Stepstone Privacy Policy
Thank you for visiting our website. The protection and confidentiality of your data is of great importance to Stepstone.
In the following, we inform you about the processing of personal data in connection with the services that we offer on www.stepstone.de or other websites or apps (hereinafter collectively referred to as “platforms”) that incorporate this privacy policy.
A. General Section
In this section, we explain what personal data is and who is responsible for its processing.
1. What is personal data?
According to Article 4 (1) of the General Data Protection Regulation (“GDPR”), personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier. You can also be identified by one or more special characteristics that are an expression of your physical, physiological, genetic, psychological, economic, cultural or social identity.
2. Responsible body for the processing of your personal data
The responsible body (hereinafter referred to as “Stepstone” or “we”) within the meaning of the General Data Protection Regulation is:
The Stepstone Group Deutschland GmbH
Völklinger Straße 1
40219 Düsseldorf
Germany
Phone: +49 211 93493-0
E-mail: info@stepstone.de
3. Contact details of the person responsible for data protection
You can reach our person in charge of data protection using the following contact details:
The Stepstone Group Deutschland GmbH
Völklinger Straße 1
40219 Düsseldorf
Phone: 0211 93493-0
E-Mail: datenschutz@stepstone.de
4. Recipients or categories of recipients of personal data
Taking into account the legal requirements, we may pass on personal data to third parties that have already been processed or will be processed after their transfer to third parties. In the following, we will give you the categories of recipients of your personal data.
4.1. Transfer to group companies
In order to enable our services, your data will be processed by companies of the Stepstone Group. This applies, for example, to ensuring security requirements in the context of the use of our platforms (including hosting, backups and web application firewall). This may also include customer service services, such as assistance for the customer account or support with information for users.
4.2. Transmission to our customers
We send your personal data to our customers as part of your job search. Our clients are your potential employers who post job ads on our platform or use other of our services to target you or other users as employees.
4.3. Transmission to service providers
We use third-party service providers to provide services related to the operation of our platforms, as well as to improve our platforms, services, products and features, to protect you and your data, and to tailor the products to your job search needs.
4.4. Transmission to partners
Partners advertise our platforms on their websites and generate so-called traffic for us. This means that they draw your attention to our platforms and guide you to them. Therefore, please also refer to their privacy policy to find out how your personal data is processed by our partners.
5. Transfers of data to countries outside the EU or the EEA
In certain cases, we may transfer personal data to a country outside the EU or the EEA (so-called third countries). This may be the case if you are applying for a job and the job provider is based in a third country, or if the recipient of the data (see section 4) is based outside the EU or EEA. In any case, we comply with the legal requirements and a transfer takes place in accordance with these requirements, e.g. if there is an adequacy decision by the European Commission or if we have concluded standard contractual clauses with the recipients.
6. Rights of the data subject
If your personal data is processed, you are a data subject within the meaning of the GDPR and you are entitled to the rights under Articles 12 et seq. GDPR vis-à-vis the responsible body. These rights include, but are not limited to, the right of access, the right to rectification, the right to restriction of processing, the right to erasure, the right to data portability, the right to object, the right to revoke the declaration of consent under data protection law, the right to non-automated decision-making in individual cases, including profiling, and the right to lodge a complaint with a supervisory authority. You can find more information in the GDPR .
To enforce your rights as a data subject, you can contact our data protection officer at any time:
The Stepstone Group Deutschland GmbH
Data Protection
Völklinger Str. 1
40219 Düsseldorf
datenschutz@stepstone.de
The competent supervisory authority for Stepstone is the North Rhine-Westphalia State Commissioner for Data Protection.
7. Sweepstakes
Insofar as Stepstone organises competitions, the data privacy policy enclosed with the respective competition applies.
As a rule, personal data is processed as follows:
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Participation in and implementation of the sweepstake | Contact details and name | Article 6 (1) (b) GDPR, (performance of contract) | 14 days or as specified in the respective privacy policy |
| Delivery of prizes | Contact details, address data | Article 6 (1) (b) GDPR, (performance of the contract for invoicing) | 14 days or as specified in the respective privacy policy |
8. Surveys
From time to time, Stepstone conducts market research surveys. To do this, we will contact you, either because you have signed up to participate in such surveys or because they are directly related to our service. In the surveys, your opinion on a specific topic is queried and documented without collecting any further personal data. In particular, free text fields are not to be filled with personal data, as this will never be necessary for surveys and is not intended by Stepstone.
If personal data, e.g. image and sound recordings, is processed by Stepstone during a survey, your consent will always be obtained at the beginning of the survey. The survey results are analysed anonymously by us.
| Purpose of theProcessing | Data Category | Legal basis | Retention Period |
| Contact for market research and customer satisfaction surveys | E-mail address, telephone number, name | Article 6 (1) (a) GDPR, (consent), Article 6 (1) (b) GDPR, (contract) | As long as the contract exists or the consent is revoked. |
| Customer Satisfaction surveys | E-mail address, telephone number, name | Article 6 (1) (a) GDPR, (consent), Article 6 (1) (b) GDPR, (contract) | As long as the contract exists or the consent is revoked. |
| Image and sound recordings in the context of surveys | Image and sound recordings, contents of the survey | Article 6 (1) (a) GDPR, (consent) | No later than 12 months after recording |
B. Processing of personal data of our users
1. User account and profile
Here we describe which personal data is processed by us in the context of the use of your user account.
You can create a user account as well as a profile so that you can apply for job advertisements, provided that the Stepstone customer has provided the possibility to apply via the platform for the respective job advertisement and so that you can use other of our services. You can create a user account by entering your e-mail address and creating a password for your account. Or you can log in to our platform with your account of a social login provider, e.g. Facebook, Google or Apple, and create a user account. The social login provider authenticates you without your login data being transmitted to us.
If you upload attachments or create a resume using our CV generator to complete your profile, we will analyze their content and structure in an automated process and use this analysis to improve the services we provide to you. If, during an application process, you enter information into an application form or attach new attachments that are not yet included in your user profile, we will enrich your user profile with this information if fields are provided for this.
You can choose between two profile settings: Your profile can be visible or not visible (applicant profile). However, your applicant profile will be visible to customers by default. You can change this feature at any time in your settings. If your profile is set to “visible”, parts of your profile will be visible to Stepstone customers. In addition, Stepstone can suggest your applicant profile to its customers if your profile matches their advertised job description. Customers can contact you via email or through the platform if they find your applicant profile appealing.
If you apply for a job advertisement with your profile, we will either, depending on the choice of the Stepstone customer, i) store your application in the recruiting platform of the respective customer on the Stepstone platform so that the customer can access it there, or ii) submit your application directly to the applicant tracking system of the Stepstone customer. If we save the application in the recruiting platform (i)), the Stepstone customer to whom you have applied can view your applicant profile. If you suspend your application, we will save your progress in your profile so you can continue working on it later. We will remind you of your suspended application via email and delete it if you do not finalize it in a timely manner. We store submitted applications in an application history visible to you in your profile.
If your application is sent directly to the Stepstone customer’s applicant tracking system (ii), Stepstone has no further access to this data. Regardless of the alternative used by the customer (use of Stepstone’s recruiting platform or use of an applicant tracking system), you can find out more about the further processing of your submitted application in the privacy policy of the respective customer.
Stepstone will inform you about the status of your submitted application, provided that Stepstone has this status information. Status information is information about the status of your application with the Stepstone customer and includes the receipt, processing of your application with the Stepstone customer or a rejection. We can only show you status information if the Stepstone customer provides us with this information or if the customer uses the Stepstone recruiting platform. If your application is rejected by a customer or if he marks you as “hired”, we will show you this with a time delay (up to 4 weeks) in order to give the customer the opportunity to reject or accept your application personally and to comply with any necessary legal requirements for the rejection.
We use data provided by you to recommend job recommendations tailored to your needs on our platforms or to send you notifications based on your profile data. We also store all data we have collected about you during your stay on the platform, e.g. analytical data about you and your user behavior. These will also be linked to your profile in order to be able to offer you our service in accordance with the terms of use. We may also use your profile information to automatically fill in forms for other services that we offer you on our platforms and that may be linked to the user profile when you use them. We also use the information stored in your profile to improve your search experience and make your application process more efficient. We also store analytical data about you and your user behavior, together with a pseudonymous user ID, in an analytical database, whereby you are not identifiable. We anonymize and pseudonymize the data contained in your profile and the data we collect about your usage behavior in order to create statistical models and improve our services.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Creation and management of the user account | E-mail address, name, (desired) location, mobile phone number, CV data, (desired) salary, (desired) title, attachments to the CV | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Creation of a user account via a social login provider | E-mail address, name (if available) | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Language settings for communication and display | German or English language | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Enabling you to appear professional and present yourself to potential employers | Contact details, curriculum vitae data, attachments with related data | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Matching with suitable jobs and connecting with potential employers | Contact details Place of residence | Article 6 (1) (b) GDPR, your user contract with us, Article 6 (1) (a) GDPR, consent | As long as your account exists or the consent is revoked |
| Contact by recruiters or Stepstone | Contact details | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Application form that is completed to apply for a job. The application is sent to the customer (employer). | E-mail, first and last name, telephone number, application documents, other data requested by the customer (employer) | Article 6 (1) (b) GDPR, your contract of use with us | Unstructured, 14 days within the log files. Beyond that, we do not process this data further. |
| Application form that is completed to apply for a job. Missing or new data will be added to your profile. | E-mail, first and last name, telephone number, curriculum vitae | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists or there is an adjustment in the profile |
| Abandoned applications will be saved in your profile and sent you a reminder | Data that you have provided in your application documents at that time | Article 6 (1) (b) GDPR, your user contract with us, Article 6 (1) (c) in conjunction with Article 5 GDPR, data minimization | Until you finish your application 2 days after the reminder email |
| Applications via the application form are stored within your profile in an application history. | E-mail, first and last name, telephone number, application documents, | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists, but no later than after 2 years |
| We show you status information in your profile when we receive it from the customer | Status of your application to the customer | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Creation of a CV with the CV generator | General information: name, e-mail, telephone number, address, date of birth, place of birth, desired job title, photo; Work experience: job title, company name, location, job description, start and end dates; Education: degree, educational institution, location, specialty, year of graduation; Skills: Languages Optional information: driver’s license, hobbies, interests | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Adding information to your profile in order to be able to offer the services | Explicit data that you enter in your profile and your user behavior that we collect during your stay on the platform, as well as your interactions with our services. | Article 6 (1) (a) GDPR, your consent (e.g. via cookies), Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
| Snapshots in C3PO, snapshots are used to understand how your profile has changed and to compare your details for analytical purposes | Contents of the profile at the specific time of the creation of a snapshot. | Article 6 (1) (b) GDPR, your contract of use with us | max. 2 years |
2. Notifications
You can subscribe to notifications about suitable vacancies. You can also sign up for multiple notifications at the same time, such as different job titles in different locations. Therefore, please note that you must also unsubscribe from all notifications set up individually if you no longer wish to receive notifications about job offers. The selection of job offers in these e-mails depends on the one hand on your specified search parameters, but also on your user behavior and the information in your profile.
You have the option to sign up for notifications to find out about the products and services on our platforms. You can unsubscribe from receiving these notifications at any time. If you no longer wish to receive our email messages, please click on the “unsubscribe” link found in each of these types of notifications, or you can contact us at info@stepstone.de. In addition, you can view changed settings in your user account if you have registered for a user account.
We may also send you notifications about similar goods and services when you register for our services. We will inform you of this possibility when collecting your contact details. You can opt out of receiving these notifications at any time. We will inform you of your right to object when we collect your e-mail address and also in the respective notifications. If you no longer wish to receive our email messages, please click on the “unsubscribe” link found in each of these types of notifications, or you can contact us at info@stepstone.de. In addition, you can view changed settings in your user account if you have registered for a user account.
If you do not have a user account with a user profile with us, we will create a technical account at the email address you provided to manage your notification preferences. No profile will be created for you.
When you receive an email from us, your email provider will ask you the first time if you want to download the images included in the email. Whenever images are downloaded, a corresponding request is made to our server and we know who made this request and at what time. The same is true if you click on a link in the email.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Sending you suitable job offers for which you have registered | E-mail address User_ID, Nutzerverhalten | Article 6 (1) (a) GDPR, (consent) | As long as your account exists or until you revoke your consent |
| Sending notifications for which you have signed up | E-mail address, User_ID, mobile phone number | Article 6 (1) (a) GDPR, (consent) | Until you revoke your consent |
| Notifications about similar goods and services | E-mail address, User_ID | Article 6 (1) (f) GDPR, (legitimate interest) in conjunction with § 7 paragraph 3 UWG | As long as your account exists or until you object to receiving it |
| Evaluation of user behavior for the relevance of e-mail content and segmentation of users | E-mail address, user ID, time of download | Article 6 (1) (f) GDPR, our legitimate interest | As long as your account exists |
3. Cover Letter Generator
Stepstone offers a cover letter generator that you can use to write a cover letter. To do this, you add your CV and content of the job advertisement into the generator, which then generates a text suggestion for you. The program processes your data and generates the text using generative artificial intelligence. Once the cover letter has been generated you can copy the text and alter and use it for your own purposes. Stepstone will not analyze the contents of the cover letter.
| Purpose of the processing | Data Category | Legal basis | Retention Period | |
| Generating a cover letter for your purposes | Contents of your CV | Article 6 (1) (a) GDPR, consent | Until generation of the document. |
4. Salary Planner
Stepstone offers a salary planner that allows you to find out within which salary range your salary is moving compared to other employees with similar parameters. To create your salary planner, Stepstone compares the information you enter about your current professional situation with data from other users as part of the salary planner. The creation of the salary planner is anonymous and we record your information in a statistical database. If you log in with your user account after completing the salary planner, register or are logged in during the completion process, we will link your salary planner to your account and only then will a personal reference be established. You can view your salary planner in your account at any time. If you want to change data on your salary planner, you will have to fill out the form again and only the new salary planner will be linked to your account.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Linking the salary report to your user account | Employment status, weekly working hours, gross income (incl. bonuses), salary satisfaction (optional), title, place of work, work experience, managerial responsibility, industry, company name and size, length of service, year of birth (optional), gender (optional) | Article 6 (1) (b) GDPR, your contract of use with us | As long as your account exists |
5. Integrate social networks
We embed services of the third-party providers listed here, which are used in accordance with Art. 4 No. 7 GDPR are responsible for data processing. Subject to your consent, your browser establishes a direct connection to the server of the respective third-party provider. In this case, your IP address is processed by the third-party provider, which is required to establish the connection to the third-party provider’s server and to display the content. Information on data processing by the respective third-party provider can be found in the privacy policy of the respective third-party provider:
- Google Maps (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland), https://policies.google.com/privacy?hl=de&gl=de
- YouTube Video (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland), https://www.youtube.com/howyoutubeworks/user-settings/privacy/
- Meta Videos (Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland), https://de-de.facebook.com/privacy/policy/?entry_point=data_policy_redirect&entry=0
6. Customer service for users (B2C)
You can reach us by post, e-mail, chat, phone, fax or via the contact form on our platform if you need our support for services on our platform.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Support via the contact form | Contact details, name, message content | Article 6 (1) (a) GDPR, (consent) | 4 years after creation of the ticket |
| General Support | Contact details, name, message content | Article 6 (1) (a) GDPR, (consent) | After discontinuation of purpose |
A. Processing of personal data of our customers
In this section, we provide information about the processing of personal data of customers and their employees.
1. Lead Generation
We may discover through our customers, third parties, or publications of any kind that a customer may have a need for our products and services (“Lead”). We will store business contact information (e.g., business email address or fax number), which may conatin personal information, as well as information about the company in our customer management system (“CRM system”) and contact customers to determine their needs.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Customer acquisition | Business contact details | Article 6 (1) (a) GDPR, (consent), Article 6 (1) (f) GDPR, (legitimate interest) | If the purpose ceases to apply or if a given consent is revoked. |
2. Conclusion of a contract
When a company concludes a contract with us, we create a customer account in our CRM system for this company and will store the business contact details of the customer’s contact person in the customer account. If a customer account already exists, the business contact details of the contact person may be updated.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Implementation of the service and customer management | Business contact details | Article 6 (1) (b) GDPR, (performance of contract) | If the purpose ceases to apply or deletion is requested. |
3. Stepstone Recruiting Platform
If a customer uses the Stepstone Recruiting Platform, we will process further personal data of the customer’s employees who use the Recruiting Platform (“recruiters”).
Recruiters must first register with their business email address on the Recruiting Platform to create job advertisements and manage applications. To secure access to the Recruiting Platform, authentication via our authorization platform is required. For this purpose, further business contact data, e.g. the telephone number, are processed.
The user behavior of the recruiters within the Recruiting Platform, such as the creation of job advertisements and the processing of applications, is processed in order to be able to provide the service.
If recruiters want to organize job interviews with candidates, they can use the scheduler in the Recruiting Platform. Recruiters can link one or more of their calendars to the scheduler. Stepstone can display the titles of the appointments from the recruiters’ linked calendars. These titles may also contain personal data but will not be further processed by Stepstone. Only the appointments that recruiters store in the scheduler of the Recruiting Platform will be processed by Stepstone.
Recruiters can send applications to third parties for their own purposes, so that Stepstone also processes personal data of the recipients in this context.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Registration on the customer platform | Business contact details, industry, company size | Article 6 (1) (b) GDPR, (performance of contract) | If the purpose ceases to apply or deletion is requested |
| Implementation of the service and customer management | Business contact details | Article 6 (1) (b) GDPR, (performance of contract) | If the purpose ceases to apply or deletion is requested |
| Authentication | Business contact details | Article 6 (1) (b) GDPR, (performance of a contract), Article 6 (1) (f) GDPR, (legitimate interest) | If the purpose ceases to apply or deletion is requested |
| Scheduling in the Recruiting Platform | Appointment titles from calendars | Article 6 (1) (a) GDPR, (consent) | If the purpose ceases to apply or deletion is requested |
4. Creation of job advertisements
To create a job advertisement, recruiters can enter their business contact details and a photo of themselves in each job advertisement.
If our customers also publish company portraits on our platform, we process personal data of the customer’s employees insofar as customers provide business contact details or photos of their employees in the company portrait.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Storage of contact details in a job advertisement or company portrait | Business contact details and photograph | Article 6 (1) (b) GDPR, (performance of contract) | Duration of publication of the job advertisement |
5. Video interview Service
The Video Interview Service allows customers to a) create customized pre-written interviews and/or b) conduct live interviews (“Video Interview”). In the context of the video recording, personal data of the recruiters is also processed, in particular images of the recruiter, as well as sound recordings, and information that recruiters reveal about themselves. An evaluation of the contents of the interviews does not take place by Stepstone.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Conducting video interviews | Image and sound recordings | Article 6 (1) (b) GDPR, (performance of contract) | 180 days |
6. Notifications
Recruiters can subscribe to notifications for suitable candidates.
Customers can sign up for notifications to learn about the products and services on our platforms. Customers can unsubscribe from receiving these notifications at any time. If customers no longer wish to receive our email messages, they can click on the “unsubscribe” link found in each of these types of notifications or contact us at info@stepstone.de.
We may also provide customers with notifications about similar goods and services when customers register for our services. Customers will be informed of this option when their contact details are collected. The receipt of these Stepstone notifications can be objected to at any time. We inform customers of their right to object when we collect customers’ contact details and also in the respective notifications. If customers no longer wish to receive our email messages, they can click on the “unsubscribe” link found in each of these types of notifications or contact us at info@stepstone.de.
When customers receive e-mails from us, the e-mail provider will ask the first time if they want to download the images contained in the e-mail. Whenever images are downloaded, a corresponding request is made to our server and we know who made this request and at what time. The same applies when a link in the email is clicked.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Sending notifications for which you have signed up | Business email address, business mobile phone number | Article 6 (1) (a) GDPR, (consent) | As long as an account exists or you revoke your consent |
| Notifications about similar goods and services | Business email address, business mobile phone number | Article 6 (1) (f) GDPR, (legitimate interest) in conjunction with § 7 paragraph 3 UWG | As long as an account exists or its receipt is objected to |
| Evaluation of user behavior for the relevance of e-mail content and segmentation of users | E-mail address, user ID, time of download | Article 6 (1) (f) GDPR, our legitimate interest | As long as a contract exists or after the purpose ceases to exist |
7. Webinars
We offer live webinars via our platform, i.e. online seminars about services and products offered by us as well as various key topics from the field of the labor market. In order to participate in a webinar, registration must be made in advance.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Conduction of the webinar | Business contact details, Name | Article 6 (1) (b) GDPR, (performance of contract) | After discontinuation of purpose |
| Follow-up communication for sending the webinar documents and further information | Business contact details, Name | Article 6 (1) (b) GDPR, (performance of contract) | After discontinuation of purpose |
| Satisfaction analysis of the webinar to improve the service | Business contact details, name, participation | Article 6 (1) (a) GDPR, (consent) | After discontinuation of purpose |
8. Customer Service (B2B)
In the context of customer service, it may be necessary to access the user interface in the customer account. However, this is only done at the request of and in consultation with the customer.
Customers have the possibility to reach us by e-mail, chat, telephone, fax or via the contact form on our platform.
| Purpose of the processing | Data Category | Legal basis | Retention Period |
| Customer support via the contact form | Business contact details, Name, Nachrichteninhalt | Article 6 (1) (a) GDPR, (consent) | After discontinuation of purpose |
| General Customer Support | Business contact details, Name, Nachrichteninhalt | Article 6 (1) (a) GDPR, (consent) | After discontinuation of purpose |
| Access to the customer account | Contents of the customer account | Article 6 (1) (a) GDPR, (consent) | 30 days or after discontinuation of purpose |
Last Update: 04.12.2023