We would like to make you aware that due to the structure of the internet, it may be possible that individuals or institutions who are not within our area of authority may not observe the security measures specified under section 6 or may not comply with data protection rules. Data that is provided in an unencrypted form (also when submitted by e-mail) may also be read by third parties. Data that is provided to us via our portal is protected against improper use via an encrypted connection with the server.
When you visit the website operated by FMT International Executive Search GmbH, various types of information are exchanged between your end device and our server. This type of information may include personal data. Information collected in this way is used in various ways including in measures we undertake to optimise our website.
Information is solely processed for the purpose of performing the contract with FMT International Executive Search GmbH. If external service providers are involved in the performance of the contract, your data will only be passed onto them to the extent necessary for this purpose.
Your personal data will be stored and processed in a secure candidate portal for the purpose of providing you support with your career planning.
This data protection information applies to data that is processed by FMT International Executive Search GmbH, Kurfürstendamm 194, 10707 Berlin (the ‘responsible entity’), and for the following website: www.fmt-cornerstone.com. You can send any queries for the attention of the data protection officer in the Data Protection Department at FMT International Executive Search GmbH to the address stated above, or alternatively, send an email to email@example.com.
We collect, process and store the personal data, which has been specified above, for a specific purpose and in accordance with the provisions laid down in the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).
When you visit our website, the browser used on your end device automatically sends information to our website’s server which is temporarily stored in a log file. We do not have any influence over this process. The following information is collected without any action on your part and is saved until it is deleted automatically:
the IP address of the device that is connected to the internet and which is requesting the connection;
the date and time of day each time you access the site;
the name and the URL of the file that has been requested;
the website/application from which access was made (referrer-URL);
the browser you have used and possibly your computer’s operating system as well as the name of your access provider.
The legal basis for processing IP addresses is article 6 para 1 (f) of the GDPR. Our legitimate interests are derived from the reasons we collect data which are listed below. We would to reiterate that it is not possible to directly infer your identity from the data that we collect and that we will not undertake to do so. We only use the IP address on your end device and the data listed above for the following reasons:
to ensure it is possible to easily establish a connection with the website;
to ensure that our website is convenient to use;
to enable system security and stability to be evaluated.
The data is saved for specific purposes for a period of 14 months and then automatically deleted. We also use tracking tools called cookies on our website. Please refer to section 3.2 for more detailed information on the processes that are involved and how your data is used for these purposes.
3.2.1. Cookies – General Information
Cookies are text files which are stored on a user’s computer when he accesses a website through his web browser. The files are either stored in the computer’s temporary memory (session cookies) or permanently on the hard drive (persistent cookies). Cookies send the cookie information back to the server when the user revisits the same webpage which enables him to be identified. This information can be used to collect user statistics or to tailor advertising towards the individual interests of each user. However, this data is not used to enable the visitor to the website to be personally identified and is not combined with personal data.
Please note that disabling cookies may affect some of the functionality of the website or parts thereof. The site may not be as user-friendly or some areas may become completely impossible to use because certain functions are only available if the user has given consent for cookies to be stored.
3.2.2. Google Analytics
On the basis of article 6 para 1 (f) of the GDPR, our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”) for the purpose of tailoring the website to our users’ requirements and to optimise our website on a continuous basis. This means that we create and use pseudonymised usage profiles. Information about your use of this website created by the cookie such as:
operating system used,
referrer URL code (previously visited site),
host name of the accessing computer (IP address),
and time of the server query
are transferred to a Google server in the USA and stored there. This information is used to evaluate the use of the website in order to generate reports on website activity and to provide further services relating to website use and internet use for the purposes of market research and to enable these web pages to be developed in line with requirements. This information may be passed on to third parties in so far as is prescribed by law or where third parties are processing the data on behalf of Google. Your IP address will never be merged with any other Google data. The IP addresses are anonymised so that allocation is not possible (IP masking).
You can prevent cookies from beeing installedon your computer by changing the appropriate settings in your browser software, however, please note if you disable cookies, it may not be possible to use all functions of this website to their full extend.
The scope of business activities undertaken by FMT International Executive Search GmbH centres on searching for suitable candidates for companies (executive search). In order to ensure that we can make the job hunting process as convenient as possible for the candidates, we offer them the opportunity to have their personal data stored on a secure candidate portal on a permanent basis and for a specific purpose. Once your data has been entered, it is not necessary to re-enter this information again. You have the right to access, amend and delete your personal data and you are also entitled to revoke your consent at any time (please refer “Rights” under section 5).
You only need to provide a small amount of information to create your candidate profile (title, first name, surname, email address, telephone number, current employer’s name, current position) and you will receive an email request to confirm these details. The following data fields are provided for your candidate profile, some of which are mandatory whilst others are optional.
Date of birth
Email address (private, business)
Telephone number (private, business, landline, mobile)
Current profession and employer:
Description of role
Base salary/variable salary (current/target)
Period of notice/availability
Education and training
Uploads of certificates and attachments
FMT International is obliged to treat any information that has been provided as part of the recruitment process as confidential and to refrain from disclosing any of this information to third parties. FMT International is supported by other companies who process data on our behalf (i.e. commissioned data processing) and these companies are contractually obliged to comply with statutory data protection regulations and to handle your data carefully in accordance with our instructions. They are not permitted to use your data for their own purposes or to disclose it to third parties. The obligation to maintain confidentiality applies to all employees at our company.
Passing on candidate information to companies
We would like to make you aware that our mail system uses an automated archiving process. This means that in general terms we digitally archive all incoming and outgoing emails in a way that ensures that auditing is possible in accordance with §§ 146, 147 AO of the German GoBD directive concerning the management and storage of electronic documentation. Emails can be stored for up to 10 years.
Please be aware that your job application documents are not transferred in an encrypted form when they are sent by email. We assume that we are also permitted to answer your job application emails in an unencrypted form. If you do not wish us to do this, please can you notify us in your application email. We do not assume any liability if your job application documents are viewed by third parties when your documentation is transferred in an unencrypted form.
We use recruiting software developed by Bullhorn in order to store and process our candidates’ and customers’ personal data for specific reasons. Bullhorn is a leading global provider of CRM and business software for the recruitment industry. Over 8,000 recruitment agencies rely on the cloud-based Bullhorn platform. Bullhorn is headquartered in Boston.
As a data processor, Bullhorn is committed to complying with the EU data protection regulations. Bullhorn was one of the first companies to offer Applicant Tracking Systems (ATS) which are certified in accordance with the SOC-1 Standard Occupational Classification system. Bullhorn was also one of the first SaaS companies (Software-as-a-Service) outside of the financial services industry to carry out security tests in accordance with the SSAE-16/18 framework. Bullhorn undergoes an SOC 1 Type 2 audit once a year that is conducted by an independent third party during which specific internal controls and processes are audited. Internal management structures (governance), production processes, change management, data security (backups) and software development processes are audited during the process. The auditors determine whether Bullhorn is enforcing appropriate controls and processes and whether they are functioning in a correct and effective way and in accordance with the relevant standards. Please refer to Bullhorn’s latest data protection declaration at https://www.bullhorn.com/de/datenschutz-und-cookie-richtlinie-fuer-deutschland/.
To carry out our own diagnostic tests, we use the test platform developed by THE ROC Research on Occupational Competencies GmbH, Rudower Chaussee 17, 12489 Berlin. Your test responses are COMPLETELY ANONYMISED (i.e. with no identifying features) when we carry out the tests and send the information to The ROC to be evaluated. Your data is only transferred for the purpose of evaluating the respective tests.
The ROC GmbH uses the data generated about and by the test subject for the following purposes:
To create reports for the customer, e.g. based on responses provided by the test subject.
To improve the services provided by the platform in general, including improvements to the actual tests.
For research purposes: for example, the responses entered by the test subject are used in an anonymised form for research purposes.
For further information on data protection in relation to the platform, please visit www.therocinstitute.com/datenschutz/.
We use Google reCAPTCHA (hereinafter referred to as reCAPTCHA) on our websites. This is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Inc. is headquartered in the USA and is certified in accordance with EU-US Privacy Shield Framework which guarantees compliance with the levels of data protection which are valid in the EU.
The purpose of reCAPTCHA is to verify whether data that is entered onto our website (e.g. on a contact form) has been entered by a real person or by an automated programme. In order to achieve this, reCAPTCHA analyses the behaviour of the website visitor by means of different observations. This analysis begins automatically as soon as the website visitor accesses the website. reCAPTCHA evaluates various types of information to conduct the analysis (e.g. IP address, duration of the user’s visit to the website and other factors such as mouse movements). The data that is captured during the analysis is transferred to Google.
reCAPTCHA analysis is carried out entirely as a background operation. Visitors to the website are not alerted to the fact that an analysis is taking place. The legal basis of this form of data processing is art. 6 para. 1 (f) of the GDPR. The website operator has a legitimate interest in ensuring that his website is protected from automated illicit access and SPAM.
With the exception of data processing operations described in section 3, we do not pass on your data to recipients with headquarters outside of the European Union or the European Economic Area. The data processing operations outlined in section 3 initiate the transmission of data to servers operated by a provider we have appointed. These servers may be located in the USA in some instances. The transfer of data is carried out in accordance with the Privacy Shield Frameworks and on the basis of the Standard Contractual Clauses adopted by the EU Commission.
In addition to your right to revoke the consent you have granted us, you are also entitled to the following rights on the basis of the respective statutory requirements:
The right to information about the personal data we have stored about you in accordance with art. 15 of the GDPR. You are especially entitled to information concerning the reasons why your data is being processed, the personal data categories, the categories of recipients to whom your data was or will be disclosed, how long your data will be stored for and the source of your data, as long as this has not been collected directly from you.
Right to rectification to have incorrect data rectified or completed if it is incomplete in accordance with art. 16 of the GDPR.
Right to erasure of the personal data we have stored about you in accordance with art. 17 of the GDPR provided that no statutory or contractual retention periods or other legal rights or obligations to continue storing the data need to be observed.
Right to restriction of processing in accordance with art. 18 of the GDPR provided that you have contested the accuracy of the personal data, the processing is unlawful, however, you must oppose the erasure of the personal data; the responsible party no longer needs the data, however, you require them to establish, exercise or defend legal claims, or you have objected to the processing pursuant to art. 21 of the GDPR.
Right to data portability pursuant to art. 20 of the GDPR, i.e. the right to have data you have provided us about you that we have stored transferred in a conventional machine-readable format or to demand that the information is transmitted to another responsible party.
Right to lodge a complaint with a supervisory authority. As a general rule, you can contact the supervisory authority located at your usual place of residence or work, or the authority that governs our company headquarters.
Please contact us by email if you would like to exercise your rights or if you have any questions at: firstname.lastname@example.org.
5.2. Right to object
In accordance with the requirements stipulated in art. 21 section 1 of the GDPR, it is possible to object to the processing of personal data for reasons that arise from an exceptional circumstance that affects the data subject.
All personal data transmitted by you shall be encrypted using the generally accepted and secure standard SSL (Secure Socket Layer). In addition, we use appropriate technical and organisational security measures to protect your data against deliberate manipulation, partial or complete loss or unauthorised access by third parties. Our security measures are continually improved in line with technical developments.
It will be deemed that the user has granted his consent to the changes and/or additions provided that the user does not object in writing (by email) within 6 weeks from the date that the amendment notification has been received.
The masculine form is used to improve readability. The male form shall be interpreted to mean both male and female persons.