Privacy Policy

Merkur Versicherung AG uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data.

onlyfy one

onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet. On or respectively via onlyfy one, companies can, for example, publish job ads, identify interesting talented individuals (where applicable including from the XING professional network), receive and manage applications, and enter into dialogue with talented individuals and applicants. New Work SE supports this coming together of talented individuals and companies on and via onlyfy one. This takes place through, for example, talented individuals being recommended and displayed in the business customer’s company account, as well as through the generation and provision of recruitment-relevant information and analysis based on data that New Work SE processes in onlyfy one and, where applicable, in other XING applications or outside them.

Shared responsibility

With regard to interaction within the company account of Merkur Versicherung AG, Merkur Versicherung AG and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here to gain information on the key aspects of the agreement.

Data processing by New Work SE

With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with Merkur Versicherung AG, detailed information is available in the Privacy Policy of onlyfy one (by XING) at You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.

Pausing your online application

You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of Merkur Versicherung AG in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to Merkur Versicherung AG only.

Visibility of your data

The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.

Notes on the special functions of onlyfy one

Calendar function

If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: and

WhatsApp application

If you use the apply using the WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.

The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here:

Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. The USA is currently considered an insecure third country, which means that it may not be able to guarantee EU data protection standards. Sending the application may involve certain data protection risks (e.g. unauthorised access to your data by US security agencies). However, the sent and received messages are encrypted end-to-end.

WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here:

If you want to withdraw consent, please contact

Data Protection Information

You can find detailed data protection information in accordance with Articles 12, 13 and 14 of the EU General Data Protection Regulation (GDPR) at On request, we will be pleased to send you this information by post.

Responsible for data processing

Merkur Versicherung AG, Conrad-von-Hötzendorf-Straße 84, 8010 Graz, Austria

Phone: +43 316 8034-0

Email address (general):

If you have any questions about the processing of your data, please contact our Data Protection Officer at the above address, adding “Data Protection Officer” - or by email to:

Categories of processed data

The following data is collected and processed for the automated processing of your application:

First name, surname, email address and, if applicable, address / place, date of birth, salutation, title, telephone number, citizenship, religious affiliation, marital status (if specified).

Additional questions depending on the respective advertisement (e.g. driver's license), curriculum vitae, in particular information on professional experience and training, skills (e.g. Photoshop, MS Office), application photo (if included), qualifications, awards and language skills, cover letter, uploaded files and documents.

We save the written, electronic communication that takes place between you and Merkur Versicherung AG. We also process comments and appraisals that are made about you in the course of your application process.

Your personal data is usually collected directly from you as part of the application process. In certain cases, your personal data will also be collected from other bodies based on legal provisions. We may also have received data from third parties (such as recruiters).

Purposes for processing personal data

The purpose of processing is to carry out a personnel selection process and to examine the possible establishment of an employment relationship with Merkur Versicherung AG or with group companies of the Merkur Group (list at

Legal basis for processing the data

We process the application data you voluntarily and truthfully disclosed by automated means on the basis of your express consent.

This takes place, in particular, in compliance with the Austrian Data Protection Act (DSG) and the General Data Protection Act regulation of the EU (GDPR).

You can withdraw your consent at any time using the above-mentioned contact details for Merkur Versicherung AG. If you withdraw your consent, from this point in time we will no longer process your data for the above-mentioned purposes.

Categories of recipients

If you are applying for a position at a Merkur Versicherung AG group company, we would point out that the data are first transmitted to Merkur Versicherung AG, which forwards them to the relevant group company for further processing.

Storage period (deletion periods)

We store your personal data for 6 months from the rejection of the application.

Rights of data subjects

Provided that the necessary requirements are met, you have the following rights:

Right to information, correction, deletion, right of appeal to the data protection authority and the right to restriction of processing and data portability.

If the processing is based on consent, you have the right to withdraw this at any time. We will then no longer process this data unless there is another reason for lawful processing.

If you believe that we are using your data in an impermissible manner, you have the right to lodge a complaint with the Austrian data protection authority.

You can find detailed data protection information in the data protection area at