Skip to main content


The Boost Group is committed to protecting your Personal Data, taking its commitment in this regard very seriously. For this reason, we would like to take this opportunity to inform you about the Processing of your data, specifically the type, scope and purpose of its collection and use.

Our company always strives to ensure the comprehensive protection of your data, while fully complying with applicable legal regulations, in particular the European General Data Protection Regulation (GDPR), the Swiss revised Data Protection Law (revDSG) and the German Federal Data Protection Act (BDSG), as well as any other country-specific data protection regulations applicable to us, such as the Swiss Data Protection Law (DSG).

As the Controller, the company has implemented numerous technical and organizational measures to ensure the most complete protection of Personal Data processed on its website.

This Privacy Policy is intended to inform Data Subjects about the nature, scope and purpose of the Personal Data that we collect, use and process, especially in connection with our website. It will, in addition, inform you, the Data Subject, of your rights.

The information will always be kept available for download on our website.

  1. Definitions

Our Privacy Policy is based on the terms used by European lawmakers in the GDPR. The aim is to ensure that the general public can easily read and understand the Policy’s provisions, including our customers and business partners. For this purpose, we would like to explain some of the terms used in advance.

  1. Processor: a Processor is a natural or legal person, public authority, agency or other body that processes Personal Data for the Controller.
  2. Data Subject: Data Subject refers to any identified or identifiable natural person whose Personal Data is processed by the Controller.
  3. Cookies: Cookies are text files that are placed and stored on a computer system by means of an internet browser.
  4. Third Party: a Third Party is a natural or legal person, public authority, agency or other body other than the Data Subject, the Controller, the Processor and the persons authorized to process the Personal Data under the direct responsibility of the Controller or the Processor.
  5. Recipient: a Recipient is a natural or legal person, public authority, agency or other body to which Personal Data is disclosed, whether or not it is a Third Party. However, public authorities that may receive Personal Data in the context of a specific investigative task under EU or Member State law are not considered Recipients.
  6. Consent: Consent means any freely given specific and informed indication of the Data Subject's wishes, in the form of a statement or other unambiguous affirmative act by which the Data Subject signifies his or her agreement to the Processing of his or her Personal Data.
  7. Personal Data: Personal Data means any information relating to an identified or identifiable natural person (Data Subject). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  8. Pseudonymization: Pseudonymization is the Processing of Personal Data in such a way that the Personal Data can no longer be attributed to a specific Data Subject without the use of additional information, providing such additional information is kept separate and is subject to technical and organizational measures to ensure that the Personal Data are not attributed to an identified or identifiable natural person.
  9. Profiling: Profiling is any type of automated Processing of Personal Data that consists of using such Personal Data to evaluate certain personal factors relating to a natural person, in particular to analyse or predict factors relating to the natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location.
  10. Processing: Processing means any operation or set of operations which is performed on Personal Data, whether or not by automatic means, such as collection, logging, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  11. Controller: the Controller is the natural or legal person, public authority, agency or other body that, solely or jointly with others, determines the purposes and means of the Processing of Personal Data. Where the purposes and means of such Processing are determined by EU or Member State law, the controller may be legally appointed or subject to specific criteria defined by law.


  1. Name and address of Controller.

This Privacy Policy applies to all data that we process in our capacity as Controller within the meaning of the GDPR, other data protection laws applicable in EU Member States and other provisions of a data protection nature:

See imprint.

You can reach our Data Protection Officer at the address of Boost Services AG (see imprint), or by sending an email to

Data Subjects may always address any questions or suggestions regarding data protection directly to our Data Protection Officer.

  1. Cookies

We only use necessary cookies on


  1. Scope, legal basis and purpose of the collection of general data and information and their processing

Our website collects a variety of general data and information each time a Data Subject accesses the site, storing it in log files on the server. The following general data and information may be logged

  1. browser types and versions used,
  2. operating system used by the accessing system,
  3. website from which an accessing system arrives at our website ("http referrer"),
  4. sub-websites that are accessed via an accessing system on our website,
  5. date and time of an access to the internet site,
  6. internet protocol address (IP address),
  7. internet service provider of the accessing system,
  8. other similar data and information that serve to avert danger in the event of attacks on our information technology systems, and
  9. user name and password in the customer login area.

No conclusions are drawn about the Data Subject when using this general data and information. It is rather required in order to

  1. deliver the contents of our website correctly,
  2. optimize the content of our website,
  3. ensure the long-term functionality of our information technology systems and the technology of our website, and
  4. provide law enforcement authorities with the information necessary for prosecution in the event of a cyberattack. Therefore, the data and information collected is statistically analysed by us and/or evaluated with the aim of increasing the data protection and data security of our enterprise in order to ultimately ensure the best possible level of protection for the Personal Data we process. The data in the server log files is stored separately from any Personal Data provided by a Data Subject.

The legal basis for the collection and storage of the above-mentioned data is our legitimate interests pursuant to Art. 6(1)(1)(f) GDPR involving the maintenance and operation of a homepage.

  1. Sharing data; Recipients

To provide you with the best possible way to apply for a position with our company, we may transfer certain data internally or to selected Third Parties. There may also be a specific legal or statutory obligation that requires us to disclose your Personal Data to Third parties.

The parties to which we may disclose your information include:

  • other affiliates or subsidiaries of companies in the Boost group of companies, e.g., to provide basic technology to support the services we provide;
  • our service providers, e.g., for managing or hosting services and/or enabling technology for the services we provide;
  • cooperating partners or organizations, for example, for the analysis of the documents submitted by you;
  • a buyer or successor in interest in a sale or other corporate transaction involving part or all of our business;
  • other parties, e.g., as needed for external audits, compliance, risk management, corporate development and/or corporate governance matters; or
  • government entities and government agencies, as required by applicable law.

Whenever we share Personal Data internally or with Third Parties in other countries, we will implement appropriate safeguards in accordance with applicable data protection laws, including, where applicable, the EU Standard Contractual Clauses when transferring data to countries outside the European Union or the European Economic Area. As required by applicable law, Third Parties must use appropriate safeguards to protect Personal Data and may only access Personal Data as needed to perform their respective tasks.

Your Personal Data will not, however, be transferred to Third Parties for any purposes other than those set out in this Privacy Policy. In this respect (and in accordance with Art. (6)(1)(1) GDPR), we only share your Personal Data with Third Parties if:

  1. you have given your express consent to this;
  2. the disclosure is necessary to safeguard our legitimate interests (e.g. data transfer within the group of companies) or to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data;
  3. in the event that there is a legal obligation to pass it on, and;
  4. this is legally permissible and necessary for the processing of contractual relationships with you.


  1. Registration on our website

As a Data Subject, you may choose to provide Personal Data in order to submit your job application on our website. This data will be transmitted to us in our capacity as Controller on the basis of the input screen used for the registration process. The Personal Data you enter will be collected and stored exclusively for our internal use and/or own purposes. We or the Controller, as the case may be, may arrange for the transfer to one or more Processors, for example an HR assessment partner. They will also use the Personal Data exclusively for an internal purpose attributable to us.

Registering on our website also means that the IP address assigned by the internet service provider (ISP) of the person concerned, the date and the time of registration are also recorded. This data is stored because such a practice is the only way to prevent misuse of our services and, if necessary, to enable us to investigate crimes that have been committed. In this respect, the storage of this data is necessary for our protection. As a matter of principle, this data is not disclosed to Third Parties, unless there is a legal obligation to disclose it or the disclosure serves the purpose of criminal prosecution.

Your registration with voluntary provision of Personal Data enables us to receive and process your application that, due to the nature of the matter, can only be offered to registered users. Registered persons are free to amend the Personal Data provided during registration at any time or to have it completely deleted from our database.

You may request information about the Personal Data retained about you, the Data Subject, at any time. Furthermore, we will correct or delete Personal Data at your explicit request or notice, providing this action does not conflict with any statutory retention obligations. Our aforementioned Data Protection Officer (see Section 2) and all of our employees are available to you as contact persons in this connection.

  1. Routine deletion and blocking of Personal Data

We process and retain your Personal Data only for the period of time necessary to achieve the purpose for which it is collected or insofar as this retention is required EU or relevant national lawmakers, whose laws or regulations apply to us, e.g. due to retention periods.

If the reason for retention no longer applies or if a retention period prescribed by the EU or national lawmakers applicable to us expires, the Personal Data will be routinely deleted, blocked or restricted for Processing in accordance with the statutory provisions.

  1. Rights of the Data Subject

As a Data Subject, you are afforded the rights listed below, which you may assert against us at any time:

  1. Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the supervisory authority of your usual place of residence or place of work or our registered office in accordance with Art. 77 GDPR, should you be of the opinion that the Processing of Personal Data concerning you violates the GDPR.

The supervisory authority to which the complaint is lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

  1. Right to confirmation

Under Art. 15 GDPR, you have the right to request confirmation from us at any time concerning our Processing of your Personal Data.

  1. Right to information

Pursuant to Art. 15 GDPR, you also have the right to obtain information from us at any time and free of charge about the Personal Data that we retain about you. Furthermore, you are also entitled to request other information, including the following:

  • Processing purposes;
  • categories of Personal Data that are being processed;
  • Recipients or categories of Recipients to which the Personal Data had been or will be disclosed, in particular in the case of Recipients in third countries or international organizations;
  • if possible, planned duration for which the Personal Data will be retained or, if this is not possible, the criteria for determining this duration;
  • existence of a right to obtain the rectification or erasure of your Personal Data or to restrict Processing by the Controller, or a right to object to such Processing;
  • existence of a right of appeal to a supervisory authority;
  • any available information on the origin of the data, if the Personal Data has not been collected from and by the Data Subject himself/herself;
  • existence of automated decision-making, including Profiling, pursuant to Article 22(1) and (4) GDPR and - at least in these cases - meaningful information about the logic involved and the scope and intended effects of such Processing for you, the Data Subject.

Furthermore, you have the right to be informed whether Personal Data has been transferred to a third country or to an international organization. If so, you also have the right to obtain information about the appropriate safeguards in connection with the transfer.

  1. Right to rectification

In addition, Art. 16 GDPR entitles you to demand the immediate correction of any inaccuracies in your Personal Data. Furthermore, you have the right to request the completion of incomplete Personal Data - including by means of a supplementary declaration - taking the purposes of the Processing into account.

  1. Right to erasure (right to be forgotten).

Under Art. 17 GDPR, you may also request that your Personal Data be erased without undue delay, providing one of the following reasons specifically applies and providing the Processing is not necessary:

  • Personal Data was collected or otherwise processed for such purposes for which it is no longer necessary;
  • Data Subject withdraws the Consent on which the Processing was based pursuant to Art. 6(1)(a) GDPR and there is no other legal basis for the Processing;
  • Data Subject objects to the Processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the Processing, or the Data Subject objects to the Processing pursuant to Art. 21(2) GDPR;
  • Personal Data has been processed unlawfully;
  • erasure of Personal Data is necessary for compliance with a legal obligation under EU or Member State law to which the Controller is subject.

If the Personal Data has been made public by us, and our company, as the Controller, is required to erase the Personal Data pursuant to Article 17(1) GDPR, we shall implement reasonable measures, including technical measures, taking into account the available technology and the cost of implementation, in order to inform other data controllers processing the published Personal Data that you, as the Data Subject, have requested these other data controllers to erase all links to such Personal Data or copies or replications of such Personal Data.

  1. Right to restrict Processing

Article 18 GDPR entitles you to request restriction of Processing if one of the following conditions is met:

  • accuracy of the Personal Data is contested by the Data Subject for a period enabling the Controller to verify the accuracy of the Personal Data;
  • Processing is unlawful, the Data Subject objects to the erasure of the Personal Data and requests instead restriction of the use of the Personal Data;
  • Controller no longer needs the Personal Data for the purposes of the Processing, but the Data Subject needs it for the establishment, exercise or defence of legal claims;
  • Data Subject has objected to the Processing pursuant to Article 21(1) GDPR, and it is not yet clear whether the legitimate grounds of the Controller override those of the Data Subject.
  1. Right to data portability

Pursuant to Art. 20 GDPR, you have the right to receive any Personal Data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to transfer this data to another controller without hindrance from us, providing the Processing is based on Consent pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, providing the Processing has been carried out with the aid of automated procedures and providing the Processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

When, furthermore, exercising your right to data portability pursuant to Article 20(1) GDPR, you have the further right to have the Personal Data transferred directly from us to another controller, insofar as this is technically feasible and insofar as this does not adversely affect the rights and freedoms of other persons.

  1. Right of objection

Furthermore, Art. 21 GDPR grants you the right, at any time and for reasons arising from your particular situation, to object to the Processing of Personal Data relating to you that is being carried out on the basis of Art. 6(1)(f) GDPR. This also applies to Profiling based on these provisions.

In the event of such objection, we shall no longer process the Personal Data unless we can demonstrate compelling legitimate grounds for the Processing which override your interests, rights and freedoms as a Data Subject or unless the Processing serves the purpose of asserting, exercising or defending legal claims.

If we process Personal Data for the purpose of direct marketing, you have the right to object at any time to the processing of Personal Data for such purpose. This also applies to Profiling, insofar as it is associated with such direct marketing. If you object to our Processing for direct marketing purposes, we will, of course, no longer process this Personal Data for such purposes.

  1. Automated decisions in individual cases including Profiling

Under Art. 22 GDPR and subject to the restrictions of Section 37 BDSG, you also have the right not to be subject to a decision based solely on automated processing - including Profiling - that produces legal effects concerning you or significantly impacts you in a similar manner, providing the decision is

  1. not necessary for the conclusion or performance of a contract between you and us; or
  2. permitted by legislation of the EU or the Member States to which we are subject and that legislation contains appropriate measures to safeguard the rights and freedoms as well as the legitimate interests of the Data Subject; or
  3.  made with your explicit Consent.

If the decision is necessary for the conclusion or performance of a contract between you and us or if it is made with your explicit consent, we will take reasonable steps to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain the intervention of a responsible person, to express your point of view and to contest the decision.

  1.  Right to withdraw Consent under data protection law.

To clarify, we explicitly reiterate that you have the right under Art. 7(3) GDPR to withdraw your Consent to the Processing of Personal Data at any time.

If you would like to exercise one of the rights to which you are entitled in accordance with subsections b) to j) of this section and make use of your rights, please contact our Data Protection Officer referred to in Section 2 above or another member of our staff at any time.

In the event that the right to erasure (subsection e) and restriction of processing (subsection f) is asserted, we will comply with the respective request without undue delay and, in individual cases, take the necessary steps.

  1. Data protection during applications and the application process

Our company collects and processes your Personal Data as a job applicant for the purpose of completing the application process. The legal basis for this activity is Art. 6(1)(b) GDPR, in conjunction in Germany with Section 26(1)(1) BDSG. The processing may also take place electronically, as is particularly the case if you send us corresponding application documents electronically, for example by email or via a web form located on the website. We have set up our own homepage for our job advertisements at

If the application process is successful and we conclude an employment contract with you, the transmitted data will be stored for the purpose of Processing the employment relationship in compliance with the statutory provisions.

If the application process does not end successfully and we do not conclude an employment contract with you, the application documents will be deleted six weeks after the end of the application process, unless we agree otherwise with you or there are other legitimate interests that prevent deletion. Other legitimate interests in this sense include, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG) in Germany.

  1. General information on the legal basis for Processing

Art. 6(1)(a) GDPR serves as the legal basis for our company with regard to processing operations in which we obtain Consent for a specific processing purpose. If the Processing of Personal Data is necessary for the performance of a contract concluded between you and us, as is the case, for example which for the application process necessary is, the Processing is based on Art. 6(1)(b) GDPR. The same applies to such processing operations that are necessary for the implementation of pre-contractual measures, for example in cases of inquiries about our products or services. If our company is subject to a legal obligation by which the processing of Personal Data becomes necessary, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the Processing of Personal Data might become necessary to protect vital interests of you or another natural person. Such would be the case, for example, if a visitor were to be injured on our premises and, as a result, his or her name, age, health insurance data or other vital information had to be transferred to a doctor, hospital or other Third Party. The Processing would then be based on Art. 6(1)(d) GDPR. Finally, processing operations could be based on Art. 6(1)(f) GDPR if the Processing is necessary to protect a legitimate interest of our company or a Third Party, providing the interests, fundamental rights and freedoms of the Data Subject are not overridden.

  1. Legitimate interests in the Processing pursued by the Controller or a Third Party.

If the Processing of Personal Data is based on Article 6(1)(f) GDPR, our legitimate interest may, in addition to the cases already mentioned in this policy statement, include the conduct of our business to benefit the well-being of all our employees and shareholders.

  1. Period for which Personal Data is retained.

The criterion determining the period for the retention of Personal Data is the respective statutory retention period. The relevant data is routinely deleted on expiry of this period. Finally, the retention period is also based on statutory limitation periods.

  1. Legal or contractual requirements to provide Personal Data; necessity for the conclusion of a contract; obligation of the Data Subject to provide Personal Data; possible consequences of not providing the data.

We would also like to inform you that the provision of Personal Data may be necessary for the conclusion of a contract if, for example, you contact us via our homepage in the course of initiating a contract. Failure to provide Personal Data would mean that the contract with you cannot be concluded.

Otherwise, you are not required to provide your data when visiting our website, although failure to do so will make it technically impossible for you to visit our homepages.

A Data Subject may contact our Data Protection Officer prior to providing personal data. Our Data Protection Officer will inform the Data Subject on a case-by-case basis whether the provision of the Personal Data is required by law or by contract, whether it is necessary for the conclusion of a contract, whether there is an obligation to provide the Personal Data and what the consequences of not providing the Personal Data would be.

  1. Existence of automated decision-making

As a responsible company, we do not use automatic decision-making or Profiling.

  1. Data security

When you visit our website, we use the widespread SSL (Secure Socket Layer) procedure in conjunction with the highest encryption level supported by your browser. As a rule, this is 256-bit encryption. Should your browser not support 256-bit encryption, we will use 128-bit v3 technology instead. You can tell whether an individual sub-page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the status bar of your browser.

We also use appropriate technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by Third Parties. Our security measures are continuously improving to keep pace with technological developments.

  1. Links to our social media pages on the networks of Facebook, Twitter, Instagram, LinkedIn, Xing and Vimeo.

We do not use plug-ins from social networks on our websites. The visible icons are merely links to our social media profiles on the networks of Facebook, Twitter, Instagram, LinkedIn, Xing and Vimeo.

When you click these links, the respective site operator processes your Personal Data. If you maintain a profile there and are logged in, the visit to our pages may be linked to your profile.

  1. Updating and amending this Privacy Policy

This Privacy Policy is currently valid and was last updated in April 2022.

Further development of our internet and service offerings or changes in legal or regulatory requirements may make it necessary to amend this Policy.

You can access and print out the current Privacy Policy at any time on the website at