Consent to the use of WhatsApp

If the applicant wishes to send their application via WhatsApp and carry out the application process via WhatsApp, the applicant consents to participation in messenger communication and the use of the WhatsApp service in accordance with Art. 6 para. 1 lit. a GDPR. We would like to point out that the provider cannot influence the handling of user data and its processing by the WhatsApp service.

The details of data processing by WhatsApp can be found in the WhatsApp privacy policy at the following link: WhatsApp Privacy Policy

We would also like to point out that data processing by WhatsApp is associated with security risks. The USA currently (as of 11/12/2013) has sufficient security guarantees to exchange personal data with the European Union. However, this does not include HR data on the basis of the Transfer Privacy Framework. Therefore, the EU standard contractual clauses apply. We are unable to assess the extent to which the TIA (Transfer Impact Assessment) has been successfully carried out by WhatsApp. In particular, there is a risk that your data may be processed by US authorities for monitoring and surveillance purposes without you being informed about this data processing and without you having the possibility of a legal remedy against this data processing.

Applicants can revoke the consent expressly granted above at any time with effect for the future by sending us a message via WhatsApp or a message to our other contact details, which can be found in our website Legal Notice (Imprint). The legality of the processing carried out on the basis of the consent until the revocation is not affected by the revocation.

Even if rexx systems does not transmit any data to WhatsApp via the WhatsApp Business API, the applicants send their data to WhatsApp. This is a US-American service provider. Due to the current ECJ case law (so-called Schrems II judgement), data protection-compliant transmission is currently possible on the basis of the EU standard contractual clauses. According to WhatsApp, communication via WhatsApp itself is end-to-end encrypted. This means that only the parties involved in the communication can read the messages. WhatsApp only receives the information that a communication is taking place (so-called metadata). However, as the applicants use their own private WhatsApp profile, the metadata is transmitted to WhatsApp and stored on US servers. It is not clear whether and, if so, to what extent WhatsApp uses the data for its own purposes or passes it on to third parties. It is therefore advisable to exchange particularly sensitive information via an alternative channel. Your communication via the WhatsApp Business API is also end-to-end encrypted. In addition, a corresponding order processing contract has been concluded with the WhatsApp Business API provider, which contractually guarantees data security through suitable technical and organisational measures. The metadata generated by the company is stored exclusively on the servers of the hosting partner of rexx systems (in SaaS mode) in Germany and is not transferred to WhatsApp.