(1) Below we provide information about the processing of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
(2) Responsible according to Art. 4 Abs. 7 GDPR are:
nutwork Handelsgesellschaft mbH
Burchardtstraße 8
20095 Hamburg
Fon: (+49) 040 - 656 88 555
E-Mail: info@fruitwork.de
Contact details of the external data protection representative:
Kerstin Lange
c/o Vater Solution GmbH
Boschstraße 5
24118 Kiel
E-Mail: KeLange@vater-gruppe.de
(3) When you contact us by e-mail, telephone or via the contact form, your e-mail address, your name and your message will be stored by us in order to answer your questions and/or complaint enquiries.
This information enables us to respond to your request comprehensively. The communication of the data provided by you in this context is expressly on a voluntary basis.
The personal data transmitted to us from your above-mentioned details as well as the time of contact are used exclusively for the purpose for which you provide them to us when contacting us - in particular the processing of your enquiry. The data will not be used for other purposes or passed on to third parties without your express consent. Excluded from this are - if necessary to fulfil your request - companies affiliated with us (see § 9 Joint controllers). If there are no statutory retention obligations, your personal data will be deleted after your enquiry has been processed.
This data is processed on the basis of Art. 6 Para. 1 lit. b) GDPR if your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of messages sent to us and responding to them in accordance with Art. 6 para. 1 lit. f) GDPR or on your consent in accordance with Art. 6 para. 1 lit. a) GDPR, if this has been requested.
The contact data will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed or a sales contract has been concluded). Mandatory statutory provisions - in particular retention periods - remain unaffected.
(1) You have the following rights against a party responsible with regard to your personal
data:
- Right of access,
- Right to rectification or erasure,
- Right to restriction of processing,
- Right to object to processing,
- Right to transferability of data.
(2) You also have the right to complain to a data protection authority about the processing of your personal data by us.
When using the website for information purposes, i.e. simply viewing it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and must therefore be processed by us. These are browser type and browser version, operating system used, referrer URL, host name of the accessing end device, time of the server enquiry and IP address. The storage period is 14 days. The legal basis is Art. 6 para. 1 lit. f) GDPR.
(1) If you have given your consent to the processing of your data, you can withdraw this consent from the party responsible at any time. Such a revocation affects the permissibility of the processing of your personal data after you have given it to us. The permissibility of the processing of your data up to the time of your revocation remains unaffected.
(2) Insofar as we base the processing of your personal data on the evaluation of interests, you can object to the processing. This is the case if, in particular, the processing is not necessary for the fulfilment of a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the event of your objection, we will examine the situation and will either discontinue or adapt the data processing or point out to you our compelling reasons worthy of protection on the basis of which we will continue the processing.
(1) We have various presences on social media platforms. These appearances are operated by the following providers:
Xing: Social Network; Service provider: New Work SE, Am Strandkai 1, 20457 Hamburg,
Germany;
Privacy policy: https://privacy.xing.com/en/privacy-policy
kununu: social network; service provider: New Work SE, Am Strandkai 1, 20457 Hamburg.
Germany
Privacy policy: https://privacy.xing.com/en/privacy-policy
LinkedIn: Social network; service provider: LinkedIn Ireland Unlimited Company, Wilton
Place, Dublin 2, Irland;
Privacy policy: https://www.linkedin.com/legal/privacy-policy
(Opt-Out) https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Data processing agreement: https://legal.linkedin.com/dpa
Standard contractual clauses: https://legal.linkedin.com/dpa
You can read about the internal processing of Page Insights at LinkedIn at
https://legal.linkedin.com/pages-joint-controller-addendum.
Members can exercise their data subject rights via their account settings or by contacting LinkedIn directly.
Data subject rights can be asserted with LinkedIn as well as with us, but the primary responsibility according to GDPR for the processing of Page Insights data lies with LinkedIn. We do not make any decisions regarding the processing of Page Insights data and all other information resulting from Art. 13 GDPR, including the legal basis, identity of the controller and storage duration of cookies on user end devices. LinkedIn fulfils all obligations under the GDPR with regard to the processing of Page Insights data.
LinkedIn agrees to take responsibility under the GDPR for the provision of Page Insights and will comply with all applicable obligations under the GDPR in relation to the processing of Page Insights (including, but not limited to, Articles 12-22 and Articles 32-34 of the GDPR). This means that LinkedIn will, among other things, ensure that members are informed about the data processed and will support members' rights of access and erasure. LinkedIn will decide at its own discretion how to fulfil its obligations under this addendum.
LinkedIn Ireland Unlimited Company processes personal data when you use LinkedIn. LinkedIn describes which (personal) data this is in detail, how, for what purposes and on what legal basis it is processed in its data policy https://www.linkedin.com/legal/privacy-policy
We process personal data ourselves via our LinkedIn account (see 2. below); at the same time, data processing by LinkedIn takes place (see 1. below). Within the meaning of Art. 26 GDPR, LinkedIn and our company are ‘joint controllers’ with regard to the processing of Page Insights.
1 Data processed by LinkedIn
When a member visits, follows or engages with the page, LinkedIn processes personal data in
order to provide page insights to the page operators. In particular, LinkedIn will process
data provided by the LinkedIn member, such as data on function, country, industry, position,
company size and employment status from the member's profile.
LinkedIn uses advertising cookies.
2 Data processed by us
The Page Insights data provided to us by LinkedIn is aggregated data. LinkedIn does not
provide us with any personal data of members in relation to Page Insights or enable us to
link Page Insights to individual members.
(2) We would like to point out that you use our presence on social media platforms and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. commenting, sharing, rating). When you visit our websites, the providers of the social media platforms collect, among other things, your IP address and other information that is stored on your device in the form of cookies. This information is used to provide us, as the operator of the accounts, with statistical information about the interaction with us.
(3) The data collected about you in this context will be processed by LinkedIn and may be transferred to countries outside the European Union, in particular the USA. An adequacy decision is in force between the EU and the USA, which confirms the permissibility of the data transfer. According to LinkedIn Corporation, it maintains an adequate level of data protection that corresponds to the former Privacy Shield. LinkedIn has certified itself in accordance with the EU-U.S. Data Privacy Framework.
For the transfer of personal data to LinkedIn servers in the USA as well as the storage and processing there, the EU standard data protection clauses have been concluded, which permit the transfer of personal data to the USA in individual cases.
(4) We do not know how the social media platforms use the data from your visit to our account and interaction with our posts for their own purposes, how long this data is stored and whether data is passed on to third parties. Data processing may differ depending on whether you are registered and logged in to the social network or whether you visit the site as a non-registered and/or non-logged-in user. When you access a post or the account, the IP address assigned to your end device is transmitted to the provider of the social media platform. If you are currently logged in as a user, a cookie on your device can be used to track your online behaviour. Buttons integrated into websites enable the platforms to record your visits to these websites and assign them to your respective profile. This data can be used to offer you customised content or advertising. If you want to avoid this, you should log out or deactivate the ‘stay logged in’ function, delete the cookies on your device and restart your browser.
(5) As the provider of the information service, we also only process the data from your use of our service that you provide to us and that requires interaction. For example, if you ask a question that we can only answer by email, we will store your information in accordance with the general principles of our data processing, which we describe in this privacy policy.
(6) To exercise your rights as a data subject, you can contact us or the provider of the social media platform. If one party is not responsible for responding or must receive the information from the other party, we or the provider will then forward your enquiry to the respective partner. Please contact the operator of the social media platform directly for questions about profiling and the processing of your data when using the website. If you have any questions about the processing of your interaction with us on our site, please write to the contact details provided by us above [see under § 1 (2)].
(7) What information the social media platform receives and how it is used is described by the providers in their data protection policies. There you will also find information about contact options and the settings options for adverts.
If we provide links to websites of other organisations, this privacy policy does not apply to the processing of personal data by that organisation. We therefore recommend that you read the data protection notices on the other websites you visit.
We use various external service providers who work exclusively on our behalf and in accordance with our instructions (order processing) to provide the service offered, e.g. the hosting of this website or the operation of our IT. These service providers have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.
In order to process your requests satisfactorily, we may have to pass on your personal data to third party recipients. Third-party recipients may be companies affiliated with us, our suppliers, transport and logistics partners.
We, nutwork Handelsgesellschaft mbH, fruitwork Handelsgesellschaft mbH and fruitwork Dienstleistungsgesellschaft Center GmbH, act as affiliated companies in some areas as joint controllers within the meaning of Art. 26 GDPR, e.g. when establishing employment relationships, carrying out accounting, invoicing, customer administration and operating the IT infrastructure.
According to Recital 48 S. 1 GDPR, we consider data processing within our group of companies and the management of a group-wide customer administration system to be our legitimate interest. Process economy reasons constitute our legitimate interest in the processing of personal data for internal administrative purposes, including the processing of personal data of customers. The centrally managed databases for customer administration purposes are intrinsic to our administrative purpose.
To guarantee your rights and taking into account the requirements of the EU General Data Protection Regulation (GDPR), we have concluded an agreement that sets out rules on the processing of your personal data. We have jointly agreed on how we will ensure your rights and have defined in more detail the obligations that each controller must fulfil to comply with the obligations of the GDPR. In particular, this also concerns the exercise of the rights of data subjects and the fulfilment of the information obligations under Art. 12 - 14 GDPR. The primary contact for data subjects is fruitwork Handelsgesellschaft mbH. However, you can also contact the company involved in the recruitment process with regard to the processing of your data and assert your rights.
We have mutually undertaken to comply with the technical and organisational measures required in each case in accordance with Art. 32 GDPR, insofar as this concerns the processing of personal data for which there is joint responsibility within the meaning of Art. 26 GDPR. Each participating company shall immediately inform the other company of any personal data breach. The companies will immediately provide each other with all information in connection with the data breach that is necessary to investigate the data breach and its consequences and to fulfil any reporting obligations pursuant to Art. 33, 34 GDPR. In the event that a reporting obligation exists, the companies will coordinate the further procedure and support each other in the fulfilment of the reporting obligations. If notification of the data subjects is required, the companies will work together and carry out a joint notification of the data subjects.
You have the opportunity to find out about job vacancies throughout the fruitwork group on our website under the ‘Careers’ tab. You can apply online via the fruitwork group's application portal.
We, nutwork Handelsgesellschaft mbH, fruitwork Handelsgesellschaft mbH and fruitwork Dienstleistungsgesellschaft Center GmbH act as joint controllers in the application process within the meaning of Art. 26 GDPR.
If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during job interviews, etc.) insofar as this is necessary for the decision on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 lit. b) GDPR (contract initiation) and - if you have given your consent - Art. 6 para. 1 lit. a) GDPR. Consent can be revoked at any time. If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Art. 6 para. 1 lit. b) GDPR for the purpose of implementing the employment relationship. Insofar as special categories of personal data within the meaning of Art. 9 GDPR are processed (e.g. health data), the legal basis is § 26 para. 3 BDSG or Art. 9 para. 2 lit. b) GDPR in conjunction with. Art. 6 para. 1 lit. b) GDPR. Finally, data processing can also take place on the basis of a so-called balancing of interests in accordance with Art. 6 para. 1 lit. f) GDPR.
According to Recital 48 S. 1 GDPR, we consider data processing within our group of companies and the management of a group-wide applicant management system to be our legitimate interest. Process economy reasons represent our legitimate interest in the processing of personal data for internal administrative purposes, including the processing of personal data of applicants. The centrally managed databases for applicant management purposes are intrinsic to our administrative purpose.
We use a specialised software provider for the application process. This provider has been commissioned to host, maintain and service the systems. We have concluded a contract with the provider to ensure that the data processing is carried out in an authorised manner.
Your personal data will initially be processed by the human resources department of fruitwork Handelsgesellschaft mbH. Suitable applications will be forwarded to the person responsible for hiring for the respective open position. The further process is then coordinated. In principle, only those persons have access to your data who need it for the proper course of our application procedure.
If we are unable to make you a job offer, you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6 para. 1 lit. f) GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. The retention serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a) GDPR) or if statutory retention obligations prevent deletion.
If we do not make you a job offer, you may have the opportunity to be included in our applicant pool. If you are accepted, all documents and information from your application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies. Inclusion in the applicant pool takes place exclusively on the basis of your express consent (Art. 6 para. 1 lit. a) GDPR). Giving consent is voluntary and is not related to the current application process. The data subject can withdraw their consent at any time. In this case, the data will be irrevocably deleted from the applicant pool, provided there are no legal grounds for retention.
The data is processed exclusively in data centres in the Federal Republic of Germany. If you have been accepted for a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system.
This data protection notice was last updated on 15 April 2025, but we would like to point out that it may be necessary to revise this data protection notice from time to time due to actual or legal changes.