RADIOLOGY WORKFLOW SOLUTIONS  

Privacy statement

Data Protection Information for Visitors to Our Website

Data Protection Information according to Art. 13 and 14 GDPR for Customers and Suppliers

Data Protection Information according to Art. 13 GDPR for Applicants

Data Protection Information for Visitors to Our Website

Thank you for visiting our website and for your interest in our company and our services. We respect your privacy and ensure the protection of your personal data by processing your personal data in accordance with the contents of these data protection regulations and the applicable data protection laws.

You can visit our website without telling us who you are. In order to be able to display our websites, you are only obliged to provide the data transmitted by your browser to our server (see “Logfiles”). Further personal data will only be stored if you voluntarily enter it on the website or use corresponding functions, e.g. when entering it via our contact forms or registering for our newsletter.

In the following you will find our data protection regulations for visitors to our website:

 

Newsletter and Contact

If you subscribe to our electronic newsletter, you consent to the storage of your name and e-mail address for the purpose of sending the newsletter (Art. 6 Par. 1 p. 1 lit. a GDPR). This data will not be passed on to third parties. You can revoke your newsletter consent for the future and thus terminate your newsletter subscription at any time (note in the newsletter).

If you have consented to this (Art. 6 Par. 1 p. 1 lit. a GDPR), we determine whether you have opened the newsletter, which topics of the newsletter you have clicked on and which downloads you have made. The evaluation of your newsletter user behavior enables us to send you targeted information about your interests in the future. We store this information until consent is revoked.

You can enter your personal data on our website to contact us. Only the data marked with an asterisk are mandatory.  Providing further data may be helpful for the processing of your request, but it is not mandatory (voluntary data). With your consent, these data are used and stored exclusively for the purpose of processing your message (Art. 6 Par. 1 p. 1 lit. a GDPR). A use for other purposes or a passing on to third parties does not take place, unless you agree expressly (consent).

Cookies

Cookies are very small text files used by internet pages, which your browser stores on your device and which can provide us or a third party with certain information.

Transient cookies are automatically deleted when you close your browser. This includes in particular the session cookies. These store a so-called session ID, with which different requests of your browser can be assigned to the common session. This will allow your device to be recognized when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies are automatically deleted after a specified period, which may vary depending on the cookie. In contrast to transient cookies, deletion does not occur automatically when the browser is closed. You can delete cookies at any time in the security settings of your browser.

We process cookies that are absolutely necessary to provide a service expressly requested by the user (“necessary cookies”) within the scope of our legitimate interest in providing and operating the website on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR and §25 Para. 2 TTDSG.

Information on cookies that are set when you visit our website and which are necessary for the technical operation of the website, can be found in our cookie banner under the category “Essential”.

There is a storage of or access to further information on your terminal device, which is not absolutely necessary to provide a service explicitly requested by the user. The storage or access is only carried out if you give your consent (Art. 6 para. 1 p. 1 lit. a GDPR and §25 para. 1 TTDSG). Details on the type of information, purpose of processing, storage period of the information as well as on possible recipients of the data are provided in the further course of this data protection declaration.

You can set your browser so that it generally does not accept cookies or only certain cookies are stored or not stored. You can find more information on this in the help system of your browser. If your browser rejects all cookies, it is possible that not all functions of this website can be used.

Change cookie preferences

Fan Pages

In order to provide customers, partners or otherwise interested parties with up-to-date information and to get in contact with them, we operate so-called “fan pages” on the following social networks in addition to our own website: Facebook, Twitter, LinkedIn, XING, Vimeo, Youtube.

The data processing is carried out by the provider of the social media platform. Data processing outside the European Union cannot be excluded. The provider of the platform may provide us with aggregated usage data, but we do not have access to personal data if you only visit the fan page.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. In the case of consent in the form of an opt-in (“check mark”, “activate button”) or any other form of obtaining consent, the legal basis is Art. 6 para. 1 lit. a GDPR. Consent may be revoked at any time without giving reasons to the person to whom it was given, with effect for the future.

Since data processing is carried out by the provider of the platform, we recommend that you contact the respective provider of the platform for your rights to information, correction, deletion, data portability and objection concerning your visit to our fan page. Of course, we will support you in exercising your rights if necessary.

In addition, cookies may be set on your end device. For the purposes and legal basis for the use of cookies, please refer to “Cookies” in this privacy policy or to the privacy policy of the platform provider.

Further information can be found under the following links:

 

Log files

​Each time you access our site, we collect the following information about your computer: the IP address of your computer, the request from your browser and the time of this request. In addition, the status and the amount of data transferred are recorded within the scope of this request, as well as product and version information about the browser used and the operating system of your computer. We also record the website from which our page was accessed. The IP address of your computer is only stored for the duration of your use of the website and is then immediately deleted or made anonymous by shortening it. The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate errors on the website, to determine the utilization of the website and to make adjustments or improvements (legal basis: Art. 6 para. 1 sentence 1 f GDPR).

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).

We use Google Analytics to analyze and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is your consent in accordance with Art. 6 para. 1 p. 1 lit. a GDPR.

Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how you use the site. Information on the cookies used in the context of the use of Google Analytics can be found in our cookie banner under the category “Statistics”.

Data such as page views and clicks, internal search queries, downloads, interactions with videos, technical settings in the browser and terminal device (as under “log files”) and your IP address are recorded. IP addresses are only processed in abbreviated form in order to exclude direct personal references.

On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other data from Google.

You can revoke your consent for the processing of personal data using Google Analytics at any time. You may also refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) to Google and the processing of this data by Google by downloading and installing the browser plugin available at the following link https://tools.google.com/dlpage/gaoptout?hl=en or alternatively by clicking on the following link to withdraw your consent (opt-out cookie).

Disable Google Analytics via opt-out cookie

Further information on data use by Google, setting and revocation options can be found on the Google website: https://support.google.com/analytics/answer/6004245?hl=de&ref_topic=2919631.

If data is transferred to google, LLC (USA), this is done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.

Facebook Pixel

With your consent, if any, given when you visit our website (Art. 6 (1) p. 1 lit. a GDPR), we use the visitor action pixel (“Facebook Pixel”) from Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The following cookies are set by Facebook: Information on the designation, purposes and storage period of the cookies can be found in the cookie notice window “Marketing” when you call up our website.

The information generated by these cookies about the use of the online offer is transmitted to a server of Meta Ireland and stored there.

The collected data can only be evaluated in aggregated form by us as the operator of this website, which means that no conclusions can be drawn about individual user identities. However, the data stored and processed by Meta can theoretically be linked by Meta to individual user profiles, especially if you are logged into the platform. Facebook uses this data for advertising purposes, according to the Meta Data Policy (https://www.facebook.com/about/privacy/). In doing so, Meta can identify users across numerous websites. Data collected with the pixel on our site is deleted or anonymized within 90 days.

We use the pixel for two purposes: on the one hand, to display ads placed within Facebook and its partner websites only to users who have shown an interest in our online offering or have certain characteristics (e.g. interests in certain topics or pages on Facebook). The “Custom Audiences” remarketing function is also used for this purpose. In this case, when the user visits the website, the pixel transmits to the Meta servers that the user has visited the website and Meta associates this information with the personal Facebook user account (if any). On the other hand, to be able to measure the success of Facebook ads by determining the behavior of users on this website after clicking on such ads.

You can deactivate “Custom Audiences” at https://de-de.facebook.com/help/568137493302217/?helpref=uf_share via the aforementioned options for revoking consent to cookies. To do this, however, you must be logged in as a user on Facebook.
If data is transferred to Meta Platforms, Inc. (USA), this will be done on the basis of the EU Commission’s adequacy decision on the EU-U.S. Data Privacy Framework.

LinkedIn Insight Tag

With your consent, this website uses the LinkedIn Insight Tag, an application of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. The LinkedIn Insight Tag cookies collect the following data: IP address, device and browser properties, URL and referrer URL. We have no influence on data processing at LinkedIn. If you are logged in to LinkedIn with a user account, LinkedIn can associate your user behavior with your user account. If applicable, LinkedIn stores your data as a usage profile and may use it for advertising purposes. For more information on the purpose and scope of data collection and its processing by LinkedIn, please refer to LinkedIn’s privacy policy (https://www.linkedin.com/legal/privacy-policy). We use LinkedIn Insight Tags to analyze and regularly improve the use of our website. LinkedIn provides us with non-personal aggregated reports about our website’s audience and ad performance. The statistics obtained allow us to improve our offer and make it more interesting for you as a user. The legal basis for the use of LinkedIn Insight Tags is your consent according to Art. 6 para. 1 p. 1 lit. a GDPR.

Third-party embedded content (e.g. Google Maps, YouTube, etc.)

If content from third parties such as Google Maps or YouTube is displayed on our websites, the transfer of your IP address and the content displayed under “Logfiles” to the third party provider is required for the provision of this content and the display in your browser. This serves for an attractive presentation of our website. The legal basis of the processing is Art. 6 para. 1 sentence 1 lit. f GDPR. We have no influence on data processing at the third party provider. If you are logged in to the third party with a user account, the third party may associate your user behavior with your user account. If necessary, the third party provider stores your data as user profiles and uses them for the purposes of advertising, market research and/or the design of its website in line with requirements. You must address any rights of objection against the creation of these user profiles to the third party provider.

For more information about the purpose and scope of data collection and its processing by the third party provider, please refer to their privacy policy. There you will also find further information about your rights and setting options to protect your privacy:

Participation in webinars and virtual events (e.g. virtual customer day).
To participate in virtual events, such as the virtual customer day, registration is required. To do this, you must enter the data marked as mandatory. Providing your address data is voluntary. If you provide your address data, we will process it in order to be able to send you a surprise.After registration you will receive an e-mail with your link to confirm your registration and to activate your participation. After successful registration, you can log in to our platform with your e-mail address and the password you assigned during registration and compile your personal agenda. The processing of your data is based on your voluntary consent, which can be revoked with effect for the future, pursuant to Art. 6 para. 1 p. 1 lit. a GDPR.be, etc.)

To provide the technical infrastructure, we use the service providers EXPO-IP GmbH, Robert-Bosch-Str. 7, 64293 Darmstadt, Germany, and LogMeIn Ireland Ltd, 10 Hanover Quay, D02R573, Dublin 2, Ireland, in the form of GoToWebinar. In the context of the use of LogMeIn, it cannot be ruled out that personal data, in particular log files, login data or communication data, will be transmitted to subcontractors outside the EU/EEA, in particular the USA. An adequate level of data protection in accordance with the requirements of the GDPR cannot be guaranteed here. In particular, it cannot be ruled out that authorities of the third country access this data. By participating in the virtual event, you consent to the transfer of data to entities outside the EU/ EEA under the aforementioned conditions pursuant to Art. 49 (1) sentence 1 lit. a GDPR. The consent is voluntary and can be revoked at any time with effect for the future. If you do not give your consent, participation in the event is not possible.

As part of your participation in the virtual event, you can get in touch with our employees as well as with other participants via video and audio chat. The service provider Yotribe GmbH, Kommandantenstraße 77, 10117 Berlin, Germany is used for this purpose. To use the service, you only need to enter a name and a profile picture. The data is visible to all participants in the chat. The name is only stored encrypted by the service provider, therefore it is not possible to connect the profile pictures with a name. Image and sound as well as chat messages are not stored or processed.

Withdrawal of consent and objection to data processing

If you have given us your consent, you can withdraw it at any time with effect for the future.

If we base the processing of your personal data on balancing interests, you may object to the processing. When exercising such objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the facts of the case and either stop or adapt the data processing or show you our compelling reasons for continuing the processing that are worthy of protection.

You can object to the processing of your personal data for purposes of advertising and data analysis at any time.

You can send us your revocation or objection under the contact details under “Responsible”.

Your rights

You have the following rights towards us regarding personal data concerning you:

  • Right to access
  • Right to rectification or erasure
  • Right to restriction of processing
  • Right of object
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about our processing of your personal data.

Controller

medavis GmbH, Bannwaldallee 60, D – 76185 Karlsruhe, Germany, Phone: +49 721 92910-0, Fax: +49 721 92910-99, Mail: info@medavis.com

Data protection officer: Mail: datenschutzanfragen@xdsb.de or to our postal address adding  “the data protection officer”

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, E-mail: info@xdsb.de

 

Data Protection Information according to Art. 13 and 14 GDPR for Customers and Suppliers

With the following information, we would like to give you an overview of the personal data we process and inform you of your rights under data protection laws.

Person responsible for data processing and contact details of the data protection officer

medavis GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany Phone.: +49 721 92910-0, Fax: +49 721 92910-99, Mail: info@medavis.com

Data protection officer: Mail: datenschutzanfragen@xdsb.de or at our postal address with the addition “the data protection officer”.

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, E-Mail: info@xdsb.de

What are the sources of personal data?

We process personal data that we have obtained from business relationships (such as with customers or suppliers) or from inquiries to our company. As a rule, we receive this data directly from the contractual partner or an inquiring person. However, personal data may also originate from public sources (e.g. commercial register), provided that the processing of such data is permitted. Data may also have been legitimately transmitted to us by other companies. Depending on the individual case, we also store our own information on this data (e.g. as part of an ongoing business relationship).

Depending on the individual case, this may be master data (e.g. name, address), contact data (e.g. telephone number, e-mail address), contract and billing data for the fulfillment of our contractual obligations or necessary data for the processing of an inquiry, possibly also creditworthiness data, advertising and sales data and other data from comparable categories.

For what purposes and on what legal basis is the personal data processed?

We process personal data in compliance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the performance of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b GDPR). We process personal data primarily for the fulfillment of contractual obligations and the provision of related services or in the context of a corresponding contract initiation (e.g. contract negotiations, preparation of offers). The specific purposes here depend on the respective service or product to which the business relationship or contract initiation relates.

b.) In the context of the fulfillment of a legal obligation (Art. 6 para. 1 p. 1 lit. c GDPR). In many situations, we are required by law to collect certain personal data from you and to forward it or make it available to certain – usually public – bodies.
For example, we provide the tax authorities with the personal data required for this purpose in accordance with the relevant legal requirements for the purpose of calculating taxes.

c.) In the context of the balancing of interests (Art. 6 para. 1 p. 1 lit. f GDPR). We also collect and process personal data to safeguard legitimate interests in the following situations:

  • Processing general inquiries about our products and services
  • Checking creditworthiness via appropriate credit agencies to assess a risk of default in business relationships
  • Advertising or market research
  • Video surveillance in order to maintain the right of access to our company premises or building
  • Assertion of legal claims and defense in legal disputes
  • Ensuring IT operations and IT security
  • Measures for building and facility security (e.g. access authorizations)
  • Measures to improve our internal business processes and product optimization
  • Furthermore, we may use systems for communication purposes (e.g. video conferencing systems, chat, etc.). Depending on the communication, your contact data, messages as well as image and sound recordings are processed. Recordings of image or sound transmissions are generally not made without your express consent. Please also note the respective data protection information of the provider tools.

d.) In the context of consent (Art. 6 para. 1 p. 1 lit. a GDPR). In some situations, the processing of your personal data is not mandatory and is only permitted with your consent. In these cases, we point out this circumstance to you, in particular also the voluntary nature of giving consent and the possibility of revocation at any time with effect for the future. This is the case, for example, with

  • some data processing via our website (see privacy policy on our website)
  • in some advertising situations (existence of an advertising consent, if required by law)

Recipients of the personal data

In general, the company only grants access to your data to bodies which have to work with your data (“need-to-know principle”), i.e. which need access to this data in order to fulfill a contractual or legal obligation. This may also include service providers and vicarious agents who act on behalf of the company and/or who have been obligated to process the data confidentially. In certain situations we transfer your data to

  • public authorities (e.g. tax authorities) if a legal obligation exists
  • other companies as part of the performance of the contractual relationship, as part of a balancing of interests or based on your consent. In individual cases, depending on the business relationship or order, these may be, for example, companies involved in the provision of our services, logistics partners, marketing service providers, credit agencies, banks, tax consultants or lawyers.

Is data transferred to a third country or to an international organization?

We transfer personal data to other entities in countries outside the European Union (third country) if it is necessary to carry out the business relationship, if it is required by law or if you have given us your consent to do so. In certain situations, we use or reserve the right to use service providers who may either have their registered office in a third country or who in turn may have service providers with a registered office in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in a third country. In the absence of such a decision, a data transfer to a third country is permissible if the controller has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and the data subject has enforceable rights and effective remedies (Art. 46 GDPR). As a matter of principle, we only cooperate with entities in a third country that meet the listed criteria.

Storage period of the data

We process and store your personal data as long as it is necessary for the fulfillment of our contractual and legal obligations. If the storage of personal data is no longer necessary for the fulfillment of these obligations, it will be deleted, unless there are legal retention obligations, such as commercial and tax retention obligations under the Tax Code and the Commercial Code (6 or 10 years) and for the preservation of evidence under statutory limitation provisions.

Data subject rights

You have the following rights with respect to us regarding personal data concerning you:

  • Right to information
  • Right to correction or deletion
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. However, you also have the option of contacting (also confidentially) our company data protection officer. If you have given us consent (Art. 6 para. 1 p. 1 lit. a GDPR), you can revoke this at any time with effect for the future. Insofar as we base the processing of your personal data on the balance of interests (Art. 6 para. 1 p. 1 lit. f GDPF), you may object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing. You can object to the processing of your personal data for advertising purposes at any time.

Obligation to provide data

In the context of the performance or initiation of a contract, you must provide those personal data that are required for the performance of the contract or the performance of pre-contractual measures and the associated obligations. Furthermore, you must provide those personal data that we are legally obligated to collect. Without providing this data, we will not be able to conclude or fulfill a contract with you. In cases of data collection based on consent, the provision of data by you is voluntary and not mandatory. However, if you do not provide consent, we will not be able to provide the services or benefits based on data processing by means of consent. You may revoke your consent at any time with effect for the future, even after you have given it.

Does automated decision-making or profiling take place? 

No.

Data Protection Information according to Art. 13 and 14 GDPR for Customers and Suppliers

Data Protection Information according to Art. 13 GDPR for Applicants

With this information we would like to inform you about the background of the data processing of your data within the application process. We process your personal data in strict compliance with labor and data protection regulations. In particular, we process the following data: Name, address, date of birth, curriculum vitae, photograph, e-mail address, telephone number and proof of qualifications. You can also provide additional data on a voluntary basis. Furthermore, we may store additional data, such as internal notes and assessments.

Person responsible for data processing and contact details of the data protection officer

medavis GmbH, Bannwaldallee 60, 76185 Karlsruhe, Germany Phone.: +49 721 92910-0, Fax: +49 721 92910-99, Mail: info@medavis.com

Data protection officer: Mail: datenschutzanfragen@xdsb.de or at our postal address with the addition “the data protection officer”.

xDSB Datenschutz GmbH & Co. KG, Greschbachstraße 6a, 76229 Karlsruhe, Germany, Phone: +49 721 828035-0, Fax: +49 721 82803 -99, E-Mail: info@xdsb.de

For what purposes and on what legal basis is the personal data processed?

We process personal data in compliance with data protection laws, in particular the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

a.) In the context of the performance of a contract or for the implementation of pre-contractual measures (Art. 6 para. 1 p. 1 lit. b GDPR), in particular the employment relationship (§ 26 BDSG). The legal basis for data processing is data processing for pre-contractual measures or for initiating a contract (Art. 6 para. 1 p. 1 lit. b GDPR, § 26 BDSG).

b.) In the context of consent (Art. 6 para. 1 p. 1 lit. a GDPR). In addition, you have the option to give us your consent for data processing that is not required for the purpose of processing your application for a specific position. This relates in particular to consent to the processing of your data in the event of rejection in order to be able to consider you for further positions in the future. This consent is voluntary for you, i.e. you can refuse it without consequences and also revoke it at any time with effect for the future.

Recipients of the personal data

In general, the company only grants access to your data to bodies that need to work with your data (“need-to-know principle”), i.e. need access to this data to fulfill a contractual or legal obligation. Data will only be transferred to third parties with your express consent or in the context of fulfilling the pre-contractually required measures.

Is data transferred to a third country or to an international organization?

As a matter of principle, no data is transferred to entities in countries outside the European Union (third countries). In certain situations, we use or reserve the right to use service providers who may either be based in a third country or who may in turn have service providers based in a third country. According to Art. 45 GDPR, a data transfer to a third country is permitted if the European Commission has decided that an adequate level of protection exists in a third country. In the absence of such a decision, a data transfer to a third country is permissible if the controller has provided appropriate safeguards (e.g., so-called standard data protection clauses issued by the European Commission) and enforceable rights and effective remedies are available to the data subject (Art. 46 GDPR). As a matter of principle, we only cooperate with entities in a third country that meet the listed criteria.

Storage period of the data

We process and store your personal data as long as it is required to fulfill the purpose of initiating the contract. If the storage of personal data is no longer necessary for the fulfillment of the purpose, it will be deleted, unless there are legal storage obligations, in particular for the preservation of evidence within the framework of legal statutes of limitation, or you have given your express consent to further storage.

Data subject rights

You have the following rights with respect to us regarding personal data concerning you:

  • Right to information
  • Right to correction or deletion
  • Right to restriction of processing
  • Right to object to processing
  • Right to data portability.

You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us. You can also contact our company data protection officer at any time – also confidentially.

If you have given us consent (Art. 6 para. 1 p. 1 lit. a GDPR), you can revoke this at any time with effect for the future.

Insofar as we base the processing of your personal data on the balance of interests (Art. 6 para. 1 p. 1 lit. f GDPR), you may object to the processing. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.

Obligation to provide data

As part of the initiation of the employment relationship, you must provide those personal data that are necessary for the fulfillment of pre-contractual measures and the associated obligations. Without providing this data, we will not be able to conclude a contract with you.

Does automated decision-making or profiling take place?

No.

Data Protection Information according to Art. 13 GDPR for Applicants