Privacy Policy

Table of Contents

• Privacy Policy
• 1. General information about the website
• 2. Data controller
• 3. Data protection officer
• 4. Operation of this website
  • 4.1 Content management system: WordPress
  • 4.2 Form software: Advanced Custom Fields
  • 4.3 Hosting: ALL-INKL.COM
  • 4.4 Encryption: SSL certificate from Let’s Encrypt
• 5. Processing of data from the application form
  • 5.1 Data processing
  • 5.2 Data collected
    • 5.2.1 Audio recording in the browser
    • 5.2.2 File uploads
  • 5.3 Storage period
  • 5.4 Further processing on local computers and Microsoft Office 365
  • 5.5 Legal basis for this data processing
• 6. User Behavior Analysis
  • 6.1 Temporary database entries using ACF forms
  • 6.2 No analysis of user behavior by ALL-INKL.COM
  • 6.3 Analysis of anonymous access figures
  • 6.4 Legal basis for this data processing
• 7. Cookies
• 8. Disclosure of data
  • 8.1 Disclosure of data to third parties
  • 8.2 Data processing outside the European Union
• 9. Consent
• 10. Rights of data subjects
  • 10.1 Right to information
  • 10.2 Right to object
  • 10.3 Right to rectification
  • 10.4 Right to erasure
  • 10.5 Right to restriction of processing
  • 10.6 Right to lodge a complaint
  • 10.7 Right to data portability
• 11. Right to object pursuant to Art. 21 para. 1 GDPR
• 12. Changes to this privacy policy

Privacy Policy

1. General information about the website

URL: https://amr-interviewer.com

This website is aimed at people applying to AMR Advanced Market Research GmbH as interviewers. Part of the application process is handled via the website.

2. Data controller

AMR – Advanced Market Research GmbH
Poststrasse 7
40213 Düsseldorf
Germany
Further information about our company can be found in our imprint.

3. Data protection officer

Brandeis Digital GmbH
Mr. Steffen Lüning Senior Consultant Data Protection
Phone: + 49 (0) 175 121 7005
Email: dataprotection@amr-research.com

4. Operation of this website

4.1 Content management system: WordPress

We use the open source content management system (CMS) WordPress to manage our application processes for interviewers and to operate the website. WordPress does not store any applicant data except in the protected applicant database and does not exchange any personal data with third parties.

4.2 Form software: Advanced Custom Fields

We use the WordPress plugin Advanced Custom Fields (ACF) for the application form. When called up, ACF automatically creates “auto-draft” entries in order to be able to assign uploads technically correctly. There is no external transmission of applicant data.

4.3 Hosting: ALL-INKL.COM

For the hosting of our website, we rely on the infrastructure of ALL-INKL.COM Inhabergeführte KG (owner: René Münnich), Hauptstraße 68, D-02742 Friedersdorf, Germany. We have deactivated the logging of server and access logs (access and error logs) in the hosting settings. Therefore, no log files are created.

4.4 Encryption: SSL certificate from Let’s Encrypt

Data transmission between server and client is encrypted via HTTPS (TLS 1.2 or higher). For this purpose, we use an SSL/TLS certificate from Let’s Encrypt, which is provided to us by our hosting provider All-Inkl.com.

5. Processing of data from the application form

An online application form for the position of interviewer is provided on this website. This form collects mandatory and voluntary personal data. It is also possible to create browser-based voice recordings or upload audio files. In addition, a CV can be submitted as a file attachment.

5.1 Data processing

As part of each application, all form data is stored in our WordPress database. Audio recordings, uploaded audio files and CVs are stored in protected directories on the same server. After submitting the form, the system automatically sends a short confirmation email to the email address specified in the form.

For the actual processing and contacting, our employees then upload the encrypted data via HTTPS to the company’s own computers and, if necessary, to a protected Microsoft Office 365 cloud infrastructure. All file uploads and downloads are carried out continuously via TLS-encrypted connections.

All personal data is deleted from the server after 2 months at the latest.

5.2 Data collected

When a user applies to us via the application form, we ask for the following mandatory information:

How the applicant became aware of AMR
First name
Last name
Year of birth (optional)
Country of residence
Email address
Telephone number
Language proficiency
Audio recordings
Professional experience
CV (optional)
Consent to this privacy policy

5.2.1 Audio recording in the browser

Applicants can create voice recordings directly in the form using a browser. Immediately after each recording is completed, the audio files are stored via HTTPS in a protected directory on the same server. Access is strictly limited to authorized employees.

The audio recordings are only linked to the other application data after the final submission of the form.

Storage period: All audio recordings are automatically deleted completely from our server after two months at the latest.

5.2.2 File uploads

In addition to the browser audio recording, applicants can also upload existing audio files (e.g. MP3, WAV) and documents (e.g. CV as PDF or DOCX) in the form. Once the form has been sent in full, the files are encrypted and stored via HTTPS in a secure directory on the same server. Access is only permitted to authorized employees.

Storage period: All uploaded audio files and documents are automatically deleted completely from our server after two months at the latest.

5.3 Storage period

All personal data is deleted from our server (location: Germany) after two months at the latest and the applications are anonymized. Audio recordings and file uploads are automatically and completely deleted after two months.

5.4 Further processing on local computers and Microsoft Office 365

Complete applications are downloaded in encrypted form from our web server and transferred to our protected cloud infrastructure on Microsoft Office 365. Microsoft Corporation (One Microsoft Way, Redmond, WA 98052 USA) acts as a processor in accordance with Art. 28 GDPR. Office 365 data processing takes place exclusively in data centers within the European Union or on the basis of standard contractual clauses.

Applications received and the associated audio recordings and file uploads are copied to our local machines for further processing and feedback, but are deleted after processing or after the respective deadlines have expired.

If there is no cooperation between AMR and the applicant, the files will be deleted no later than two months after the decision. If there is cooperation between the applicant and AMR, the application documents remain stored locally for as long as there is cooperation. If an interviewer is no longer commissioned by AMR for two years, the data will be deleted.

5.5 Legal basis for this data processing

The legal basis for this data processing is Art. 6 para. 1 lit. a) and b) GDPR. »The data subject has given consent to the processing of his or her personal data for one or more specific purposes«. And the data »processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract«.

6. User Behavior Analysis

6.1 Temporary database entries using ACF forms

ACF automatically creates a WordPress auto-draft in the background when a frontend form is called up with new_post, e.g. to be able to correctly assign file uploads. This draft does not contain any personal data and is automatically deleted after 30 days.

Stored system data:
Timestamps: post_date, post_date_gmt, post_modified and post_modified_gmt (creation and modification time)
Post status: auto-draft
Post type: e.g. post or user-defined type
post_author: ID 0 (for guest creators) or the current user ID if logged in

6.2 No analysis of user behavior by ALL-INKL.COM

The logging of server and access logs (access and error logs) is deactivated in the hosting settings. Therefore, no log files are created.

6.3 Analysis of anonymous access figures

The WordPress plugin Statify is used to analyze page traffic. It only records anonymized access figures, including URLs accessed, referrers and timestamps. A link to individual computers or users is excluded, as no cookies are used for this purpose and no personal identification features are stored.

6.4 Legal basis for this data processing

The legal basis for the above technically necessary and anonymized processing operations is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest lies in

• to ensure secure, high-performance and functional operation of the website,
• to use auto-draft entries for the correct allocation of uploads,
• evaluate anonymized access figures to improve user guidance,
• and to use session cookies exclusively for the WordPress administration area for session management.

Personal data is not processed in this context.

7. Cookies

No cookies are set when you visit the public areas of this website.
Exception: purely functional session cookies are used for the WordPress administration backend:

A cookie is created on the login page in the backend to manage the session. After a successful login, additional cookies may be set by WordPress. These cookies remain active until you log out.

Since the backend is intended exclusively for employees of our institute, these cookies generally do not affect external visitors.

The legal basis for setting cookies for login and the backend is Art. 6 para. 1 lit. f GDPR (legitimate interest). Our legitimate interest is to ensure the secure, high-performance and functional operation of the website and to ensure that you can log in and use the backend to manage your applications.

8. Disclosure of data

8.1 Disclosure of data to third parties

Data that you provide to us will not be passed on to third parties. In particular, your data will not be passed on to third parties for their advertising purposes.

8.2 Data processing outside the European Union

We do not process your personal data in a so-called third country outside the European Union.

9. Consent

If we process your personal data on the basis of consent, you have the right to withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

10. Rights of data subjects

10.1 Right to information

You can request information about your personal data that we process in accordance with Art. 15 GDPR.

10.2 Right to object:

You have the right to object for specific reasons (see point II).

10.3 Right to rectification

If the information concerning you is not (or no longer) accurate, you can request rectification in accordance with Art. 16 GDPR. If your data is incomplete, you can request that it be completed.

10.4 Right to erasure

You can request the erasure of your personal data in accordance with Art. 17 GDPR.

10.5 Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to request that the processing of your personal data be restricted.

10.6 Right to lodge a complaint

If you believe that the processing of your personal data violates data protection law, you have the right to lodge a complaint with a data protection supervisory authority of your choice in accordance with Art. 77 (1) GDPR. This also includes the data protection supervisory authority responsible for the controller State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia, https://www.ldi.nrw.de/kontakt/ihre-beschwerde.

State Commissioner for Data Protection and Freedom of Information
North Rhine-Westphalia
40102 Düsseldorf
Email: poststelle@ldi.nrw.de

10.7 Right to data portability

In the event that the requirements of Art. 20 para. 1 GDPR are met, you have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to third parties. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website. They are therefore not based on consent pursuant to Art. 6(1)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, but are justified pursuant to Art. 6(1)(f) GDPR. The requirements of Art. 20 (1) GDPR are therefore not met in this respect.

11. Right to object pursuant to Art. 21 para. 1 GDPR

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (f) of Article 6(1) GDPR. The controller will then no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims. The collection of data for the provision of the website and the storage of log files are absolutely necessary for the operation of the website.

12. Changes to this privacy policy

We will revise this privacy policy in the event of changes to this website or other occasions that make this necessary.

Last update of this policy: June 2025