Privacy Policy
Information on the processing of your personal data pursuant to Art. 13 and 14 GDPR (EU General Data Protection Regulation / Datenschutz-Grundverordnung — DSGVO)
The controller responsible for the processing of your personal data within the meaning of the EU General Data Protection Regulation (GDPR) is:
We process personal data exclusively for the purposes set out in this Privacy Policy. The following categories of data are collected and processed in connection with the FerienjobGermany programme:
| Data Category | Specific Data | Purpose | Legal Basis |
|---|---|---|---|
| Identity Data | First name, last name, birth name, date of birth, place of birth, gender, nationality, passport number, passport status | Identification, work permit application (ZAV), visa application | Art. 6(1)(b) GDPR |
| Contact Data | Email address, WhatsApp number, home address (street, postcode, city, region, country) | Communication, programme coordination, emergency contact | Art. 6(1)(b) GDPR |
| Academic Data | University, field of study, expected graduation date, semester break dates, enrolment status | Verification of eligibility, ZAV application | Art. 6(1)(b) GDPR |
| Application Documents | Passport copy, student ID, Immatrikulationsbescheinigung (enrolment certificate), enrollment certificate, CV, academic calendar, police clearance certificate, certificate of residence | Application processing, ZAV work permit application, visa application | Art. 6(1)(b) GDPR |
| Visa & Permit Data | Visa appointment date, tracking number, visa validity period, visa scans, work permit (ZAV), permit validity period | Programme administration, status tracking, employer obligations | Art. 6(1)(b) GDPR / Art. 6(1)(c) GDPR |
| Travel Data | Arrival/departure dates and times, airport, flight ticket, travel insurance certificate | Arrival coordination, accommodation planning, on-site support | Art. 6(1)(b) GDPR |
| Bank Details | IBAN, BIC, name of bank | Salary payment by the employer (Abax) | Art. 6(1)(b) GDPR |
| Body Measurements | T-shirt size, shoe size, trouser size | Provision of personal protective equipment and work clothing | Art. 6(1)(b) GDPR |
| Language Skills | English proficiency level, German proficiency level | Assignment planning, matching with placement sites | Art. 6(1)(b) GDPR |
| T&C Acceptance | Confirmation of Programme Terms (timestamp, full name, IP address, user agent, version) | Evidence of consent, legal compliance | Art. 6(1)(c) GDPR |
| Technical Data | IP address, browser type, operating system, page views, session duration (if analytics are used) | Website operation and security | Art. 6(1)(f) GDPR |
| Communication Data | Email correspondence, WhatsApp messages (programme-related), contact form submissions | Participant support, programme coordination | Art. 6(1)(b) GDPR |
We process your personal data on the following legal bases pursuant to Art. 6 GDPR:
We only transfer your data where this is necessary for the operation of the Ferienjob programme, required by law, or where you have consented. Specifically:
| Recipient | Data Transferred | Legal Basis / Purpose |
|---|---|---|
| Zentrale Auslands- und Fachvermittlung (ZAV) Federal Employment Agency, Germany |
Identity data, academic data, application documents, passport data, semester break dates | Legally required work permit application under § 14 para. 2 BeschV (Art. 6(1)(c) GDPR) |
| Abax Personaldienstleistungen GmbH Mannheim, Germany (Employer) |
Identity data, contact data, bank details, body measurements, language skills, visa/permit data, travel data | Contract performance: establishment and execution of the employment relationship, payroll (Art. 6(1)(b) GDPR) |
| Placement Sites (Einsatzbetriebe) Companies where students are deployed (logistics, production, hospitality, etc.) |
Name, arrival data, contact information, language skills, body measurements (for work clothing), permit validity period | Contract performance: deployment planning and coordination, required operational onboarding (Art. 6(1)(b) GDPR). Only the data strictly necessary for each placement is shared. |
| German Embassies / Consulates In the participant's home country |
Work permit documents and ZAV approval letter (presented by the participant personally at the visa appointment) | Visa application: The participant submits documents directly. SHB does not transmit data to embassies directly. |
| Processors (IT / Infrastructure) Hosting, WordPress, email (details in Section 7) |
Depending on the service: all data processed on the website | Data processing agreement (DPA) pursuant to Art. 28 GDPR concluded or in preparation |
Some services we use process data in countries outside the European Union (EU) and the European Economic Area (EEA). We ensure that an adequate level of data protection is maintained in all such cases:
| Service | Country | Safeguard |
|---|---|---|
| Google (Sheets, Drive, Workspace) | USA (Google LLC) | EU Standard Contractual Clauses (SCC) pursuant to Art. 46(2)(c) GDPR; Google is certified under the EU-U.S. Data Privacy Framework |
| Make.com | USA / EU (Celonis SE) | EU Standard Contractual Clauses (SCC); EU server locations available and preferred (Frankfurt, Germany) |
| Mistral AI | France (EU) — Mistral AI SAS | Headquartered in the EU; GDPR applies directly. No third-country transfer. |
| Botpress | Canada (Botpress Inc.) | EU Standard Contractual Clauses (SCC). Canada holds an EU adequacy decision for commercial transfers. |
We retain your personal data only for as long as necessary for the respective processing purpose or as required by statutory retention obligations.
| Data Category | Retention Period | Reason |
|---|---|---|
| Application and programme documents | 10 years after programme end | Commercial law retention obligation (§ 257 HGB), tax law (§ 147 AO, German Fiscal Code) |
| Employment contracts, payroll records | 10 years | § 147 AO, employment law obligations |
| T&C acceptance record (evidence of consent) | 10 years | Evidence of agreement; statutory limitation periods (§ 195 BGB) |
| ZAV work permit application documents | 10 years | Tax and social insurance law retention obligations |
| Contact data (for future job notifications) | Until withdrawal of consent; max. 5 years after last programme participation | Consent-based (Art. 6(1)(a) GDPR); annual review |
| Website log data (IP, technical data) | 7 days | Security and fraud prevention; legitimate interest |
| Contact form enquiries | 3 years after closure of correspondence | General limitation period for claims (§ 195 BGB) |
7.1 — Website Infrastructure (WordPress)
7.2 — Google Sheets & Google Drive
7.3 — Make.com (Automation Platform)
7.4 — Mistral AI (Digital Assistant "Sophia")
7.5 — Email Communications
7.6 — Botpress (Chatbot Infrastructure)
7.7 — Complianz (Cookie Consent Management)
Our website uses cookies and similar technologies. Cookies are small text files stored on your device. We use the following categories:
| Category | Purpose | Legal Basis | Retention |
|---|---|---|---|
| Strictly Necessary | Session management, login state (WordPress), CSRF protection, cookie consent status | No consent required (§ 25(2) TDDDG / ePrivacy) | Session / up to 1 year |
| Functional | Language preferences, user settings | Art. 6(1)(a) GDPR (Consent) | Up to 1 year |
| Analytics | Statistical analysis of website usage (if enabled) | Art. 6(1)(a) GDPR (Consent) | Up to 2 years |
With your explicit consent, we retain your contact details (name, email address) after the conclusion of your programme participation in order to inform you about future Ferienjob programmes, new job opportunities, and other programme-related information.
As a data subject, you have the following rights in relation to SHB Personalservice GmbH. To exercise your rights, please contact: datenschutz@ferienjobgermany.de
Competent authority for Baden-Württemberg, Germany:
Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg (LfDI BW)
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
📞 +49 711 / 615541-0 · 🌐 www.baden-wuerttemberg.datenschutz.de
We implement appropriate technical and organisational measures (TOMs) to protect your data in accordance with Art. 32 GDPR, including:
- Encrypted data transmission via HTTPS/TLS (SSL certificate)
- Access controls: only authorised staff and processors have access to personal data
- Secure storage of uploaded documents outside the publicly accessible web directory (wp-uploads/fjg-docs)
- Password hashing and hardened WordPress installation
- Regular security updates and software patches
- Role-based access control in the content management system
- Nonce-based protection of all sensitive AJAX operations
In the event of a personal data breach posing a high risk to your rights and freedoms, we will notify you without undue delay pursuant to Art. 34 GDPR. Notifiable breaches will be reported to the competent supervisory authority within 72 hours (Art. 33 GDPR).
We reserve the right to update this Privacy Policy as necessary — in particular where legal requirements change or new services are introduced. The current version is always available at ferienjobgermany.de/datenschutz/.
In the event of material changes affecting your rights, registered users will be notified by email. The date of the most recent update is shown at the bottom of this page.
This Privacy Policy applies to ferienjobgermany.de and all associated sub-pages and services.
© FerienjobGermany · SHB Personalservice GmbH · Stockholmer Platz 1, 70173 Stuttgart, Germany
Legal Notice · Terms & Conditions · Programme Terms · Cookie Policy
Last updated: · Version 1.0