Privacy policy

Last updated: 11.03.2025

Privacy policy

Below we inform you about the processing of your personal data in the context of the use of our online offer.

Person responsible

Chico Jobs GmbH

Ruhrallee 9
44139 Dortmund

Mail: info@chico.jobs

Contact person

If you have any questions about data protection, please use the contact details provided above.

Storage duration

In principle, we delete your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed.

If we have asked for your consent and you have given it, we will delete your personal data if you withdraw your consent and there is no other legal basis for the processing.

We will erase your personal data if you object to the processing and there are no overriding legitimate grounds for the processing or if you object to the processing for the purposes of direct marketing or related profiling.

If erasure is not possible because processing is still necessary for compliance with a legal obligation (statutory retention periods, etc.) to which we are subject or for the establishment, exercise or defense of legal claims, we will restrict the processing of your personal data.

Further information on the storage period can also be found in the following passages.

Your rights

You have the following rights with regard to your personal data:
– Right of access
– Right to rectification
– Right to erasure
– Right to restriction of processing
– Right to object to processing
– Right to data portability

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. We will then no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.
If we process your personal data for direct marketing purposes, you have the right to object at any time to the processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing. We will then no longer process your personal data for these purposes.

You have the right to withdraw your consent to the processing of your personal data at any time if you have given us such consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

You have the right to complain to a supervisory authority about the processing of your personal data by us.

Provision of your personal data

The provision of your personal data is not required by law or contract and is not necessary for the conclusion of a contract. You are generally not obliged to provide your personal data. Should this nevertheless be the case, we will point this out to you separately when collecting your personal data (e.g. by marking the mandatory fields on input forms).

Failure to provide your personal data regularly means that we will not process your personal data for one of the purposes described below and you will not be able to take advantage of an offer related to the respective processing (example: without providing your e-mail address, you will not receive our newsletter).

Webhosting

We use external services for web hosting. These services may have access to personal data that is processed as part of the use of our online offering.

Web server log files

We process your personal data in order to be able to display our online offering to you and to ensure the stability and security of our online offering. Information (e.g. requested element, URL called up, operating system, date and time of the request, browser type and version used, IP address, protocol used, amount of data transferred, user agent, referrer URL, time zone difference to Greenwich Mean Time (GMT) and/or HTTP status code) is stored in so-called log files (access log, error log, etc.).

Security

For security reasons and to protect the transmission of your personal data and other confidential content, we use encryption on our domain. You can recognize this in the browser line by the character string “https://” and the lock symbol.

Content Delivery Networks

We use content delivery networks from external services to optimize the loading time, stability and security of our online offering.

Profiling (for the purposes of advertising, personalized information, etc.) may also occur as part of the use of external services. Profiling can also take place across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services, as well as whether profiling takes place when using the respective services and, if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the further information on the services we use at the end of this passage and under the links provided there.

Google Cloud CDN
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://cloud.google.com/cdn?hl=dem
Further information & data protection: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, insofar as these are offered by Google. Further information on this and Google’s responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU standard contractual clauses there. The provider has signed up to the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.

Addendum for the use of UNPKG and JSDelivr CDN

1. our website or application uses UNPKG and JSDelivr, both public CDNs (Content Delivery Networks) for the provision and performance optimization of JavaScript libraries. This addendum to the privacy policy describes how UNPKG and JSDelivr process personal data and what data protection measures are taken.

2 What data is collected? When accessing content provided via UNPKG or JSDelivr, the services may collect the following technical data:

IP address of the requesting device
Time of the request
Requested file and URL
HTTP header data (e.g. browser type, operating system)
Referrer URL (the website from which the request originated)

This data is collected by UNPKG and JSDelivr and can be used for error analysis, performance optimization and abuse prevention.

3. purpose of data use The data collected by UNPKG and JSDelivr serve the following purposes in particular:

Provision of the requested resources
Optimizing the loading speed and performance of our website
Improving security and preventing misuse
Error analysis and debugging

4. storage and processing of data UNPKG and JSDelivr may store access data for a limited period of time for analysis purposes. We do not have direct access to this data and do not control how long it is stored. Further information on data processing by UNPKG and JSDelivr can be found in their respective privacy policies.

5 Disclosure of data UNPKG and JSDelivr may disclose the collected data to third parties if this is required by law or is necessary to secure their own infrastructure. We ourselves do not pass on any data collected by UNPKG or JSDelivr to third parties.

6 Legal basis for processing The use of UNPKG and JSDelivr is based on our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in the fast and efficient provision of web content and the improvement of the user experience and security of our website.

7 Your rights As a user, you have the right to obtain information about the processing of your personal data. In addition, under certain conditions, you can request the deletion, correction or restriction of the processing of your data. As UNPKG and JSDelivr are external services, data protection requests must be addressed directly to the operators of UNPKG or JSDelivr.

8. further information Further information on UNPKG’s privacy policy can be found on their official website: https://unpkg.com Further information on JSDelivr’s privacy policy can be found on their official website: https://www.jsdelivr.com

Use of embedded Vimeo videos

We embed videos from the Vimeo platform on our website. When you play such a video, a connection to the Vimeo servers is established. Certain data is transmitted to Vimeo, such as your IP address and the information that you have viewed the video on our site.

Vimeo also sets cookies that are used to analyze the use of the videos and improve the user experience. These cookies can also be used to create user profiles.

Legal basis for processing
Vimeo videos are integrated on the basis of Article 6(1)(f) GDPR, as we have a legitimate interest in providing you with appealing content. If explicit consent is required, we obtain this via our cookie banner.

Data transfer to third countries
Vimeo is a company based in the USA. Data may therefore be transferred to the USA. Vimeo has submitted to the EU-U.S. Privacy Shield Agreement to ensure an adequate level of data protection.

Further information
Further information on the processing of your data by Vimeo can be found in Vimeo’s privacy policy: https://vimeo.com/privacy.

Contact us

If you contact us, we will process your personal data in order to process your contact.

If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the processing of your contact. If the processing is necessary to fulfill a contract with you or to carry out pre-contractual measures based on your request, the legal basis for the processing is also Art. 6 para. 1 lit. b GDPR.

We use external services to provide and maintain our email inboxes. These services may have access to personal data that is processed when you contact us.

Cookies & similar technologies

Cookies are used. Cookies are text information that is stored on your end device. A distinction is made between session cookies, which are deleted immediately after you close your browser, and persistent cookies, which are only deleted after a certain period of time.

In addition to cookies, similar technologies (tracking pixels, web beacons, etc.) may also be used. The following information on cookies also applies to similar technologies. These statements also apply to further processing in connection with cookies and similar technologies (analysis & marketing etc.). This also applies in particular to any consent you may have given for the use of cookies. This also extends to other technologies and to further processing in connection with cookies and similar technologies.

Cookies can be used to enable the use of certain functions. Cookies can also be used to measure the reach of our online offer, to design it in line with requirements and interests and thus to optimize our online offer and our marketing. Cookies can be used by us and by external services.

We use a consent tool to manage the cookies used and related consents. Details on the cookies used (purpose, storage period, external service if applicable, etc.) can be found in the following passages.

If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the management of the cookies used and the related consents. Depending on the purpose of the processing, our legitimate interests can be found in the following passages.

You can prevent the storage of cookies by selecting the appropriate settings in your browser. Below we provide you with links for typical browsers where you can find further information on managing cookie settings:
– Firefox: https://support.mozilla.org/de/kb/verbesserter-schutz-aktivitatenverfolgung-desktop
– Chrome: https://support.google.com/chrome/answer/95647?hl=de&hlrm=en
– Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/l%C3%B6schen-und-verwalten-von-cookies-168dab11-0753-043d-7c16-ede5947fc64d
– Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
– Opera: https://help.opera.com/de/latest/web-preferences/#cookies
– Yandex: https://browser.yandex.com/help/personal-data-protection/cookies.html

You can find further objection options at the following links: https://www.youronlinechoices.eu/, https://youradchoices.ca/en/tools, https://optout.aboutads.info/?c=2&lang=EN and https://optout.networkadvertising.org/?c=1.

If you prevent cookies from being saved, this may impair the proper functioning of our online offering. If you delete all cookies, the above settings will also be lost and must be made again.

Furthermore, you can activate the “Do-Not-Track” function of your browser to signal that you do not wish to be tracked. Below we provide you with links for typical browsers where you can find further information on the “Do-Not-Track” setting:
– Firefox: https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen
– Chrome: https://support.google.com/chrome/answer/2790761?co=GENIE.Platform%3DDesktop&hl=de
– Internet Explorer / Edge: https://support.microsoft.com/de-de/windows/verwenden-von-do-not-track-in-internet-explorer-11-ad61fa73-d533-ce96-3f64-2aa3a332e792
– Opera: https://help.opera.com/de/latest/security-and-privacy/
– Safari no longer supports the “Do-Not-Track” function since February 2019. The following link can be used to prevent cross-site tracking in Safari: https://support.apple.com/de-de/guide/safari/sfri40732/12.0/mac
– Yandex: https://yandex.com/support/browser/personal-data-protection/ytp.html

Social media presences & links on social media platforms

Our website contains links to our profiles on various social media platforms. These platforms are operated by the following companies:

Facebook & Instagram – Meta Platforms Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
LinkedIn – LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland
TikTok – TikTok Technology Limited, 10 Earlsfort Terrace, Dublin, D02 T380, Ireland
YouTube – Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland

If you click on one of these links, you will be redirected to the respective social media profile. There is no direct data transfer to these platforms through our website. Only when you visit the social network do the respective data protection provisions of the platform apply.

We have no influence on which personal data is collected or processed by the respective platform. Further information can be found in the respective privacy policies of the providers:

Facebook & Instagram: https://www.facebook.com/privacy/policy
LinkedIn: https://www.linkedin.com/legal/privacy-policy
TikTok: https://www.tiktok.com/legal/page/eea/privacy-policy/en
YouTube: https://policies.google.com/privacy

Profiling (for the purposes of advertising, personalized information, etc.) may also occur in the context of the use of external services. Profiling can also take place across services and devices. Further information on the services used, the scope of data processing and the technologies and procedures used when using the respective services, as well as whether profiling takes place when using the respective services and, if applicable, information on the logic involved and the scope and intended effects of such processing for you can be found in the further information on the services, which you can find under the links provided above.

Fonts & Scripts

We use fonts and scripts from external services in order to be able to display our online offer to you and to always guarantee up-to-date fonts and scripts.

Google Fonts
Provider: In the European Economic Area (EEA) and Switzerland, Google services are provided by Google Ireland Limited, Ireland. Google Ireland Limited is a subsidiary of Google LLC, United States of America.
Website: https://fonts.google.com/
Further information & data protection: https://policies.google.com/?hl=de and https://business.safety.google/privacy/
The transfer of personal data to third countries depends on the respective Google service and is subject to the various EU standard contractual clauses, insofar as these are offered by Google. Further information on this and Google’s responsibility can be found at the following link: https://business.safety.google/gdpr/. You can view a copy of the EU standard contractual clauses there. The provider has signed up to the EU-US Data Privacy Framework ( https://www.dataprivacyframework.gov ), which guarantees compliance with an appropriate level of data protection on the basis of a decision by the European Commission.

Applications

If you apply to us, we will process your personal data in order to carry out the application process and make a decision on the establishment of an employment relationship. At the end of the application process, we restrict the processing of your personal data and delete or destroy it no later than 6 months after you have received the rejection or return the application documents to you and delete or destroy any copies, unless you have consented to us continuing to use your personal data.

If we have asked for your consent and you have given it, the legal basis for the processing is Art. 6 para. 1 lit. a GDPR. If we have not asked for your consent, the legal basis for the processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is the proper execution of the application procedure and, if necessary, the defense against claims due to the rejection of an application. If the processing is necessary for the decision on the establishment of an employment relationship, the legal basis for the processing is also Section 26 (1) sentence 1 BDSG.