Under this privacy notice (hereinafter the “Notice”), 360 Treasury Systems AG (hereinafter “360T” “We” or “Us”) informs you how We process your personal data when you apply to an open position with Us. Your personal data means any information relating to you (hereinafter the “Personal Data”), such as name or contact details. We pay special attention on the processing of Personal Data in accordance with the General Data Protection Regulation EU 2016/679 (“GDPR”) and applicable national data protection laws.
Controller
360 Treasury Systems AG acts as controller for the operation of this careers website and the initial recruitment process. Where your application is shared with a group company, that company becomes a controller for its own recruitment decisions.
Our identity and contact details
360 Treasury Systems AG
Grüneburgweg 16-18
60322 Frankfurt am Main
Germany
Phone: +49 69 900 289 0
eMail: [email protected]
You can reach the data protection officer via the above address or via email [email protected].
Data We collect
We process the following categories of your Personal Data for the following purposes:
Identifiers: To be able to identify you as a candidate, maintain accurate records and communicate with you about your application, interviews, and next steps, We process your identification details, such as name and contact information (email, phone, address) that you provide Us when applying for an offering in our careers website.
Application details: Your CV, along with additional application details, such as cover letter, training courses, work history, professional qualifications, and education information, is required to assess your qualifications, experience, and suitability for the role.
Banking details: If necessary for the reimbursement of travel expenses during the hiring process,
We will process the banking details you provide.
Interview notes and assessment results: To ensure transparency and fairness throughout the hiring process, We document decision-making steps, which may include Personal Data such as interview notes.
Lawful basis for our processing of your Personal Data
We process Personal Data in accordance with the provisions of the European General Data Protection Regulation (EU GDPR).
We process your Personal Data where necessary to take steps, at your request, prior to entering an employment contract (Art. 6(1)(b) GDPR), and, additionally, based on our legitimate interest (Art. 6(1)(f) GDPR) in managing the recruitment process, assessing your suitability for the role, and communicating with you.
Sometimes, We process your data because We have a legal obligation (Art. 6(1)(c) GDPR), for example, to comply with tax or accounting requirements when reimbursing expenses or to establish, exercise or defend against legal claims.
In very specific cases, where We need to process special categories of data (such as health information in the context of the recruiting process, where the candidate requires assistance and provides this information to Us on a voluntary basis) or keep your details for future opportunities, We will ask for your explicit consent (Art. 6(1)(a) GDPR), which you can withdraw at any time without it affecting your application.
Automated decision making
Our recruitment website is operated by Personio SE & Co. KG. Personio uses automated data extraction and rule‑based checks to support recruitment and application processing. Certain mandatory criteria may initially trigger an automated flag or recommendation for rejection; however, no decision is made solely on that basis. All such outcomes are reviewed and confirmed by a human, ensuring the process remains fair, transparent, and compliant with data‑protection requirements.
Retention period
Your Personal Data will be stored securely and retained only for as long as necessary to fulfil the purposes outlined in this Notice or as otherwise required by applicable law.
If you accept an offer of employment at 360T, the Personal Data collected during the recruitment process will become part of your employee record and will be managed in accordance with the 360T internal policies. If your application is unsuccessful, We will retain your data for the duration of the recruitment process and for some time afterwards to document our decision and to exercise, establish, or defend against legal claims, in accordance with applicable laws.
Where permitted by law and with your consent, We may keep your data to consider you for future opportunities within 360T. We will retain your data only for the period to which you’ve consented.
Who We share your Data with
Access to your Personal Data is limited to employees involved in the recruitment and hiring process on a need-to-know basis, including HR personnel, recruiters and hiring managers. We may also engage third-party service providers, such as IT service providers, who will process data on our behalf for specific purposes.
All third-party service providers are contractually required to implement appropriate security measures to protect your Personal Data, in line with our policies and applicable data protection obligations. They are not permitted to process your Personal Data for their own purposes. We only authorize them to process your Data for clearly defined purposes and in accordance with our instructions.
International data transfers
As part of being a global group of companies, We may transfer and process your Personal Data in countries where our affiliated entities operate. These transfers are necessary to manage recruitment activities and consider you for opportunities across our group. Some of those countries may not have the same data protection laws as the EU or provide the same level of protection to your Personal Data; however, 360T takes data protection and your privacy rights very seriously. As such, We seek to meet best practice standards for data protection and security across the group.
Your data will only be transferred to countries which are deemed to be ‘adequate’ by the European Commission or where 360T has taken additional measures, such as implementing specific contracts approved by the European Commission, commonly known as the “Standard Contractual Clauses” or “SCCs”, to ensure an adequate level of protection for such transfers.
We will only transfer your data to third countries when strictly necessary for the purpose for which the data was collected and in full compliance with GDPR Chapter 5 on “Transfers of Personal Data to third countries or international organisations.”
Your rights
Every data subject has a right of access, right to rectification, right to erasure, right to restriction of processing, right to object, and right to data portability. Certain rights may be subject to restrictions under local laws and/or lawful basis. Data subjects also have the right to lodge a complaint with a supervisory authority.
You can request that your information is updated, corrected or deleted by sending an e-mail to [email protected].
Where our processing of your Personal Data is based on your consent, you have the right to revoke your consent at any time. Please be advised that the revocation will only take effect in the future. Any processing that was carried out prior to the revocation shall not be affected thereby.
Supplementary information for U.S candidates
If you are based in the United States, please note that U.S. privacy laws differ from the EU GDPR. While there is no single federal data protection law equivalent to GDPR, We apply similar principles of transparency, security, and fairness to protect your Personal Data.
If you reside in a state that provides specific privacy rights (such as California under the CCPA/CPRA), you may have additional rights regarding your Personal Data. Please refer to the points of contact given at the start of this document to learn more, or to exercise any applicable rights.
Use of Personio
Personio SE & Co. KG provides a human resources and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application is transferred using TLS encryption and stored in a secure database.
The controller of the Data processed in this website, within the meaning of Article 24 GDPR, is 360T. Personio’s role is limited to operating the software and this recruitment website and, in this context, acts as a processor in accordance with Article 28 GDPR. The processing carried out by Personio is based on a data processing agreement between the controller and Personio.
Additionally, Personio processes data, some of which may include Personal Data, to provide its services, particularly for operating this recruitment website, as described in more detail below.
Access logs (“server logs”)
Each visit to this recruitment website automatically generates general protocol data, known as server logs. As a rule, this data is pseudonymized and does not allow conclusions about an individual’s identity. Without this data, it would, in some cases, be technically impossible to deliver or display the content of the website. Furthermore, processing this data is essential for security purposes, particularly for access, input, transfer, and storage control. This pseudonymized information may also be used for statistical analysis and to optimize our services and technology.
In addition, the log files can be checked and analysed retrospectively when unlawful use of the software is suspected. The lawful basis for this processing is Art. 6(1)(f) GDPR, reflecting our legitimate interest in maintaining IT security, detecting misuse, and ensuring the integrity of our services. The data processed for these purposes typically includes the IP address, browser type and version, operating system used, the domain or resource requested, and the timestamp of access. This log data is limited to what is technically necessary for the operation and security of the service and does not exceed what is standard for typical web server logs.
Access logs are retained for a maximum of 7 days and are automatically deleted thereafter, unless a security‑relevant incident requires longer temporary retention.
Error logs
So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure We can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is pseudonymized and thus does not allow for conclusions about an individual’s identity. The lawful basis for this processing is Art. 6(1)(f) GDPR (legitimate interest in maintaining and improving the technical operation and security of the service). When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days.
Use of cookies
So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, We generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analysing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is essential for providing our services and thus for the performance of the contract (article 6(1)(b) GDPR). Such data is stored for up to 1 month or until the end of the browser session. You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.
Changes to this Notice
We may update this Notice from time to time to reflect changes in legal, regulatory, or operational requirements; our practices; and other factors. Please check back periodically for updates.