the country-specific data protection regulations applicable to OMS Retail GmbH. This privacy policy informs you about the type, scope, and purpose of the personal data we collect, use, and process.

We, as the data controller, have implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, internet-based data transmissions may have security vulnerabilities, so absolute protection cannot be guaranteed. For this reason, you are free to submit personal data to us by alternative means, such as by telephone or post.

You can also take simple and easy-to-implement precautions to protect your data from unauthorized access. Here are a few tips:

Protect your account (login, user, or customer account) and your IT system (computer, laptop, tablet, or mobile device) with strong passwords.
Only you should have access to your passwords.
Use different passwords for different accounts.
Avoid using the same password across different websites, apps, or online services.
Especially when using shared or public IT systems, always log out after your session.

Passwords should be at least 12 characters long and include uppercase and lowercase letters, numbers, and special characters — avoid common words or names.

2. Controller

Controller within the meaning of the GDPR:

OMS Retail GmbH
Gutenbergstr. 20, 30823 Garbsen, Germany
Phone: +49 511 5152830
Email: info@oms-retail.com
Representative: Achim Höfer

3. Data Protection Officer

Contact details:
Kai Ochmann
Phone: +49 7134 90894 0
Email: datenschutz@schuhtronic.de

You may contact our Data Protection Officer at any time with questions or suggestions regarding data protection.

4. Definitions

This privacy policy is based on the terminology used in the GDPR. It is intended to be easily readable and understandable for the public, customers, and business partners. Key terms include:

Personal Data: Any information relating to an identified or identifiable natural person.
Data Subject: The individual whose personal data is processed.
Processing: Any operation performed on personal data, such as collection, storage, modification, or deletion.
Restriction of Processing: The marking of stored personal data to limit its future processing.
Profiling: Automated processing of personal data to evaluate personal aspects, such as behavior or location.
Pseudonymization: Processing personal data so it cannot be linked to a specific person without additional information.
Processor: A person or entity that processes personal data on behalf of the controller.
Recipient: A person or entity to whom personal data is disclosed.
Third Party: Anyone other than the data subject, controller, processor, or those authorized under their responsibility.
Consent: A freely given, informed, and unambiguous indication of the data subject’s agreement to data processing.

5. Legal Basis for Processing

We process personal data on the following bases:

Art. 6(1)(a) GDPR: With your consent.
Art. 6(1)(b) GDPR: To fulfill a contract or pre-contractual measures.
Art. 6(1)(c) GDPR: To comply with a legal obligation.
Art. 6(1)(d) GDPR: To protect vital interests.
Art. 6(1)(f) GDPR: Based on our legitimate interests.

Our services are aimed at adults. Persons under 16 may not provide us with personal data without parental consent.

6. Disclosure of Data to Third Parties

We only share your data:

With your express consent (Art. 6(1)(a) GDPR),
If necessary for legitimate interests (Art. 6(1)(f) GDPR),
Due to legal obligations (Art. 6(1)(c) GDPR),
For contract performance (Art. 6(1)(b) GDPR).

Transfers to the USA occur only if certified under the EU-US Data Privacy Framework or with appropriate safeguards (e.g. Standard Contractual Clauses).

7. Technology

7.1 SSL/TLS Encryption

We use SSL/TLS encryption to protect your data during transmission. You can recognize encrypted connections by “https://” in the browser address bar and the padlock icon.

7.2 Data Collection When Visiting the Website

We collect technically necessary data (e.g., browser type, IP address) via server log files under Art. 6(1)(f) GDPR for:

Display and optimization of content,
Ensuring system functionality,
Security analysis.

7.3 Microsoft Azure (Hosting)

Our website is hosted on Microsoft Azure, which is certified under the EU-US Data Privacy Framework. A Data Processing Agreement is in place with Microsoft.

8. Cookies

8.1 General

Cookies improve usability, track website usage, and store preferences. We use:

Session cookies (deleted after visit),
Persistent cookies (stored for future visits),
Statistical cookies (for analytics).

8.2 Legal Basis

Essential cookies: Art. 6(1)(f) GDPR
Others: Art. 6(1)(a) GDPR (based on consent)

8.3 Cookie Settings in Browsers

Instructions to disable cookies are available for Chrome, Safari, Firefox, Edge.

8.4 Cookie Script (Consent Tool)

We use Cookie Script by Objectis Ltd. to manage cookie consents. It stores anonymized IPs, consent status, and logs them for up to 3 years under legal retention rules.

9. Website Content

9.1 Contact Forms

We collect and process data for handling inquiries (Art. 6(1)(f) GDPR or Art. 6(1)(b) if contractual). Data is deleted after final resolution unless retention laws apply.

9.2 Job Applications

Applicant data is processed for hiring purposes. Unsuccessful applications are deleted after 6 months unless required for legal defense. (Art. 6(1)(b), Art. 88 GDPR, § 26 BDSG)

9.3 Applicant Quizzes

We use Mobile Funnel by Perspective Software GmbH. Data is processed on our behalf under a data processing agreement.

10. Social Media Activities

We are jointly responsible with platforms under Art. 26 GDPR. Data may be processed outside the EU and may be used for profiling or marketing.

10.1–10.4 Platforms

Facebook / Instagram: Meta Platforms Ireland Ltd.
LinkedIn: LinkedIn Ireland Unlimited
XING: New Work SE

Each platform has its own privacy policies, Instagram, LinkedIn, XING.

11. Social Media Plugins

Instagram Plugin

Embedded Instagram buttons collect data (e.g., your visited pages), linked to your Instagram account if logged in. Certified under EU-US Data Privacy Framework. Consent required under Art. 6(1)(a) GDPR.

12. Web Analytics

Google Analytics (Universal)

We use Google Analytics for pseudonymized web usage analysis (Art. 6(1)(a) GDPR). You may opt out via browser add-on. Google is certified under the EU-US Data Privacy Framework.

13. Plugins & Services

YouTube

Embedded videos from YouTube LLC (Google). Data may be linked to your YouTube account if logged in. Consent is required (Art. 6(1)(a) GDPR).

Google Tag Manager

Used for managing website tags. It does not access user data directly. Consent required (Art. 6(1)(a) GDPR).

14. Your Rights

You have the right to:

Confirmation
Access (Art. 15 GDPR)
Rectification (Art. 16 GDPR)
Erasure (Art. 17 GDPR)
Restriction (Art. 18 GDPR)
Data portability (Art. 20 GDPR)
Objection (Art. 21 GDPR)
Withdraw consent
Lodge complaints with a supervisory authority

15–17. Data Retention, Deletion & Updates

We only store data as long as necessary or legally required. Once the purpose or legal retention period expires, data is deleted or blocked.

Last updated: March 2025
The current version is available at: https://karriere.oms-retail.com/legal/privacy-policy

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.