Logo
 

Privacy Policy

 

 Information on data protection for applicants at

CBM Christoffel-Blindenmission Christian Blind Mission e.V.

 

Dear applicants at CBM,

the protection of your personal data is very important to us. Transparency regarding data processing is a central principle of the Church Act on Data Protection Act of the Protestant Church in Germany (EKD Data Protection Act – DSG-EKD). The following data protection information informs you, in accordance with §§ 17 and 18 of the DSG-EKD, about how your personal data is processed by CBM in the context of your application for an open position or a speculative application. 

In this document, we show you which personal data we process about you as an applicant when you send us an application. In addition, we hereby inform you about your general rights in connection with the processing of your personal data (hereinafter also referred to as "data subject rights"). The existence of the rights listed below is subject to the legal requirements for their exercise being met in each individual case.

 

I.          Purposes, legal bases and, where applicable, data categories for the processing of your

personal data

 

1.         Your personal data processed by us 

For the purpose of receiving, communicating (e.g. in the event of queries) and assessing your application, we process your personal application data on the legal basis of § 49 of the (DSG-EKD). This includes, for example, your name, date and place of birth, your (business and private) contact details (mobile phone number and email address), your address, hobbies or information about illnesses, holiday entitlement, health insurance and pension insurance number, nationality, residence permit, work permit and tax status (including religious affiliation). 

We treat all information you provide to us as application data, in addition to details of your education and professional qualifications, your CV, certificates, grades and assessments, salary expectations, driving licence, test results, your photo, any information about your state of health, bank and credit card details, existing wage garnishments, data on any criminal offences or proceedings, certificate of good conduct or other information, including private information if applicable. 

We process the personal data that you provide to us as part of your application. This applies to both your application documents and the information you provide personally during the rest of the application process, e.g. in telephone interviews, recruitment tests, personal interviews, job speed dating events or when visiting a trade fair. In order to comprehensively assess your application, we require your CV and references or corresponding evidence in all cases. Further information, including a photograph, is voluntary. 

Furthermore, in accordance with European Regulations 2580/2001 and 881/2002, we are legally obliged to check the data of applicants against the European Union's so-called terror lists before hiring them, so that no funds or other financial assets are made available to the persons named in the list. This processing is based on § 6 No. 4 and No. 6 DSG-EKD. 

2.    Acquisition on social networks 

In order to find qualified applicants, we also actively search professional social networks and contact potential applicants e.g. via their Xing or LinkedIn accounts. In doing so, we access publicly available personal data on social networks that meet certain filter criteria. We make a note of candidates who are of interest to us, e.g. via the Xing Talent Manager, store their data and inform the persons concerned. Data subjects have the opportunity to comment on such data at any time. We process your data for the purpose of specifically addressing you as an applicant and on the basis of our legitimate interest in recruiting suitable employees, in accordance with § 6 No. 4 DSG-EKD. 

3.    Receipt and processing of applications (selection process) 

You can visit our online job exchange via our careers website. If you are interested in one of our advertised positions, you can apply directly online by registering on the application portal. For this purpose, we use the applicant management tool provided by rexx systems GmbH, Süderstrasse 75-79, 20097 Hamburg. After registering, you will receive a registration confirmation by email. As part of the registration confirmation, you will be asked to confirm your profile and the email address you provided. You can also send us additional documents (such as your CV) via the tool. Please do not send us any sensitive (special categories of personal) data (such as sexual orientation, information about illnesses and pregnancies, religious or political beliefs or trade union membership) or information that is not specifically related to your application. If you use another channel – such as email or post – to submit your application, your data will be recorded accordingly in our application portal. 

We process your personal data, such as contact details and other application data provided by you, for the purpose of reviewing your application documents, conducting telephone interviews, carrying out aptitude tests and interviews, if necessary, and deciding on a job offer (acceptance or rejection). If necessary, we will use your telephone number to remind you of an interview via text message. The network provider usually stores your telephone number for 6 months. 

We may use recruitment agencies to fill selected positions. These agencies provide us with the personal data that you have provided to them. The profiles are forwarded internally to the relevant department, which carries out the selection process. If we receive unsolicited profiles of potential candidates from recruitment agencies, these profiles are usually pseudonymised, i.e. we cannot establish a personal reference without the involvement of the recruitment agency. 

The processing is carried out for the purpose of conducting the application process and, if applicable, the recruitment process, on the basis of § 49 (1) DSG-EKD and, if applicable, on the basis of your consent. 

4.    Recruitment of permanent or freelance employees for specific temporary projects 

We hire permanent or temporary employees for individual projects. We use external recruitment agencies for the application and hiring process, which forward us profiles of potential candidates. These may contain your personal data, provided that the information is not pseudonymised and cannot be traced back to you. The profiles are forwarded internally to the relevant department, which carries out the selection process. A contract is concluded with the final candidate, either directly with us or via the personnel service provider. Your personal data is processed for the purpose of carrying out the application process, on the basis of § 49 (1) DSG-EKD. 

5.    Collection of further information about the applicant and verification of references 

If you provide references including contact details, we may ask for your consent to contact them to verify the information provided (e.g. with your former employer). This is to gain an even more detailed impression of the applicant's previous activities. We collect and check background information on the basis of your consent in accordance with § 6 No. 2 and § 49 (3) of the DSG-EKD. If we use publicly available sources (such as profiles on social networks), we process your personal data for the purpose of conducting the application process on the basis of § 49 (1) of the DSG-EKD. 

6.    Travel expense reports for applicants 

If you travel to us for a job interview, we will reimburse your travel expenses based on the cheapest public transport fare, subject to prior agreement with you. For this purpose, we process your personal data, such as contact details (address, email), identification data (name) and financial data (bank details). Your data will be processed for the purpose of reimbursing travel expenses and conducting the application process on the basis of § 6 No. 5 and § 49 (1) DSG-EKD. 

7.    Preparation of the employment contract 

Once you have been offered a position, we process your personal data in order to draw up your employment contract. To this end, all information relevant to the contract (such as name, address, title, start/end date of contract, place of work, salary, bank details, health insurance, etc.) is processed and forwarded internally to the responsible personnel management staff. Your data is processed for the purpose of drawing up the employment contract on the basis of § 49 (1) DSG-EKD. 

As part of your employment, we also process special categories of personal data (such as your religious denomination for church tax purposes) and personal data relating to criminal convictions and offences (such as your police clearance certificate). We process this data for the establishment and implementation of your employment contract on the basis of § 13 (2) No. 2 and § 49 (3) DSG-EKD. 

8.    Conducting audits/financial audits 

Your personal data may be processed when planning and conducting audits and, if necessary, special audits (in the event of suspected criminal behaviour by employees) within CBM. We process your personal data in order to comply with our legal obligations (e.g. the Association Act) on the basis of § 6 No. 6 DSG-EKD. In addition, we process your personal data on the basis of our legitimate interests in reviewing processes and efficiency within our organisation, rectifying misconduct and preventing fraud, enforcing and/or defending our rights where necessary, and detecting criminal offences, on the basis of § 6 No. 4 and § 49 (2) DSG-EKD. 

9.    Job exchange finest-jobs 

Our job advertisements are usually also published on the job exchange www.finest.jobs.com of rexx systems GmbH. If you submit your application to CBM via the finest-jobs job exchange, the data protection information www.finest-jobs.com/Datenschutz of rexx systems GmbH also applies.

 

II.         Storage and deletion of your personal data 

Once the selection process has been completed, your data will be deleted six months after receipt of the rejection. If the selection process takes longer than six months, applicants will be notified of this by email. If you are hired, your data will be transferred to our internal personnel system and deleted from our application portal.

 

III.         Categories of recipients and possible recipients of personal data

If you apply to CBM in general or for a specific position, the Human Resources department and the HR managers of the respective department will have access to your personal data. Processing is carried out on the basis of § 49 (1) DSG-EKD for the purpose of conducting the application process. 

In addition, according to legal requirements, employee representatives must also be involved in filling vacant positions, so that members of the employee representative body must also be granted access to the application data to the extent necessary. If necessary, an existing representative body for severely disabled persons will also be involved in the decision on hiring. The legal basis for the processing is § 6 No. 6, § 13 (2) No. 2 DSG-EKD in conjunction with the Employee Representation Act and/or the Severely Disabled Persons Act. All employees involved in the application process treat your personal data (in particular application documents) with the utmost care and absolute confidentiality. By granting access rights via our recruiting software, we ensure that only those persons involved in the respective application process can view the relevant application documents. 

As part of the application process, your personal data will be processed by our external service provider (rexx systems GmbH) in accordance with § 30 DSG-EKD. The processing is carried out for the purpose of conducting the application process and initiating an employment relationship under our complete control on the basis of § 49 (1) DSG-EKD.

If we send you your employment contract and documents relating to your application by post, we will transfer your personal data to shipping service providers. In the context of internal audits and special audits, application data may also be transferred to service providers and/or auditing companies under certain circumstances. The transfer is carried out to fulfil legal obligations within the scope of the audit on the basis of § 6 No. 6 DSG-EKD and on the basis of our legitimate interest in asserting and enforcing our rights, as well as for the prevention of fraud, the prevention of abuse of services and the detection of criminal offences, on the basis of § 6 No. 4, § 49 (2) DSG-EKD. Beyond that, we only transfer your personal data if we are legally required to do so. The transfer is then based on § 6 No. 6 DSG-EKD (e.g. to the police authorities as part of criminal investigations). 

 

IV. Transfer of data to a third country or an international organisation 

Data will only be transferred to countries outside the EU or the EEA (so-called third countries) if this is necessary for the execution of your orders, if it is required by law (e.g. tax reporting obligations), if you have given us your consent or within the context of order data processing. If service providers in third countries are used, which is currently not the case, they are obliged to comply with the level of data protection in Europe in addition to written instructions by means of appropriate measures (e.g. agreement of the EU standard contractual clauses).

 

V.         Your rights in the application process

As an applicant, you have the following rights as a data subject vis-à-vis CBM:

  • You have the right to obtain information about the personal data we have stored about you free of charge upon request.
  • You have the right to withdraw your declaration of consent under data protection law at any time. Withdrawing your consent does not affect the legality of the processing carried out on the basis of your consent until withdrawal.
  • In addition, in justified cases, you have the right to rectification, erasure, restriction of processing, data portability and the right to object to processing.
  • In the event of violations of data protection law, you have the right to lodge a complaint with the competent supervisory authority. The competent supervisory authority is the

Data Protection Officer of the EKD

Lange Laube 20, 30159 Hanover

Telephone: +49 (0)511 768128-0

https://datenschutz.ekd.de

 

VI.        Responsible body and contact details of the data protection officer

The responsible body within the meaning of the data protection regulations is CBM Christoffel-Blindenmission Christian Blind Mission e.V., Stubenwald-Allee 5, 64625 Bensheim.

If you have any questions about how we process your personal data or about data protection in general, please contact the Human Resources department or send an email to our data protection coordinator at data-protection@cbm.org.

 

You can contact our data protection officer as follows:

                        Dr Stefan Drewes

                        DPA Drewes Privacy Advice GmbH

Dreizehnmorgenweg 6, 53175 Bonn

                        Tel: +49 228 902480-70

                        kontakt@privacy-advice.com

 

 

VII.       Changes or additions to the information on data processing

CBM reserves the right to change or supplement this information on data processing at any time in accordance with legal requirements. This may be necessary, for example, to comply with new legal provisions or to take new services into account. We therefore recommend that you check our website regularly for information on our current data processing practices.

 

 

Status: 30th of July 2025