1. Who we are
Montalbetti Partners GmbH is a retained executive search company in the financial and professional services sectors.
This policy applies to you if you are one of our clients, suppliers, candidates, applicants for a job with Montalbetti Partners, or a referee in respect of a candidate.
If you are only a visitor to our website, please see the section: “8. Information about the use of the website” below.
We protect your privacy and your private information. We collect, process, and use your personal data following the content of this Privacy Notice and the applicable European and German data protection regulations.
This Privacy Notice governs the extent to which we collect, process, and use personal information about you. We, therefore, ask you to read the following instructions carefully.
2. Controller’s Name and Contact Details
The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (GDPR) is:
3. Collection and Storage of Personal Data, Categories and Purpose of Processing
What personal data do we collect about you?
We collect the necessary information to provide our executive search and leadership advisory services.
Candidates/Applicants: Personal Data, includes CV’s, identification documents, educational records, work history, employment, and references. We may also collect sensitive personal data. We only collect sensitive personal data, and process this data, if you have given explicit consent.
Clients & Suppliers: Personal Data, Contact Data, Financial Data and Services Data when we correspond with our clients about our services.
Where do we collect personal data?
The following are the various sources we may collect personal data about you:
- Directly from you. This is information you provide while searching for a new opportunity and during the different recruitment stages.
- From an agent/third party acting on your behalf. e.g. external researchers, Interim Management companies, and data providers such as Loxo Source, Contact Out etc…
- Through publicly available sources such as LinkedIn, Xing, Viadeo, and RocketReach.
- Company Websites
How and why do we use personal data?
We use candidates’ data to match their skills, experience, and education with potential employers. We initially collect basic information on candidates such as contact details, job roles and experience when we conduct our talent mapping exercises to help our clients understand the current market and to find potential candidates for our clients. If a candidate is longlisted and goes through to the next stages, we will collect more information at the interview (or equivalent) stage and onwards in that manner.
Furthermore, we may use your Personal Information to provide you with our newsletter, email notifications and other communications by email.
What legal basis do we have for using this information?
For candidates, interim managers, referees and clients, our processing is necessary for our legitimate interests. We need the information to assess suitability for potential roles, find potential candidates and contact clients and referees, develop our services and grow our business.
The legal basis for collecting the relevant data is the consent of the candidates (Art. 6 (1) sentence 1 lit. a) GDPR).
Such consent will be given by providing the data mentioned above by email or by your consent. The data will be provided voluntarily. The more information will be provided, the better the evaluation of aptitude with job positions of clients and the subsequent placement of candidates. To evaluate a candidate’s professional profile, it may also be required to collect further information about the candidate through assessments (Hogan and MSA Profil). Then this may involve processing more detailed personal data, including sensitive data. In that case, we always ask for consent before undertaking such processing.
For clients, we may also rely on our processing being necessary to perform our services.
How long do we keep personal data?
By submitting your candidate information and consent, you agree that we will retain your data for five years without contact.
The same period – 5 years without contact – applies to clients and suppliers.
This storage takes place in the legitimate interest of a long-term cooperation, which goes beyond a particular assignment, placement, or assessment.
You can withdraw your consent at any time using the contact details provided.
4. Share of Data
Who do we share personal data with?
Initially, the data will be processed within the Montalbetti Partners only. We use third-party providers to help us administer certain activities and services. We use Microsoft, SharePoint, OneDrive and Loxo.co to store data.
However, depending on how and where the Services need to be performed, candidate’s personal data may be shared with clients, selected external partners who are processing assessments, and other providers such as travel agencies etc…
To conduct mapping or research exercises on behalf of our clients to enable them to understand the market, we may share some basic information about the potential candidates, such as first name, last name, current employer and current position, and some basic information about education and work history. The information disclosed will be limited to what is necessary for this purpose.
A transfer of personal data (candidate’s CV and contact details) to clients occurs only if a candidate is suitable for a position with a client or matches the client’s job specifications, and we have the candidate’s consent. In this case, clients will receive a confidential report on the candidate. The confidential report provides all the client’s relevant information about the candidate to assess whether the candidate is suitable for a position.
Passing on data to clients is compulsory for successful placements. The legal basis for the transfer is the consent of the candidate (Art. 6 (1) sentence 1 lit. a) GDPR) and in our legitimate interest (Art. 6 (1) sentence 1 lit. f) GDPR).
It is expressly stated that it may be possible that database servers of clients to whom candidate information is being sent are in third countries outside the European Economic Area (EEA), where the EU Commission has confirmed no adequate level of data protection. By consent to the data transmission, the candidate expressly agrees that the relevant candidate information may also be disclosed to such recipients.
The legal basis for this is the consent of the candidates (Art. 6 (1) sentence 1 lit. a) GDPR) and the performance of contractual obligations (Art. 6 (1) sentence 1 lit. b) GDPR).
5. Rights of Candidates/Clients
You have the right of:
- Access to information about your data processed by us (Art. 15 GDPR);
• Rectification of inaccurate or completion of your data stored with us (Art. 16 GDPR);
• Erasure of personal data stored with us, as far as the data is no more necessary for processing and there are no precluding legal regulations (Art. 17 GDPR);
• Restriction of the processing of your data (Art. 18 GDPR);
• Making available data provided or transmission to another controller (Art. 20 GDPR);
• Withdrawal of your consent (Art. 7 (3) GDPR); and
• Complaining with the competent supervisory authority (Art. 77 GDPR).
We are available for corresponding requests or messages at the contact details provided.
Information concerning your requests or messages is transmitted by email. Should you provide information via email, the specified email address (both sender and recipient) will not be used for any purpose other than providing information and its documentation.
6. Right to Object
If the processing of your personal data is based on legitimate interests following Art. 6 (1) sentence 1 lit. f) GDPR you have the right to object to processing your personal data in accordance with Art. 21 GDPR, provided there are reasons relating to your situation. When exercising your right of objection, we kindly ask you to explain the reasons why we should not process your personal data. If your complaint is justified, we will no longer process your personal data, adjust the data processing, or inform you about compelling legitimate reasons why we continue the processing.
7. Right to Erasure
We will delete your personal data as soon as the data is no longer necessary for the respective purpose. Personal data may be kept for the time during which claims may be asserted against us (for example statutory limitation period of three or thirty years). Furthermore, we are required by law to store certain data due to the duties of proof and retention, inter alia with respect to the German Commercial Code, the German Tax Code, or the Money Laundering Act. The storage period can be up to ten years. If we are not obliged to retain personal data and the data is no longer required to safeguard or defend against claims, the data will be deleted immediately, unless you consented to further storage according to Art. 6 (1) sentence 1 lit. a) GDPR.
8. Information about the use of the website
Each time you access one page of our website and each time a file is accessed, access data about that process is stored in a log file on the server.
This access data includes the following information:
- Date and time of the request
- Greenwich mean time (GMT)
- Location (Country, City)
- Page content of the request
- Access status / HTTP status code
- Amount of data transmitted
- Website that receives the request
- Operating system and its interface
- Language and version of the browser software
- IP address
The IP address of your computer is stored only for the time of your use of the website and is deleted or anonymized immediately after your browser is closed.
We collect the data above because this is technically necessary for you to be able to view our website and to ensure the stability and security of the website. The legal basis for this is Article 6(1)(f) GDPR (legitimate interest, specifically the needs-oriented design of the website).
We use Google Analytics, a web analytics service by Google Inc. (“Google”). Google Analytics uses small text files (“cookies”) on your device to allow us to analyze visitor behavior with a pseudonym. Information about your visitor behavior stored in cookies is transferred to web servers of Google in the USA and will be stored there. For this website, the function anonymize IP has been activated – therefore Google will anonymize your IP address on Google servers within the EU or the EEC prior to the transfer of data to the USA. In rare cases full IP addresses may be transferred to the USA and will then be anonymized there.
Google will use the information transferred as a Processor (GDPR Article 28) to analyze your visitor behavior, provide web activity reports, and to provide services in relation to website use.
You can opt-out of Google Analytics here
You may prevent the storage of cookies (including your IP address) by using appropriate settings in your browser and object to further processing by installing a browser plugin. Alternatively, you may store an opt-out cookie on your device to prevent future analysis of your visitor behaviour. However, if you choose to block or delete cookies, this may affect the functionality of the website.
We only collect “session” cookies, which are not usually stored after your browsing session has ended. These are used to establish your approximate location and to serve up the website in the appropriate country and local language. (IP address collection happens during this process.)
You may delete and block all cookies, or just certain types of cookies, via your browser settings. However, if you choose to block or delete cookies, this may affect the functionality of the website.
You can configure your browser settings according to your wishes and reject all cookies. Non-acceptance of cookies may limit the functionality of our website.
Social media plug-ins
We currently use the following social media plug-ins on our website: Google+, Twitter, Xing, LinkedIn.
We use the so-called two-click solution. This means that, by visiting our website, no personal data is initially passed on to providers of such plug-ins.
The provider of the plug-in can be identified on our website by the corresponding logo. Via the respective button, we provide the opportunity to communicate directly with the provider of the plug-in. The plug-in provider only receives the information that you have accessed its website through our online service if you click on the designated field and activate it. Furthermore, the information according to no. 1.1 and 3 of this policy will be transmitted.
According to the information of the provider when using the Xing plug-in, the IP address will be anonymized immediately after collection.
Please note that by activating of the plug-in personal data about you will be transferred to and stored by the respective plug-in provider (in the case of US providers in the USA). Data collection is done by plug-in providers via cookies. So, we recommend deleting all cookies on the security settings of your browser before clicking on the button.
We have no influence on the collected data and the data processing operations. We are also not aware of the full scope of the data collection, the purpose of the processing and the storage periods. In addition, we have no information on the deletion of the data collected by the plug-in provider.
The respective plug-in provider stores the data collected about you in profiles and uses them for marketing, market research and/or tailored design of its website. Such an evaluation is carried out (also for non-logged-in users) for the presentation of tailor-made advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of such user profiles. To exercise, you need to contact the respective plug-in provider. The plug-ins allow us to interact with social networks and other users so that we can improve our offer and make it more interesting for you. The legal basis for the use of the plug-ins is Art. 6 (1) sentence 1 lit. f) GDPR.
A transfer of data takes place regardless of whether you have an account with the plug-in provider and are logged in. However, if you are logged in to the plug-in provider, your data collected from us will be assigned directly to your user account. If you activate the social media button and, for example, link the page, the plug-in provider also stores this information in your user account and shares it publicly with your contacts. For this reason, we recommend logging out regularly after using a social network, but especially before activating a button, as this will prevent you from being assigned to your profile with the plug-in provider.
For more information on the purpose and scope of the data collection and its processing by the plug-in provider, please refer to the privacy statements of the relevant provider, which are provided below. You will also get further information about your rights and settings options to protect your privacy.
Addresses of respective plug-in providers und URL with privacy policies:
Xing AG, Gänsemarkt 43, 20354 Hamburg, DE
Our website may include YouTube videos stored on the website: http://www.YouTube.com, which are directly playable from our website. These are all embedded in “enhanced privacy mode”, which means that if you do not play the video, you will not transfer any data about you as a user to YouTube. Only when you play videos, the data mentioned in paragraph 2 will be transmitted. We have no influence on this data transfer.
By visiting the website, YouTube receives the information that you have accessed the corresponding subpage of our website. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or customization of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right of objection to the formation of these user profiles. However, you must contact YouTube to exercise.
We take all appropriate technical and organizational security measures to protect your data from manipulation, loss, destruction, or unauthorized access by third parties. Our systems are secured against unauthorized access. Your personal data is encrypted with us. We use the coding system SSL (Secure Socket Layer).
We expressly point out that despite all the technical precautions, the Internet does not permit absolute data security. We are not li
Last update: October 2022