Application process data protection statement and information for data subjects pursuant to Article 13 and Article 14 of the EU General Data Protection Regulation
1. General Information: Who is responsible and whom can I approach?
With the following information, we want to give you an overview on the processing of your personal data by MX Healthcare GmbH as well as your respective data protection rights. Processing and usage of data depends in detail on the agreed services. Therefore, not all parts of the information listed below may apply.
Company: MX Healthcare GmbH
Legal representative: Jonas Muff
Address: Max-Urich-Str. 3, 13355 Berlin, Germany
Data Protection Officer / Datenschutzbeauftragter
2. We process your data for the following purposes and on the following legal basis:
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the German Data Protection Law (Bundesdatenschutzgesetz, BDSG):
a. For the fulfillment of pre-contractual obligations
(Art. 6 sect. 1 lit. b in conjunction with Art. 88 GDPR and § 26 BDSG)
Data provided is exclusively used for the assessment of professional qualification and for contacting applicants. Data processing aims at entering an employment relationship and conducting pre-contractual measures per inquiry.
b. For the fulfillment of contractual obligations (§ 26 BDSG)
Data processing is conducted to provide or terminate employment under an existing employment contract or for the provision of pre-contractual measures per inquiry. As far as additional services are made use of, data is also processed to provide such additional services if necessary.
c. In the course of balancing interests (Art. 6 sect. 1 lit. f GDPR)
If required, we process data beyond meeting contractual obligations for the purpose of protecting legitimate interests of MX Healthcare GmbH or third parties. For instance, this could include:
• Measures for facility and system security
(e.g. access management, operation of security cameras, etc.)
• Assertion of legal claims or defense in legal disputes
3. Who may obtain and/or access your data?
a. Within MX Healthcare
Our employees, as far as this is required to contact you or to meet contractual and legal obligations (including the provision of pre-contractual measures).
b. Within the scope of data commissioning (internal recipients)
Your data may be passed on to other providers which act as data commissioners on behalf of MX Healthcare. For instance, this could entail providers in the following areas:
• Data storage and backup services
• Office and collaboration software
• HR management and administration
MX Healthcare has contractual agreements with these providers to ensure guaranteed levels of data protection at all times in compliance with European data protection standards.
c. Other recipients (third parties)
Any other transfer of data to recipients outside of MX Healthcare strictly follows applicable data protection regulations. Recipients can include:
• Public authorities (fiscal or law enforcement bodies) in case of legal obligation
• External data protection officer
• External auditing bodies
4. Is any data transferred to third countries or international organizations?
Data is transferred to entities outside the European Economic Area (EEA), insofar as
• The transfer is required by legal obligations (e.g. tax-related reporting requirements)
• The transfer is based on your consent
• The transfer is based on a data commissioning contract between MX Healthcare and a provider. In this case, data is only transferred
- If the European Commission has acknowledged that the third country ensures an adequate level of protection (Art. 45 GDPR) or
- Based on appropriate guarantees (e.g. standard data protection clauses issued by the European Commission).
Currently, your data may be processed by the following providers located outside the European Union or in countries outside the European Economic Area (EEA):
335 South 560 West,
Lindon, Utah, 84042-1911
Providers are further required to ensure guaranteed levels of data protection in relationship with their contractual partners to comply with European data protection standards.
5. For how long is your data being stored?
In case your application is rejected, MX Healthcare deletes all data six months after notifying you of its decision. In case your application leads to an employment, your application data is saved at least for the duration of your employment.
6. Your data protection rights
You have the right to access your data according to Art. 15 GDPR, the right to correct your data according to Art. 16 GDPR, the right to delete your data according to Art. 17 GDPR, the right to restrict processing of your data according to Art. 18 GDPR, the right to object processing according to Art. 21 GDPR as well as the right to data portability according to Art. 20 GDPR. For your right to access and delete data, restrictions resulting from §34 and §35 BDSG could apply.
You can further exercise your right to formulate a complaint with your responsible data protection authority (Art. 77 GDPR in conjunction with §19 BDSG). A list of data protection authorities (for non-public entities) including contact data can be found here:
7. Is there an obligation to provide data?
You have to provide the data required to enter, carry out and terminate the contractual agreement as well as to meet further contractual or legal obligations. MX Healthcare will not be able to conclude or exercise a contract with you without this data.
8. Information regarding your right to objection according to Art. 21 of the European General Data Protection Regulation (GDPR)
It is your right to object to the processing of your personal data that is based on art. 6 sect. 1 lt. f GDPR for reasons resulting from your specific situation. MX Healthcare will no longer process your personal data after your objection, unless it proves of overriding mandatory grounds or the processing serves the assertion, exertion or defense of legal claims.
If you want to make use of your right to object, please direct an email to the following address: firstname.lastname@example.org.