General Terms and Conditions for the use of onlyfy one including the agreement on shared data protection responsibility

 

Preamble

The proposal to provide the onlyfy one talent acquisition platform, its modules and any accompanying services or third-party services (hereinafter “onlyfy one”) is directed exclusively at business customers.

The contract regarding the use of onlyfy one and shared responsibility when handling personal data is concluded with New Work SE, Am Strandkai 1, 20457 Hamburg. Other contact details, commercial register data and the names of New Work SE authorised representatives can be found in the www.xing.com legal notice.

 

The following General Terms and Conditions of Use, including the agreement on shared data protection responsibility (hereinafter “T&Cs”) shall apply within the scope of the contractual relationship between business customers (hereinafter “Customer”) and New Work SE (individually also “Party” and both together as “Parties”).

 

A. General provisions

 

1. Area of application, scope of services, changes

  1. New Work SE offers the onlyfy one talent acquisition platform under the domains *.onlyfy.io and *.onlyfy.jobs, on which the Customer can, depending on the modules selected, post job ads, receive and manage applications, search for candidates on XING, and use employer profiles on XING and kununu. The various modules can be used individually or in tandem for the term of the contract and have differing service scopes within onlyfy one. The general option to use onlyfy one requires the use of at least one module. In addition, other digital services and/or various links to the Customer’s software or to third-party software may be used via the internal software marketplace offered in onlyfy one, possibly subject to an additional fee charged by New Work SE and/or third parties. Third-party offers may be subject to separate terms and conditions. The subject matter of the contract is the use of this software and any accompanying services, provided said services are rendered by New Work SE.
    The following general terms for onlyfy one apply to all of the modules, accompanying services and other services, particularly those described in Section B of these General Terms and Conditions, unless provisions are made deviating from this in Section B below.
  2. The precise scope of the user options and services of onlyfy one and its modules is based on contractual agreements, these T&Cs, and the product specifications applicable on conclusion of the contract. Paragraph 6 remains unaffected, while sentence 1 also applies to other services provided by New Work SE and/or third parties to be used on payment of an additional fee.
  3. Restricted to the duration of the contractual relationship with New Work SE, New Work SE shall grant the Customer those non-exclusive, non-sublicensed, and non-transferable rights that are required to allow the Customer to access onlyfy one in accordance with the scope agreed upon within its contractual relationship, and to use its commissioned functions as intended.
  4. The Customer’s account can only be used and accessed by those employees of the Customer specifically authorised to do so (hereinafter “Users”). With certain modules, New Work SE offers Users the possibility of bringing Customers and applicants together and only provides technical options which allow a general approach to be made. New Work SE is therefore not responsible for establishing contact between Users and applicants. New Work SE does not involve itself in the content of any communication between the Customer and third parties if the module used offers this functionality. If contracts are concluded through the Customer’s account, New Work SE does not get involved in this and does not become a Party to this contract. The Customer bears sole responsibility for the processing and execution of contracts concluded with third parties, e.g. employment contracts, and sole liability for any breach of obligations.
  5. New Work SE shall bear no responsibility for the content, data, and/or information provided by the Customer, applicants or members of XING or other services, or for the content of linked external websites if New Work SE is not responsible for them. In particular, New Work SE shall not guarantee that this content is true and accurate, that it meets a specific purpose, or that it can serve such a purpose.
  6. New Work SE reserves the right to change the functionality of onlyfy one, its modules and/or its accompanying services and/or its general design, and to offer alternative services insofar as the Customer can be reasonably expected to accept these. This also applies when serving the Customer’s job ads via additional channels, job boards or third-party social media services.
  7. There shall be no entitlement to an offer of other functionality beyond the services described in the product specifications on conclusion of the contract. Functionality or services provided or made available by New Work SE or integrated third-party services beyond the booked scope of services, may be changed or removed again without prior notice from New Work SE.
  8. General Terms and Conditions or supplementary agreements in derogation from or in addition to these T&Cs, and the proposals or framework agreements concluded with the Customer, do not form part of the contract unless there is explicit written consent for this from New Work SE. Unconditional performance of services or silence concerning any of the Customer’s derogating Terms and Conditions shall not be deemed tacit acceptance thereof by New Work SE, even if it has prior knowledge of these.
  9. New Work SE shall reserve the right to amend these T&Cs during the term of the contract between the Customer and New Work SE with effect for the future. New Work SE shall notify the Customer of the amendment to the T&Cs and shall highlight the new provisions as well as the effective date. If an amendment to the T&Cs is affected within four (4) weeks of the notification of the change, the Customer shall have the right to terminate the contract with retroactive effect from the time that the amendment was made by sending a written declaration to New Work SE. New Work SE will notify the Customer of this right to termination when notifying the Customer of the amendments. This change mechanism shall not apply to amendments to the Parties’ main contractual obligations. The validity of the T&Cs in their current form remains unaffected by the exercising of this right to object.

 

2. Use of onlyfy one

  1. To use onlyfy one, the Customer must register on *.onlyfy one, and open a company account (hereinafter “Account”) An Account may only be opened by an authorised representative or member of staff with authorisation to represent the Customer. To prevent any problems during use, true and accurate data must be provided, and updated without undue delay if changes occur. New Work SE is entitled, but not obliged, to accept the contract offer present at the time of the Customer placing an order. Acceptance can be made explicitly or implicitly by providing the commissioned services.
  2. The User’s authorisation is created by entering information into a form in onlyfy one. The Customer shall nominate one or several Users as Account administrators (hereinafter “Administrator” or “Administrators”) who are granted full access to all settings options and administration areas. As onlyfy one is an application of the extensive services provided by XING, the General Terms and Conditions of XING (https://www.xing.com/terms/xing) shall apply for Administrators and authorised Users.
  3. This shall not constitute membership of the XING social networking site for Users.
  4. The Customer shall have the right to revoke a User’s authorisation or to nominate another person to replace the User. The replacement’s authorisation is created by entering information into a form in onlyfy one.
  5. The Customer shall be responsible for the data and content that it provides. New Work SE does not guarantee that information and job ads are checked for accuracy and completeness.
  6. The Customer may not install, upload, or provide access to its own- or third-party data, files or content, such as texts, images, graphics, and links, which
    • a. infringe the applicable legal provisions;
    • b. contain depictions of violence, pornographic, discriminatory, offensive, defamatory, or other content or images which are illegal, breach public morality, or harm the image of New Work SE;
    • c. exclusively or partly depict or include external company logos, trademarks, or other references and other protected marks, unless the Customer is authorised to do so, i.e. if the Customer holds rights to the corresponding logos, publicity photos, and other content or has permission from the holder to use them;
    • d. infringe third-party IP rights or copyright;
    • e. infringe other rights of New Work SE or third parties;
  7. Images or photos of people, such as staff, may only then be published on onlyfy one if permitted by law, e.g. if these people give their consent.
  8. As a rule, New Work SE shall notify the Customer of data, files or content, such as text, images, graphics, and links, whose depiction or publication in the Customer’s Account breaches the provisions of these T&Cs, legal provisions, public morality, or third-party rights, once New Work SE becomes aware of such content. In this event, the Customer shall be obliged to remove the relevant data, files, or content from the Customer’s Account.
  9. New Work SE is essentially authorised to remove data, files or content, such as text, images, graphics, and links, without prior notice, if and to the extent that there are specific indications that the depiction or publication thereof in the Customer’s Account breaches the provisions of these T&Cs, legal provisions, public morality, or third-party rights.
  10. The following actions are prohibited for the Customer:
    • a) The unauthorised use of mechanisms, software or scripts in connection with the use of onlyfy one. However, the Customer may use interfaces or software authorised by New Work SE
    • (b) blocking, overwriting, modifying, copying onlyfy one and/or content in onlyfy one – unless deemed necessary for the proper use of onlyfy one;
    • (c) any action that is likely to impair the functionality of the onlyfy one infrastructure, in particular to overload it.
  11. If the Customer has published data, files or content via its Account on onlyfy one, which contain specific indications that they represent a breach of the provisions of these T&Cs, legal provisions, public morality, or third-party rights, or breach these T&Cs in any other way, New Work SE can temporarily suspend this Customer’s Account. As a rule, New Work SE shall make the Customer aware of this suspension of the Account by sending a warning. The Customer shall not be entitled to a prior warning. If the Customer is at risk of default or if the Customer commits a particularly serious breach, the Customer’s Account shall, as a rule, be deactivated without undue delay and without prior warning.
  12. If onlyfy and/or one of its modules and/or other third-party services are not used during the contract term, the Customer shall not be entitled to a refund, price reduction, or extension of access beyond the relevant contract period.
  13. The Customer may order other products, services or modules, e.g. additional onlyfy one user options or product upgrades, within the contract term. The contract terms for any additional products are based pro rata on the basic contract. This requires a separate contract between the Parties. The aforementioned shall also apply to other services provided by New Work SE and/or third parties to be used on payment of an additional fee.

 

3. Visibility and storage of content in the Account

  1. Some content and information (correspondence, conversations, projects, notes, comments, etc.) is shared among all current and future Users in the Customer’s Account either automatically or at the request of a User. Other information is not shared among Users.
  2. Information which a User itself has not shared or which has not been automatically shared or cannot be shared, is not shown in the Customer’s Account to other Users of the Customer’s Account. Conversations which have not begun, been replied to, or shared in the Customer’s Account, are not automatically stored in the Customer’s Account in a manner visible to the Administrator or all Users of this Account, and instead are only shown in the relevant (e-mail) inboxes of those Users who are participants in the respective conversation.
  3. Unless explicitly shared by the User, much of the information and content created by a User in the Account can be read, edited and shared with other current and future Customer Users in the Customer’s Account by the Administrators of the Customer’s Account appointed by the Customer, provided that the Account is active.
  4. If a User loses its right to access the Customer’s Account (e.g. at the request of the Customer because the User has left the Customer’s company, or in the case of a breach of these T&Cs) or the User itself terminates access, the information the User has shared with other Users remains visible to current and future Users in the Customer’s Account. The content can also still be read by administrators of the relevant Account (cf. point 2). If a replacement for a User is nominated by the Customer or an Administrator of the Customer’s Account, all the User’s content shall remain visible to the User whose access has been terminated.

 

4. Availability

  1. onlyfy one is normally available 24 hours a day, 7 days a week. New Work SE guarantees an annual average availability of 99%. Planned maintenance in accordance with Section 4 (2) is excepted from this.
  2. New Work SE is authorised to carry out maintenance work during weekdays between 20:00 and 06:00 CET/CEST, and on public holidays and weekends from 00:00 to 24:00 (hereinafter: “Maintenance Window”) for a total of ten (10) hours in a calendar month. The Customer shall be notified of work in the Maintenance Window with reasonable notice. New Work SE shall be entitled to move or extend the Maintenance Window in exceptional cases in order to rectify or prevent major faults. onlyfy one, one of its modules, or other New Work SE services and/or third-party services may provide limited or no access during maintenance work. If maintenance needs to be performed outside the Maintenance Window, this will not impair the overall availability of 99% based on the calendar year.

 

5. Use of the Account, data protection

  1. New Work SE collects and processes data in compliance with the applicable data protection regulations, in particular the GDPR.
  2. The Customer shall be obliged in particular to comply with the applicable data protection regulations, in particular the GDPR.
  3. The Customer must respect third-party rights, especially when sharing content and information. For example, obviously private communication must not be shared with others without the consent of the sender.
  4. The Customer is also prohibited from
    • a. unreasonably harassing applicants or third parties (in particular with spam),
    • b. following or promoting anti-competitive practices, including progressive customer advertising (such as chain letters, snowball or pyramid schemes), and
    • c. implementing, advertising or promoting hierarchical marketing programmes (such as multi-level marketing or multi-level network marketing), even if these do not specifically infringe any laws.
  5. If the Customer itself (manually) adds an applicant’s personal data to onlyfy one, the Customer shall be obliged to ensure that it is legally entitled to do so in line with the provisions of these General Terms and Conditions, and upholds data subject rights.
  6. New Work SE processes personal data within the scope of these T&Cs, in shared responsibility with the Customer based on the agreement on shared data protection responsibility set out in Section C. pursuant to Article 2 (6) GDPR.
  7. As onlyfy one is an application of the extensive services provided by XING, information on processing the data of administrators and authorised Users of onlyfy one can be found in the XING Privacy Policy (https://privacy.xing.com/en/privacy-policy).

 

6. Workshops & webinars

  1. To hold workshops, the Customer must provide the trainer with internet access, a projector (“LCD projector”), and a flipchart in the function rooms. To hold seminars, the Customer must ensure that each attendee has a PC or laptop with internet access, access to onlyfy one, a headset or speaker, and a microphone in order to participate.
  2. Webinar attendees are given a link to the onlyfy one webinar registration form before commencing the webinar. After successfully registering, each attendee receives a confirmation e-mail with the information required to attend the webinar. Interested parties must first register to attend the webinar. The Customer and attendees The Customer and attendees must ensure that they have the necessary IT equipment.
  3. The maximum number of attendees and duration of a workshop or webinar can be found in the proposal. Deviations from these numbers shall only be permitted with the written or text-based (e-mail shall suffice) approval of New Work SE.
  4. Workshop or webinar dates are agreed jointly by the Customer and New Work SE following conclusion of the contract. The earliest date on which a workshop or webinar can be held is from a period of two (2) weeks following receipt of the signed order confirmation.
  5. If workshops are held in the Customer’s function rooms, the Customer must pay a flat rate for travel costs in addition to the service fee. This is set out accordingly in the proposal.
  6. If the order is cancelled by the Customer up to 10 days before the start of the workshop or webinar, 50% of the service fee specified in the proposal shall be due. The service fee shall be due in full if the Customer cancels after this date. Customers must submit cancellation to New Work SE in writing.
  7. Neither of the Parties to the contract shall be liable to the other for non-compliance with contractual obligations if non-compliance is due to circumstances beyond their responsibility. This shall apply in particular in cases of force majeure, accident, or illness.
  8. If a deadline for rendering the service cannot be met by New Work SE due to force majeure, trainer illness or accident, or other circumstances for which New Work SE is not at fault, New Work SE shall be entitled to subsequently perform the service on a new date to be agreed with the Customer.
  9. The seminar material and presentations are copyrighted. Any reproduction, transfer to third parties or other commercial use by attendees or the Customer shall only be permitted with the written consent of New Work SE.
  10. New Work SE employees shall not offer legal advice to Customers in their workshops and webinars. Any statement on legal matters shall be non-binding, and it is the Customer’s responsibility to check such statements in the individual case.

 

7. onlyfy one software marketplace

  1. In onlyfy one, New Work SE offers the Customer, at its own discretion, the opportunity to acquire usage rights to software from third-party providers for a fee or at no charge, and/or to use this software with onlyfy and its own software. The Customer is not entitled to demand provision of certain software products unless the Customer acquired usage rights via onlyfy one.
  2. Unless it is the provider of a specific piece of software in the onlyfy one software marketplace, New Work SE only acts as an intermediary when the Customer concludes a contract with the respective third-party provider. If a specific piece of software is provided by a third party, the Customer concludes a separate contract with said third-party provider and/or uses the software subject to an existing contract in place between the Customer and the third-party provider. In such instances, New Work SE is not a contracting party and is not responsible for performance of service. The Customer must assert vis-a-vis the respective third-party provider any and all claims resulting from a breach of this contract with the third-party provider.
  3. Third-party providers may impose terms of use which can be viewed in the respective offers from third-party providers on onlyfy one or via the third-party providers directly, and must be observed by the Customer when using software from third-party providers.
     

8. Defects

  1. In the event of a defect in performance, the Customer is entitled to the following statutory rights as modified below, where New Work SE is at liberty to decide whether to rectify a defect or provide subsequent delivery.
  2. New Work SE’s strict liability for damages (Section 536a of the German Civil Code) for defects present at time of contract conclusion is excluded in instances not involving a characteristic warranted by New Work SE (guarantee as defined in Section 276(1) of the German Civil Code).
  3. Claims for defects are limited to a period of one year. This time limit does not apply to damages arising from a breach of defect claims. In such instances, the provisions governing liability apply.
  4. If the Customer complains about a defect and New Work SE determines that there is no defect in performance, the Customer must reimburse New Work SE for the cost incurred to determine there is no such defect as per the agreed hourly rates or, if no such agreement is in place, at an appropriate hourly rate. This provision does not apply if the absence of a defect was not evident to the Customer when applying a level of care and expertise which can be reasonably expected.
  5. Features, services, software and other offerings which New Work SE provides explicitly as a beta version are excluded from any and all defect claims provided that New Work SE cannot be accused of wilful intent. Beta versions are by their very nature incomplete and may have defects which could, for example, lead to data loss or loss of functionality. As a result, the Customer should only use beta versions in situations where it cannot suffer any detriment due to such defects, particularly damage for which it would like to hold New Work SE or third parties liable.

 

9. Liability and indemnity

  1. New work SE bears limited liability for damage that is based on intentional or grossly negligent actions as well as for damage that arises from ordinarily negligent breaches of material contractual obligations. Material contractual obligations are obligations whose fulfilment is a prerequisite for the proper performance of the Contract, and on the fulfilment of which the Customer may regularly rely.
  2. In the event of an ordinarily negligent breach of non-material contractual obligations, New Work SE shall not be liable in as far as it is not a case of Section 9.1.
  3. Paragraphs 1 and 2 do not apply to claims arising from injury to life, limb and health, malicious conduct, assumption of a guarantee, liability for inability ab initio or impossibility for which New Work SE is responsible, and for claims under the German Product Liability Act.
  4. The above liability restrictions also apply in the event of breaches of obligations by the legal representatives or vicarious agents of New Work SE.
  5. In the event of negligence, the Customer releases New Work SE from all claims, including claims to reimbursement of expenses and reimbursement of damages that other users of onlyfy one or other third parties, including public authorities, assert against New Work SE due to a breach of their rights by the content published by the Customer on onlyfy one. The Customer shall bear all reasonable costs including reasonable legal defence costs incurred by New Work SE due to a breach of third-party rights by the Customer. All of New Work SE’s further rights as well as claims for compensation for damages remain unaffected.

 

10. Contractual term & renewal, termination and price adjustment

  1. Fees for the use of onlyfy one and its modules, and for other services provided by New Work SE and/or third parties, are due for payment immediately upon invoicing in each case for the entire period or renewal periods, unless an alternative agreement has been put in place between the parties in writing. Payment can be made using the payment methods offered.
  2. The contract concerning the chargeable use of onlyfy one or supplementary services by New Work SE or third parties is concluded for the term agreed in the proposal or framework agreement. The contractual relationship between New Work SE and the Customer extends in each case by one (1) year upon expiry of the term. The following regulations apply with respect to termination of the chargeable contract:
    • a. Contractual relationships can be terminated by either party by declaration in written or text form (e-mail shall be sufficient) with a termination notice period of three (3) months to the end of the respective contractual term.
    • b. The right to extraordinary termination and termination without notice for cause remains unaffected. New Work SE is entitled to termination for cause in particular if: the use of the services by the Customer breaches the law and/or third-party rights; or the Customer breaches other material contractual provisions.
  3. The contract concerning the non-chargeable use of onlyfy one (in particular “onlyfy one Go”) is concluded for an unlimited term. The following regulations apply with respect to termination of the non-chargeable contract:
    • a. Contractual relationships can be terminated by either party by declaration in written or text form (e-mail shall be sufficient) with a termination notice period of two (2) weeks, at any time.
    • b. The right to extraordinary termination and termination without notice for cause remains unaffected. New Work SE is entitled to termination for cause in particular if: the use of the services by the Customer breaches the law and/or third-party rights; or the Customer breaches other material contractual provisions.
  4. In the case of termination, New Work SE shall be entitled to deactivate the Customer’s account, the Customer’s Users’ profile, and the Customer’s onlyfy one access after expiry of the agreed term of the contractual relationship. Associated with this, New Work SE will also delete existing processes, such as applications in the Customer’s company account, and deactivate the Customer's active job ads. In the case of termination for cause, New Work SE shall be entitled to effect deactivation immediately. For 90 days after the expiry of the contractual term, New Work SE has the option of safeguarding the master data for the Customer’s applicants in electronic and machine-readable form from onlyfy one for the Customer.
  5. In the event of a contract renewal, the price is calculated in accordance with the list price applicable at the time of the renewal as per provision 6 below; there shall be no claim to renewal of any granted quantity-related or other discount on the basis of the renewed product items.
  6. New Work SE reserves the right to adjust the list price and resulting fee with effect from the next renewal period in each case. New Work SE shall notify the Customer about any change of this type by means of the invoice sent to the Customer concerning the renewal period. If a price increase is affected within four (4) weeks of the date on the invoice, the Customer shall have the right to dissolve the contract with retroactive effect from the time it was renewed, by sending a written declaration to New Work SE. The contractually permitted discontinuation of the granted discounts at the time of contract renewal is not a price increase and does not grant the Customer any special right to termination.

 

11. Closing provisions

  1. If the Customer, as the recipient of New Work SE’s services, has its registered office outside Germany, the Customer must provide notification of its VAT ID number without delay after contract conclusion. Due to reversal of the tax liability, the Customer is the party liable for VAT (reverse charge procedure) and must invoice for the service using the reverse charge procedure for the purposes of VAT.
  2. The law of the Federal Republic of Germany applies to the exclusion of private international law and the UN Convention on Contracts for the International Sale of Goods.
  3. The place of jurisdiction for all legal disputes arising from the contractual relationship between New Work SE and the Customer is Hamburg. In addition, New Work SE also has the right to utilise the court with subject matter jurisdiction at the Customer’s registered office to decide disputes.
  4. If a provision in these T&Cs is or becomes ineffective or unenforceable, this shall not affect the efficacy of their remaining conditions. In place of the ineffective regulation, the parties commit to agreeing a new, effective regulation that comes as close as possible to the spirit and purpose of the ineffective regulation. The same applies for gaps in these T&Cs.

 

B. Provisions specific to onlyfy one modules 

 

1. onlyfy one Application Manager

  1. New Work SE provides the onlyfy one Application Manager module which offers customers, among other things, the option to post and manage job ads, to receive and manage job applications, to message candidates, and to use other services rendered by New Work SE and/or third parties for an additional fee.
  2. Certain limitations apply when using the onlyfy one Application Manager module. Details of these limitations are provided in the product description.
  3. When the Customer uses the onlyfy Application Manager to post job ads via additional third-party channels, job boards or social media services, this usage is subject to the terms of use of said channels and services which may be viewed on the respective sites where they are served and must be observed by the Customer. The Customer acknowledges that New Work SE does not have any influence over how job ads are served, their reach and/or design in additional third-party channels and services.

 

2. onlyfy one TalentManager

  1. The onlyfy one TalentManager module supports the Customer when hiring via XING. With the onlyfy one TalentManager module, the Customer can look for candidates on XING, manage job applications and XING member profiles, and contact XING members for hiring purposes. The onlyfy one TalentManager module allows multiple employees to conduct hiring activities together via XING and to exchange information with one another.
  2. Certain limitations apply when using the onlyfy TalentManager module, e.g. maximum number of daily messages which can be sent. Details of these limitations are provided in the product description.
  3. The Customer is obliged, in particular, to observe applicable data protection and privacy law. Unless permitted by way of valid consent from affected XING members or under German or European data protection law, the Customer is prohibited from collecting, processing or using personal data of XING members, and from disclosing XING members’ personal data to third parties.

 

3. onlyfy one Job Ads

  1. Upon conclusion of contract governing the use of the onlyfy one Job Ads module, the Customer is permitted, for the duration of said contract and depending on the selected scope and product, to post paid job ads on XING Jobs, possibly also in third-party job boards and social media services, and to manage said ads in onlyfy one for the duration of their posting.
  2. The maximum duration and scope of job ads the Customer posts depends on the selected product and/or product description. Job ads are deactivated automatically once they expire, meaning they are no longer available to third parties.
  3. The Customer may lose access to some of the features in the onlyfy one Job Ads module or to the onlyfy one Job Ads module entirely when the Customer’s last active job ad is deactivated.
  4. XING members and third parties outside of XING can view job ads posted in XING Jobs. Job ads posted in third-party job boards and in social media services can be viewed by members of those sites and by third parties; availability is subject to the technical and contractual limitations of the respective third-party job boards and social media services.
  5. When using the onlyfy one Job Ads module to post job ads via additional third-party channels, job boards or social media services, this usage is subject to the terms of use of said channels and services which may be viewed on the respective sites where they are served and must be observed by the Customer.The Customer acknowledges that New Work SE does not have any influence over how job ads are served, their reach and/or design in additional third-party channels and services.
  6. The Customer is only permitted to advertise one role/position per ad. New Work SE reserves the right, at its own discretion and without notifying the Customer specifically, to deactivate job ads containing more than one role/position or to bill the Customer for each additionally described role/position. This does not constitute grounds for the Customer to claim a refund.
  7. Fixed job ads can be activated and deactivated as many times as the Customer chooses for the duration of their posting. However, once a job ad expires or is archived, it cannot be reactivated and must be posted again. The role/position described in a job ad may only be modified for a brief period to amend errors.
  8. At New Work SE’s discretion, job ads can also be posted on domains and mobile apps operated by New Work SE and its subsidiaries and holdings, and on domains and mobile apps of contractually affiliated third parties. The design and layout of job ads may vary depending on the channel where they are posted.
  9. For the duration of the contract, the Customer can view and edit the settings of a Customer user in the onlyfy one Job Ads module at any time, and can view and edit their job ads at any time. Information entered by the Customer or provided automatically by New Work SE remain accessible in the onlyfy one Job Ads module for the duration of the contract. Upon deactivation of the last active job ad in the onlyfy one Job Ads module, the Customer or its users can delete the data and settings saved there. The Customer is not entitled to demand that New Work SE hand over or continuously store or supply information.
  10. When posting on to XING Jobs or third-party job boards and social media services, the Customer must observe the job ad posting guidelines applicable there at the time of posting. The guidelines applicable on third-party job boards and social media services can be viewed on said platforms. New Work SE reserves the right to impose rules concerning the content and layout of job ads posted via the onlyfy one Job Ads module.
  11. The Customer is solely responsible for content it posts on XING Jobs and on third-party job boards and social media services. The Customer warrants that the job ads it posts on XING Jobs and on third-party job boards and social media services are truthful and not in breach of applicable laws and/or third-party rights.
  12. The Customer can include corporate videos in onlyfy Job Ads by adding a link to a video hosted on the online platforms YouTube or Vimeo.
  13. Should the Customer offer video material, it must comply with the technical specifications provided by New Work SE. The Customer is solely responsible for ensuring the technical quality of files.
  14. New Work SE is not obliged to review video material, but it entitled to reject video material which the Customer provides due to its origin, content, technical quality or for some other objectively justifiable reason.
  15. Should the Customer use its own technical means or commission third-party means to include video content in an onlyfy Job Ads product for which New Work SE does not authorise the use of video content, New Work SE is permitted, at its own discretion, to deactivate such job ads and/or can bill the Customer for the difference between the booked onlyfy Job Ads product and the onlyfy Job Ads product for which New Work SE authorises the use of video content. Deactivation does not constitute grounds for the Customer to claim a refund.
  16. It is not possible to fully preclude third parties from copying job ads posted on XING Jobs or from linking and/or using frames to post said job ads as their own. The Customer is excluded from asserting any claims against New Work SE because of such copying, linking and/or framing by third parties.
  17. When posting job ads on XING Jobs, the Customer grants New Work SE the right to use onlyfy one Job Ads for all types of use arising in connection with posting and publishing job ads on XING Jobs and/or on third-party job boards and social media services.
  18. Salary data which the Customer or its users provide in job ads is aggregated in New Work SE’s salary database and can be used in aggregated form to display salary data in other job ads. Once aggregated, salary data cannot be traced back to the Customer providing said data.
  19. The following applies to Essential job ads: The Customer is only permitted to post vacancies for job titles relating to unskilled or semi-skilled activities (requirement level 1), or to specialist activities (requirement level 2) as defined in the German Classification of Occupations 2010 from the Federal Employment Agency. New Work SE reserves the right to review job titles and job ads to ensure they only advertise vacancies for requirement levels 1 & 2; New Work SE also reserves the right to deactivate job ads at its own discretion without notifying the Customer explicitly, and/or to bill the Customer for the difference between the booked onlyfy one job ad category and the next-higher category. Customers are not entitled to a refund if their job ad is deactivated.

 

4. onlyfy Employer Branding Profile

  1. onlyfy Employer Branding Profiles on kununu and XING (hereinafter “Employer Profiles”) consist of company descriptions. XING and kununu offer customers the option to claim, create, edit and use Employer Profiles. The exact scope of usage options and any fees charged for claiming, editing and using Employer Profiles are provided in the product description applicable at the time of contract conclusion. The subject matter of the contract can also be certain paid or unpaid ancillary services from New Work SE.
  2. Employer Profiles can be used to showcase the Customer along with its products and services. Employer Profiles must not be used for multi-level marketing purposes.
  3. Employer Profile content must be linked to the Customer, must not contain excessive capitalisation and punctuation, insufficient content, URLs redirecting to external websites with no connection to the Company.
  4. If New Work SE offers the Customer the option to customise its Employer Profile URL such that it contains the Customer’s name (vanity URL), the following terms apply:
    • The Customer may only use the company’s own name in the vanity URL.
    • The Customer must not use the names, brands or trademarks of other companies.
    • If the vanity URL breaches this provision, pertinent law or third-party rights, New Work SE may reset the vanity URL to its original state. New Work SE also reserves the right to reset the URL to its original state if the vanity URL contains a generic term such as “apps” or “community”.
  5. DOn its website, particularly on kununu.com, New Work SE offers employees the option to rate their current or past employers according to a number of criteria, such as the company culture, and to add information about their salary. The Customer expressly acknowledges that by posting ads or booking Employer Profiles on New Work SE websites, particularly on kununu.com, it is not permitted to influence the reviews it receives as an employer, the culture ratings, or the salary data. If the Customer exerts pressure upon XING or kununu to edit this data in any way, New Work SE is entitled to cancel the contract for cause.
  6. By adding content to its Employer Profile, the Customer grants New Work SE the right to use said content for all types of use arising in connection with their publication on XING and/or kununu.
  7. New Work SE is entitled, at its own discretion, to display job ads assigned to the Customer’s identity in the “Jobs” section of the Customer’s Employer Profile. This right extends to job ads which the Customer has booked with New Work SE and to job ads from other sources.

 

C. Agreement on shared responsibility under data protection law

 

1. Object of the agreement

  1. The contractual relationship (“Main Contract”), establishes shared processing of personal data within the Customer’s company accounts. onlyfy one is part of the comprehensive XING service provided by New Work SE, which pursues the purpose of using a variety of different applications (onlyfy one as well as the XING social network, kununu etc.) to contribute to improving and simplifying the professional life of users, as well as making the world of work more fulfilling for individuals and at the same time making companies even more successful. onlyfy one, as part of the comprehensive XING service, is an online platform on which and via which talented individuals and companies come together. On or respectively via onlyfy one, companies can for example publish job ads, identify interesting talented individuals (where applicable including from the XING professional network), receive and manage applications, and enter into dialogue with talented individuals and applicants. New Work SE supports this coming together of talented individuals and companies on and via onlyfy one. This takes place through, for example, talented individuals being recommended in the Customer’s company account, as well as through the generation and provision of recruitment-relevant information and analysis based on data that New Work SE processes in onlyfy one and, where applicable, in other XING applications or outside them.
    The precise scope of services is based on the Main Contract. The parties agree that, with respect to this collaboration in the company account in the sense of Article 4 (7) GDPR, they jointly determine the purposes and means of processing and that in this respect there is shared responsibility.
  2. This Contract represents the agreement between the shared controllers as defined by Article 26 GDPR, between the parties. In this Contract, regulations are implemented as to who fulfils which obligations under the GDPR in connection with shared processing of personal data.
  3. For data processing instances for which there is no shared determination of the purposes and means, each contractual party is the independent controller in the sense of Article 4 (7) GDPR. This applies in particular to any data processing outside the company account as well as to product support provided to the Customer or the Customer’s company account by New Work SE, as well as Customer support. This Contract does not apply for these instances of data processing.

 

2. Description of data processing

  1. The purpose, type and scope of processing of personal data arise from Section 1 as well as the Main Contract concluded between the parties and in that respect where applicable additionally included contractual regulations.
  2. The type of data as well as the categories of data subjects can be found in Annex 1 to this contract.

 

3. Responsibilities for processing steps/phases

  1. In Annex 2 to this Contract, the parties have described the processing steps that are subject to shared responsibility, and assigned the respective responsibilities. If no disclosure is provided and the Contract also does not assign any other responsibilities, it must be assumed that both parties are equally responsible for the processing of the respective data type(s).
  2. In Annex 2, the parties have furthermore determined responsibilities for the processing and implementation of measures that must be implemented for reasons of the exercising of data subject rights arising from Articles 15 to 21 GDPR, as well as in terms of certain additional requirements of the GDPR. If no disclosure is provided and the Contract also does not assign any other responsibilities, it must be assumed that both parties are equally responsible.
  3. Regardless of the regulations in Paragraphs 1 and 2, the parties agree that the data subjects may contact either party for the purpose of exercising data subject rights that are due to them in each case. In such a case, the respective other party is obliged to immediately forward a data subject’s request to the party responsible in accordance with Annex 2 of this Contract. The parties will mutually appoint contact addresses for this purpose and provide notification of any change immediately in text form.

 

4. Implementation of data subject rights

  1. Each party is obliged to fulfil the information obligations arising from Articles 12 to 14 GDPR and Article 26 (2.2) GDPR with respect to the data subjects in as far as the respective party is responsible for the processing step(s) as per Section 3 of this Agreement. The parties shall ensure that this information is available online and shall, on request, mutually provide the web addresses at which the respective information can be accessed.
  2. Data subjects must be provided with the required information in a precise, transparent, understandable, and easily accessible form, in clear and simple language, free of charge.

 

5. Data security

  1. New Work SE is solely responsible for implementation of the technical and organisational measures required in accordance with Article 32 GDPR with respect to the security of covered products and services for which there is shared responsibility in the sense of Article 26 GDPR. New Work SE shall implement the measures to be taken at its own discretion. The Customer will receive a description of these technical and organisational measures on request. New Work SE can adapt the technical and organisational measures at any time at its own discretion and without separate notification, in as far as the resulting changes cause no falling short of the respective legal specifications for data security.
  2. The Customer bears sole responsibility in terms of correct technical implementation and configuration of the covered products for which there is shared responsibility in the sense of Article 26 GDPR.

 

6. Notification obligations in the event of data protection breaches

(1) New Work SE is responsible for review and processing of all breaches of the protection of personal data as defined by Article 4 (12) GDPR (Personal data breach), including the fulfilment of any and all therefore existing obligations to report to the responsible supervisory authority in accordance with Article 33 GDPR or to data subjects in accordance with Article 34 GDPR, which occur with respect to the covered products and services for which there is shared responsibility in the sense of Article 26 GDPR. The Customer is accordingly responsible for data protection breaches that occur with respect to the correct technical implementation and configuration of the covered products and services for which there is shared responsibility in the sense of Article 26 GDPR.

(2) If the responsible party notifies a data protection breach to the responsible supervisory authority or to the data subject, that party shall then inform the other party immediately. If needed and at the request of the responsible party, the parties shall mutually support each other in the fulfilment of reporting obligations and shall immediately mutually provide all information in connection with the data protection breach as is needed to review the data protection breach and its consequences, as well as for the fulfilment of any reporting obligations in accordance with Articles 33 and 34 GDPR.

 

7. Shared obligations

Both parties must inform each other immediately and in full if errors or irregularities in data processing or breaches of provisions of this Contract or applicable data protection law (in particular the GDPR) are identified.

 

8. Commissioned processor

  1. Both parties may at their own discretion use commissioned processors as defined by Article 4 (8) GDPR. In this process, the parties commit to comply with the specifications of Article 28 GDPR in each case. New Work SE is responsible for the selection, commissioning and management of service providers and commissioned processors with respect to the covered products and services.
  2. Insofar as the processing of personal data takes place in a third country, the respective party shall on request demonstrate to the other party the existence of guarantees for an appropriate level of data protection in the third country.
  3. The commissioned processors utilised in each case by New Work SE with respect to processing steps for which there is a shared determination of purposes and means are listed at the following link: https://onlyfy.com/de/onlyfy-one-subcontractors

 

9. Collaboration with supervisory authorities

  1. Each party is obliged to immediately inform the respective other party if a supervisory authority for data protection contacts it in the context of this Contract, the collaboration, or data processing, and in as far as this specifically refers to the processing of personal data that are processed jointly by the parties. However, New Work SE is explicitly not obliged to inform the Customer if a supervisory authority for data protection contacts New Work SE generally with respect to the covered products and services for which shared responsibility exists in the sense of Article 26 GDPR in accordance with this Contract, and/or if the request does not directly concern this Contract.
  2. In as far as possible, the parties shall mutually consult before any requests from responsible supervisory authorities for data protection are followed and/or information in connection with this Contract, the collaboration, or data processing is shared with responsible supervisory authorities for data protection. This does not apply in cases of Paragraph 1 Sentence 2.

 

10. Liability

  1. The parties are liable to the data subjects in accordance with the legal stipulations.
  2. In their interior relationship, the parties release each other from any liability if the cause triggering liability is solely the responsibility of one party in the framework of responsibility in accordance with Section 3 of this Agreement. This also applies with respect to any fine imposed against a party due to a breach of data protection specifications, with the stipulation that the party to which the fine is assigned must initially have exhausted legal remedy against the decision concerning the fine.

 

11. Closing provisions

  1. The regulations of the Main Contract apply for the duration and termination of the Contract. In the case of contradictions between this Contract and other agreements between the parties, in particular the Main Contract, the regulations of this Contract shall take precedence.
  2. Should individual provisions in this Contract be or become ineffective or contain a gap, the remaining provisions shall remain unaffected by this. In the place of the ineffective regulation, the parties commit to agreeing a legally permissible regulation that comes as close as possible to the purpose of the ineffective regulation and that best fulfils the requirements of Article 26 GDPR.
  3. German law including the GDPR applies.

 

Annex 1 to the agreement on shared responsibility under data protection law

 

Categories of data subject

Group of persons who are the subject of data processing:

  • The Customer’s talented individuals and applicants
  • The Customer’s company users
  • XING users
  • Other users of New Work SE
  • Where applicable, third parties

 

Type(s) of personal data

The following data types are regularly the object of processing:

  1. With respect to the Customer’s talented individuals and applicants, this includes, among other data
    • master data (e.g. name, contact details, date of birth, etc.)
    • qualification data (CVs, etc.)
    • Voluntary information (application photo, information on disability status or other information, additional questions depending on the relevant job advert, etc.)
    • communication data
    • where applicable, other data (social media profiles at XING or LinkedIn etc.)
    • Special categories of personal data in accordance with Article 9 (1) GDPR, e.g. information on health (e.g. disability status) or information that permits conclusions to be drawn about sexual orientation or ethnic origin or religion.
    • Usage data, tracking data, including using cookies and similar technologies
    • Data in the framework of support services (e-mail address, name, context of request, other personal data, etc.)
  2. With respect to the Customer’s company users, this includes in particular
    • Registration data (e.g. name, e-mail address, password, phone number)
    • Communication data as well as personal comments and assessments made by company users
    • Activity data that is created during use (e.g. status changes for applications, purchase requisitions for new job ads, etc.).
    • Other usage data, tracking data, including using cookies and similar technologies

 

Annex 2 to the agreement on shared responsibility under data protection law

 

Primary responsibility in the framework of shared responsibility

  Processing step under shared responsibility Responsibility in the framework of shared responsibility Comments
1 Processing in the framework of recruitment by the Customer (classic “application data” processing), i.e. of job ad data as well as data concerning talented individuals/applicants and company users, including dialogue between talented individuals/candidates/applicants and company users in as far as it takes place in and via the company account Customer The processing of data concerning applicants and company users by the Customer outside the company account, as well as the upload process for such data by the Customer into the company account, take place outside shared responsibility, in the sole responsibility of the Customer. Shared responsibility applies as soon as data are included in the company account. 
2 Display and recommendation of talented individuals in the company account  New Work SE Data processing outside the company account takes place outside shared responsibility, in the sole responsibility of New Work SE.
3 Collection of usage data, tracking, including using cookies and similar technologies New Work SE  
4 Provision of “Insights”: generation and provision of recruitment-relevant information and analyses based on data from the company account New Work SE  
5 Adoption of data that is created/processed in the company account, including usage data/automatically collected data, including using tracking technologies/cookies, for proprietary purposes such as performing analysis for product improvement, etc. or the optimisation of recommending talented individuals. New Work SE The adopted data are (further) processed by New Work SE outside shared responsibility, in sole responsibility
6 Product support for talented individuals concerning the covered products and services, including information on product changes, etc. New Work SE  

 

 

 

 

 

7

Selection and implementation of third-party provider tools that are provided to the Customer for use in the framework of the covered products and services, as well as associated processing of data by commissioned processors and/or disclosure of data

 

 

 

 

 

New Work SE

 

 

Responsibility in terms of exercising data subject rights and certain additional requirements arising from the GPDR

Data subject right/
requirement

New Work SE

 

 

Customer 

 

Deviations with respect to onlyfy one Job Ads
Article 6: Requirement for a legal basis for shared processing

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 
Information obligations arising from Articles 13 and 14 GDPR   

 

(plus information specified and permanently integrated by New Work SE concerning shared responsibility as well as with respect to New Work SE’s area of responsibility.)

People applying for vacancies with the Customer are informed about data processing under shared responsibility (in particular about applicable erasure periods).

Note: The Customer is obliged to provide information about personal data processed by the Customer beyond the scope of shared responsibility. This information can be provided, e.g. by way of text in a job ad.   

Right of access by the data subject (Article 15 GDPR),

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 

 
Right to rectification (Article 16 GDPR),

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 

 
Right to erasure (“Right to be forgotten”) (Article 17 GDPR),

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility (the Customer is therefore responsible for meeting its erasure obligations in onlyfy one within the scope of shared responsibility) 

 

New Work SE stipulates the erasure periods applicable to the personal data of talents/candidates/applications.
Right to restriction of processing (Article 18 GDPR)

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 

 
Right to data portability (Article 20 GDPR),

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 

 
Right(s) to object (Article 21 GDPR), 

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 

 
Article 26 (2) GDPR: Make the essence of this addendum available for controllers  

 

(by link to this Contract, which is accessible online, is included in the information specified by New Work SE concerning the information obligations arising from Articles 13 and 14 GDPR (see above) concerning shared responsibility.)

New Work SE provides this information as required by Articles 13 and 14 GDPR by way of a link to this contract, which is available online.
Right to obtain human intervention, to express a person’s own point of view, and to contest a decision in the event of automated decision-making in an individual case with legal/restrictive effect (Article 22 (3) GDPR). X    
Creation of the documentation for the record of processing activities in accordance with Article 30 (1) GDPR,

New Work SE with respect to its area of responsibility

 

The Customer with respect to its area of responsibility

 

 
Implementation of Privacy by Design (Article 25 GDPR) and/or Risk assessment for processing X    
Performance of a data protection impact assessment in accordance with Article 35 et seq. GDPR If a data protection impact assessment is required in accordance with Section 35 GDPR, the parties shall mutually support one another to a reasonable extent.