(Version 2.0; Published 31.08.2021)
GDPR - Abbreviation for General Data
Protection Regulation, which harmonises the rules for processing personal data, by most EU data processors, for the protection of personal data.
If you have any questions or comments about how we process your personal data, please do not hesitate to get in touch with us via the email address given under Point 2 ("Who is responsible for processing your personal data and how can you contact us?").
The data processing conducted by JOIN can essentially be summarised as follows:
2. Who is responsible for processing your personal data and how can you contact us?
Our data protection officer can be reached at the following address: JOIN Solutions AG, Data Protection Department, Landsgemeindeplatz 6, 9043 Trogen, Switzerland, or at [email protected]
We have appointed the following company as our EU representative within the European Union in accordance with Article 27 (1) GDPR in conjunction with Article 3 (2) GDPR: Fux:Legal, Krausnickstrasse 10, 10115 Berlin, Germany, Data Protection Department. Can also be reached at [email protected]
3. Why and on what legal basis do we process your personal data?
3.1 Visiting our website
When you visit our website, in particular our platform, the platform and the browser used on your device automatically send information to our servers and temporarily store it in a log file. The following information is recorded without any action on your part and stored in the log file until it is deleted either automatically or manually:
The processing of the above-mentioned data takes place on the basis of Article 6 (1) (f) GDPR. Our legitimate interest is based on the data collection purposes listed below. We would like to take this opportunity to point out that we cannot and do not draw any conclusions about your identity from the data collected. The IP address of your device and the other data listed above are used by us for the following purposes:
3.2 Conclusion, execution or termination of the applicant/candidate user agreement
We envision ourselves as an innovative job placement platform. Our stated goal is to be able to offer every user the perfect job. When you register on our platform by creating a user account (which includes your basic profile and your pending or completed applications that have not been deleted), we use your personal data for the following purposes:
The legal basis for the above-mentioned purposes is the fulfilment of our agreement with you in accordance with Article 6 (1)(b) GDPR. If your consent is required for this data processing in accordance with Article 6 (1)(a) or Article 9 (2)(a) GDPR, we will obtain this explicitly from you when we collect your personal data.
You have the option to edit or delete the settings and data in your user account and the respective job application at any time. Please note that if you do not provide the data necessary to fulfil the stated purpose, you may no longer be able to access all the services we offer.
Below you will find a detailed list of the data collection purposes and the data categories that we process to fulfil our obligations towards you when you have a user account with us, provided your contractual relationship with us has not been terminated:
3.2.1 Data collected when creating and using a user account
When you create and manage a user account, we collect the following data from you:
3.2.2 Data collected when applying for a specific job
When you apply for a specific job advertised via our platform, we collect and transmit the following data to the recruiting company:
In order to enable you to apply for specific jobs advertised via our platform and to manage your application process, as well as to be able to suggest suitable jobs for you, we also collect your personal data for sending and receiving emails. We can send information, confirmation and feedback emails to you directly or on behalf of the company to which you have applied. If you apply for a specific job, we will transmit your data, in particular your application documents and related information, to the recruiting company posting the job advert. The recruiting company can then view your user account.
3.2.3 Data collected to forward job offers ("suggestion function")
We use the data from your user account on the basis of Article 6 (1)(b) GDPR to offer you the most attractive job offers possible that correspond to your stated personal interests and/or needs, without bothering you with unsuitable offers. In order to determine the best vacancies to forward to you, we analyse your personal data and compare it with the requirements of the job vacancies available. As soon as a new vacancy is published on our platform, we process the following data in order to check whether it corresponds to your requirement profile and whether we should forward this job offer to you:
If the matching process described shows that you are likely to be interested in the vacancy, we will use your email address to contact you or contact you via our platform to draw your attention to this vacancy. You can then decide for yourself whether you want to apply for this position. If you do not wish to receive any further offers in future or if you wish to revoke your consent to the automatic transmission of your profile data to recruiting companies posting job adverts, you can unsubscribe from these notifications or revoke your consent at any time. To do this, either use the unsubscribe button in the email sent to you or send us a brief request via email to the address listed under Point 2 ("Who is responsible for processing of your personal data and how can you contact us?"). Please note that if you unsubscribe, you may no longer be able to benefit from our full range services, in particular job vacancy suggestions.
3.3 Conclusion, execution or termination of the company/corporate customer service agreement
We envision ourselves as an innovative job placement platform. Our stated goal is to offer our customers a platform on which they can place job adverts and receive and manage application data. To access our services, you are required to register yourself and the company you work for with us, which allows you to:
In order to provide these services, we collect your personal data that you make available to us via the platform.
The legal basis for the above-mentioned purposes is our fulfilment of the agreement with you or your organisation in accordance with Article 6(1)(b) GDPR. If your consent is required for this data processing in accordance with Article 6 (1)(a) or Article 9 (2)(a) GDPR, we will obtain this explicitly from you when we collect your personal data.
You have the option to edit or delete the settings and data in your employee account and the company account/profile, the applicant management tool and other general functions on our platform at any time. Please note that if you do not provide the data necessary to fulfil the stated purpose, you may no longer be able to access all the services we offer.
Below you will find a detailed list of the data categories that we process to fulfil our obligations towards you when you have an employee account or your company has a company account/profile with us, provided the service agreement has not been terminated:
3.3.1 Data collected when creating and using a company account
In order to use our platform, you and the company you work for must register with us and create a company account. Once that is done, other employees from your organisation can also register and use our platform and our services (see Section 3.3.2 below, "Data collected when creating an employee account"). To create and manage a company account, we collect the following data from you and your company:
3.3.2 Data collected when creating an employee account
Once you have created the company account, you will be invited to register as an employee on our platform in connection with your company account. This will allow you to create your own account to create and manage job adverts, manage job applications and contact potential candidates. For this, we collect the following personal data:
3.3.3 Data collected when creating job adverts (including multiple postings) and company profile
When you create a job advert for a vacant position in your company on our platform and agree to have it managed by us or create a company profile, we collect the following data from you, employees of your company and your company:
This personal data is collected so that we can manage the job adverts as instructed by you and your company (including multiple postings) and so that your company can create a company profile on our platform. The job adverts that we manage for you are usually publicly accessible.
3.3.4 Data collected to manage the application process
When a candidate applies for an advertised vacancy in your company, we collect the following personal data on the basis of Art. 6 (1)(b) GDPR for the purpose of forwarding the application to you and for managing the application process:
This personal data is collected so that you can use our platform to process and manage the application process.
3.3.5 Data collected to find perfect candidates ("suggestion function")
In order to help you and your company to find the perfect candidate for a position you have advertised, we analyse personal data of candidates who are registered on our platform and match it with the requirements of vacant job offers. We collect the following data to suggest suitable candidates for your advertised positions:
When we have identified a candidate who may potentially be interested in the vacancy, we will forward the advertised position to them so that they can apply to you and your company. All personal data contained in the job description, including the contact details provided, will be forwarded by the responsible person in your company. Once we have contacted the candidate, he or she is then free to apply, however we cannot guarantee that he or she will take action. If a candidate has agreed that we can forward their contact details directly to you and your company should a vacancy arise that matches their requirements, you can then contact them directly if you are interested.
3.3.6 Data collected for invoicing
When you use one of our fee-based services or products ("fee-based services"), we collect the following personal data on the basis of Article 6 (1)(b) and (c) GDPR in order to invoice or to settle any other costs:
3.4 User and customer support
We use the support tool from Intercom Inc., 55 2nd Street, 4th Floor, San Francisco, CA 94105, United States ("Intercom") to process service, support and other user enquiries as part of our contractual obligations and services in accordance with Article 6 (1)(b) GDPR. When you submit a support request via one of our channels (e.g. our contact form, live chat, email, etc.), the following data - depending on the content and the selected contact channel - will be collected via Intercom servers:
3.4.2 Mailchimp and Mandrill
We use the tool MailChimp and the associated Mandrill interface from the provider Rocket Science Group, LLC, 512 Means St., Suite 404 Atlanta, GA 30318, USA ("MailChimp") to process service, support and other user enquiries and to send confirmation emails, e.g. when registering on our platform, as part of our contractual obligations and services in accordance with Article 6 (1) (b) GDPR. We also use the double opt-in procedure when you register for our platform: after registration you will receive an email with a link, which you must click to expressly confirm your registration again. Only then will your account be activated for you. The following data is collected via MailChimp servers to manage the job offers for our users:
We have linked our contact form with the Customer Relationship Management Tool ("CRM Tool") from Pipedrive, Paldiski mnt 80, Tallinn, 10617, Estonia, as well as its subsidiary in the USA, in order to be able to process and answer your requests and messages to us as quickly as possible and to manage your contact details. When you contact us (via contact form or email), your details for processing your request and its progress will be collected as part of our contractual obligations and services in accordance with Article 6 (1)(b) GDPR. The data transmitted when filling out the form is sent to Pipedrive and stored there on Pipedrive’s servers, which may also be located outside Switzerland and the EU, particularly in the USA. In principle, however, Pipedrive has no access to your data, except in accordance with our instructions. The following data about you may be collected as a result:
We also use the service provider Customer.io, operated by Peaberry Software Inc., 921 SW Washington Street, Suite 820, Portland, Oregon, 97205 to send system messages, as part of our contractual obligations and services in accordance with Article 6 (1)(b) GDPR, ("Customer.io" or "messaging service provider").
The following data about you may be collected as a result:
Your data may be sent to Customer.io and stored there on Customer.io’s servers, which may also be located outside Switzerland and the EU, particularly in the USA. The messaging service provider may use your data in anonymised form, i.e. without assignment to a user, to optimise or improve its own services, e.g. for technical optimisation of messaging and email presentation or for statistical purposes.
However, the messaging service provider does not use your data to write to you directly or pass your data on to third parties.
We use software from FrontApp Inc., 550 15th St., CA 94103 San Francisco, USA, ("FrontApp") to organise and process our customer support enquiries in the best possible way, as part of our contractual obligations and services in accordance with Art. (1)(b) GDPR. FrontApp channels all customer requests in one application and helps us organise customer requests with flags (e.g. Processing or Resolved) to enable us to solve your enquiry as quickly as possible.
The following data about you may be collected as a result:
Personal data relating to you that JOIN enters or uploads into the CRM tool from time to time.
We use the services of Appcues Inc, 54 Canal St 6th Floor, Boston, MA 02114, USA ("Appcues") to ensure a smooth, personalised user onboarding process. Appcues is a customer experience software service. We use Appcues to give you relevant information about our services at certain points. In order to be able to do this in a meaningful way, we need to collect certain information about you:
3.5 Website optimisation
We will not sell or rent your information to third parties for marketing purposes without your express consent. Only in certain circumstances, will we pass on certain data to third parties in order to be able to offer you the best possible customer experience, to improve the quality of our services from time to time and to protect the interests of our users. However, such disclosure will always be subject to strict restrictions as described below:
3.5.1 Cookies – General information
If you already have a user account and are logged in, the information stored in the cookies will be assigned to your user account.
We do not use any cookies that go beyond what is necessary to ensure the optimal presentation and functionality of our site without your express consent. You can easily manage or revoke your consent at any time free of charge here [insert LINK].
Most browsers accept cookies automatically, but you can configure your browser in such a way that no cookies are stored on your computer or that a message always appears before a new cookie is created. However, please note that if you disable cookies completely, you may not be able to access all the functions available on our platform. The length of time cookies are stored depends on their purpose and varies accordingly.
3.5.2 Google Analytics
The lifespan of these cookies is three months. The information generated by the cookie about your use of our platform such as
are transferred to a Google server in the USA and stored there.
The information is used to analyse how our services are used, to compile reports on site activities and to provide other services related to the use of our services for the purposes of market research and personalisation. This information may also be transferred to third parties if this is required by law or insofar as third parties process this data on our behalf. Under no circumstances will your IP address be merged with other Google data. The IP addresses are anonymised in such a way that it is no longer possible for them to be assigned to a specific person (IP masking).
You can prevent the collection of personal data generated by the cookie through your use of our services (including your IP address) and the processing of this data by Google as well as object to further processing via the cookie by downloading this browser add-on and adjusting the settings of your browser software accordingly. We recommend using private mode on mobile devices. Further information on privacy with Google Analytics can be found on the Google Analytics website. If you have a Google account and you are logged in when you visit our site, Google can merge and store the data collected on our site with the data that Google already has about you and use it for its own purposes.
3.5.3 Bing Ads
Our website uses Bing Ads (bingads.microsoft.com) provided and operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA ("Microsoft") in order to determine whether a visitor has clicked on one of our ads, has been redirected to our website or has reached a previously designated landing page ("conversion page"). The legal basis for this is Article 6 (1)(a) GDPR. When you visit our website via a Microsoft Bing ad, Microsoft will place a cookie on your device. The lifespan of such cookies is one year.
We only are informed of the total number of users who clicked on a Bing ad and were then redirected to the conversion page. Microsoft collects, processes and uses information via the cookie, from which user profiles are created using pseudonyms. These usage profiles are used to analyse visitor behaviour and to display advertisements. No personal information on the identity of the user is processed. The information generated by the cookie such as
are transferred to Microsoft servers in the USA or Europe and stored there.
We use the web analysis service of Hotjar Ltd., Elia Zammit Street 3, St Julians STJ 1000, Malta ("Hotjar") for tailoring our services and continuous optimisation of our platform. The legal basis for this is Article 6 (1)(a). Hotjar is used to create so-called heat maps, i.e. statistical overviews of mouse movements and clicks on our platform. This enables us to determine which functions are frequently used on our platform and to further improve them. Hotjar uses a cookie to analyse user behaviour on our platform. The lifespan of such cookies is one year. The information generated by the cookie about your use of our platform such as
are transferred to a Hotjar server and stored there.
3.5.5 Facebook Pixel
In order to measure, customise and optimise our Facebook campaigns, we use Facebook Pixel from Meta Platform Ireland Ltd (hereinafter referred to as “Facebook“), 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The legal basis for this is Article 6 (1)(a) GDPR. This pixel is embedded in the code of our platform and enables us to ensure that the Facebook ads we initiate are only displayed to Facebook users who have shown an interest in our services. This ensures that our Facebook ads reflect the potential interest of each user and that our users are not bothered by irrelevant content. Additionally, it enables us to track the actions of Facebook users after they have seen or clicked on one of our Facebook ads. This helps us measure the conversion of each campaign for statistical, market research and billing purposes. The following information is collected as a result:
For cases in which JOIN and Facebook are jointly responsible for the processing of your data collected and processed on our website by Facebook Pixel when using the said software, we have concluded a corresponding contract with Facebook in accordance with Article 26 GDPR. You can contact us at any time via the email address given under Section 2 ("Who is responsible for processing your personal data and how can you contact us?") to request further information on this contract.
3.5.6 Stripe payment service
3.6 Other data processing
If anonymous data processing is not possible, we also process your personal data from sections 3.1 to 3.5 in order to run our business (e.g. to carry out administrative and organisational processes), to monitor and analyse our offer and to improve our services for you. In addition, we use your personal data to promote and develop our business relationship with you, to identify services that may be of interest to you, to conduct business development activities, to send you publications and news and to invite you to events.
4. Who do we share your personal data with?
We may also disclose your personal data to third parties if:
5. Do organisations outside Switzerland and the EU receive your personal data?
As described above, we may also transmit your personal data to recipients based outside Switzerland, the European Union ("EU") and the European Economic Area ("EEA"). This applies in particular to the aforementioned processing with analysis or targeting technologies, which may involve the transmission of data to the servers of our service providers. Other recipients may be affiliated service providers that we use to provide our services, e.g. hosters, CRM tools, analysis service providers, job advert portals for multiple posting or tender companies. These servers may be located outside Switzerland, the EU or the EEA, particularly in the USA.
We take the utmost care to ensure that our service providers and other recipients of your data guarantee data protection standards equivalent to those of the DSG and the GDPR and that the current guidelines are observed. We therefore only transmit your data to recipients who are based in a country that is recognised by the responsible authority in Switzerland (Federal Data Protection and Information Commissioner or Federal Council) or the EU (European Commission) as a country with adequate level of data protection. If a recipient is based in a country that is not recognised as having an adequate level of data protection, such as the United States, we take additional protective measures in accordance with the current data protection laws or obtain appropriate contractual guarantees from these recipients, which guarantee compliance with these Swiss and EU standards and the enforcement of the rights of the parties concerned, e.g. on the basis of standard contractual clauses of the EU Commission or the EDÖB (Federal Data Protection and Information Commissioner).
6. How long do we keep your personal data?
In general, your personal data will only be processed and stored by us for the period required for the purpose for which it was collected (see Section 3, "Why and on what legal basis do we process your personal data and who do we share it with?"), or for the period we are legally obliged to do so.
After the retention period (usually six to ten years after the end of the contract), your personal data will be deleted, unless JOIN has a legitimate interest to keep your data longer.
7. What rights do you have regarding your personal data?
You are entitled to the various rights regarding your data processed by JOIN:
In particular, you have the right to the following:
If you have consented to the processing of your personal data for a specific purpose, you can revoke your consent for this specific processing at any time. If you tell us that you revoke your consent, we will no longer process your personal data for this specific purpose, unless there is another legitimate interest linked to it.
If you believe that we have not handled your request or your concern to your satisfaction, or that we do not process your personal data in accordance with data protection guidelines, you can also contact the data protection regulator (right of appeal) in Switzerland at Federal Data Protection and Information Commissioner.
7.2 Right of objection
You also have the option of contacting the following regulator: Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstrasse 219, 10969 Berlin.
8. How do we protect your data?
We use the highest standards for information security for our infrastructure and the processing of your data. For example, we use computer safeguards such as firewalls and data encryption. Physical access controls are installed on our buildings and files. Access to our customers' personal data is only possible for those employees who need it to carry out their work.
In addition, all data personally submitted by you, including your payment details, is transmitted using the generally accepted and secure Secure Socket Layer (SSL) technology. SSL is a secure and proven standard that is also used for online banking. You can recognise a secure SSL connection by the “s” attached to the http (i.e. https:/…) in the address bar of your browser or by the lock icon in the lower area of your browser.
We also use appropriate technical and organisational security measures to protect your personal data stored with us against manipulation, partial or complete loss and against unauthorised access by third parties. Our security measures are continuously monitored in line with technological developments, regularly adapted to reflect the respective risk and upgraded as required.