Privacy Policy

Privacy Policy

1. Processing Activities

Operation of a job exchange for (registered) customers

2. Controller

JOBIQO – Job Board Technology

jobiqo GmbH
Mariahilfer Straße 103/2/44
1060 Vienna, Austria

3. Contact details of the Data Protection Officer

Wolfgang Renzl
pfletschinger . renzl
partnership of attorneys
Weihburggasse 26/4
1010 Vienna, Austria

4. Purposes of data processing on the legal basis of performance or preparation of contracts

  • Keeping information and advertising about the company of the controller
  • Provision of communication channels to the controller for servicing the contractual relationship
  • Maintaining and enhancing customer satisfaction and customer retention through an analysis of user behaviour
  • Collecting user data to document reach

5. Legal basis for data processing

  1. Online use. Performance of the contract. The use of the online media is already based on a contract as defined in Art. 6 (1) (b) GDPR ; a registration relationship is established upon registration. Through the use of the social media channels of the controller the primary contractual relationship exists with the respective service provider.
  2. Additional services. Consent. The controller will obtain the customer's express consent for specific services (e.g. electronic newsletter). Such consent may be withdrawn at any time with effect for the future.
  3. Legitimate prevailing interests (see article 7)

6. Amendments to the purpose

The controller will not amend the purpose for the processing of personal data.

7. Description of (predominantly) legitimate interests for the purposes of IT security

The controller will store the IP addresses of its customers for a period of 7 days in order to protect against targeted attacks in the form of server overloads (Denial of Service attacks) or other damage to the systems. The controller has an overriding legitimate interest in such data processing for the purposes of maintaining the functionality of its online services (Recital 49 GDPR).

8. Evaluating personal aspects of the customer (profiling)

No evaluation of personal aspects of the customer is done.

9.Obligation to provide data

The customer is under no obligation to provide data.

10. Automated decision-making

The customer is subject to no automated decision-making which would become legally effective over him.

11. Types of processed data

provided by the customer:

  • Name/Company, academic degree
  • Phone number / Fax number
  • E-Mail Adresse
  • Place of residence or address
  • Country
  • Industry
  • Salutation
  • Message content

Additionally collected by the controller:

  • IP address (log files)
  • Device used
  • Browser used
  • Communications protocol
  • Information on newsletter subscription

12. Data sources (if not provided by the customer nor collected by the controller)

Source Types of data

IP location, preferred e-mail client, registration source, campaign details (receipt, open, click)

Socal media channels  

Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA,


XING SE, Dammtorstrasse 30, 20354 Hamburg, Germany,


LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland,


13. External recipients of data

Data Processor:

  • Newsletter tool „Mailchimp“: The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA
  • Customer Relationship Management: Pipedrive OÜ, Paldiski mnt 80, Tallinn 10617, Estonia
  • Applicant Tracking System: Recruitee B.V., Keizersgracht 313, 1016 EE Amsterdam, Netherlands

Analytics tools:

  • Google Analytics (“anonymize IP”): Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

Cloud- and technical services:

  • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany
  • Code Enigma, 5 St John’s Lane, London, EC1M 4BH, United Kingdom

All external recipients can be written to and contacted via the controller with regard to questions under data protection law.

14. Transfer to third countries

The following data will be transmitted to countries outside of the EU in connection with data processing:

Country Source Types of Data
USA (EU-US Privacy Framework Agreement) Google

Google Analytics: anonymised IP address, website title, browser-specific information, information about website use.

USA (EU-US Privacy Framework Agreement)


Transmission by email (newsletter): email address, name.


15. Storage period

  • Non-registered users: Personal data (in particular the IP address) of (non-registered) visitors to the website will be stored for purposes of IT security for a period of 7 days.
  • Prospects (contact form): Personal data of prospects submitted via the contact form will be processed on the legal basis stated above for the term and will end upon recall or after a period of 7 years, except the relationship continues in a contractual relationship.
  • Registered clients (newsletter subscription): Data on registered clients will be processed by the controller on the legal basis stated above for the term of the contractual relationship. The data may be edit or deleted by the controller any time. In any case the user agreement will end upon recall of the newsletter subscription; this will lead to immediate deletion.

16. Rights of the data subject

Art 15 GDPR "Access"

The customer shall have the right to obtain confirmation as to whether or not his personal data is being processed.

Art 16 GDPR "Rectification"

The customer shall have the right to obtain without undue delay the rectification of inaccurate personal data or to have them completed.

Art 17 GDPR "Erasure" The customer shall have the right to obtain the erasure of personal data without undue delay as long as the reasons stated in Art 17(1) GDPR are fulfilled.

Art 18 GDPR "Restriction"

The customer shall have the right to obtain restriction of processing of personal data as long as the reasons stated in Art 18(1) GDPR are fulfilled.

Art 21 GDPR "Objection"

Objection to profiling. The customer shall have the right to object to processing of his personal data for the purposes of profiling at any time.

Art 20 GDPR "Data portability"

The customer shall have the right to receive the personal data concerning him in a structured, commonly used and machine-readable format.

Art 77 GDPR Each customer shall have the right to lodge a complaint with the supervisory authority if he considers that the processing of personal data relating to him infringes this Regulation.

17. Supervisory authority

Austrian Data Protection Authority
Wickenburggasse 8-10
1080 Vienna
Phone: +43 1 52 152-0