Data privacy statement for job applicants

As part of the job application process, we would like to get to know each other — before you decide for us and we for you. Your job application documents, which you send us in writing or in text form, are to serve as a basis. During a personal interview, we would like to learn even more about each other. The purpose of collecting this data is to make a well-founded decision for long-term cooperation.

In accordance with Section 26 Paragraph 1 Sentence 1 of the new version of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in conjunction with Article 88 Section 1 of the European Union General Data Protection Regulation (GDPR), collection of data which is necessary for establishing an employment relationship is permitted. If you voluntarily provide us with data beyond what is necessary, processing of it is permitted by the data protection law within the framework of consent pursuant to Article 6 Section 1 Sentence 1 letter a of the GDPR.

The basis of law for collecting the above-named obligatory details is Section 26 Paragraph 1 Sentence 1 of the German Federal Data Protection Act, new version, in conjunction with Article 88 Section 1 of the GDPR.

We ensure that your personal data is processed in a way that guarantees the protection of your data. The data will be processed by electronic means and in paper form. We adhere to the security standards to protect your privacy and the risk of unauthorized access to this data. We have taken extensive technical and organizational precautions to protect your data from loss, manipulation, destruction, and unauthorized access. Our security measures are continuously improved in line with technological developments and legal requirements.

As a person affected by data processing, in accordance with the GDPR, you have, among others, the following rights (hereafter referred to as “rights of the persons affected”):

Right to information (Article 15 GDPR)

You have the right to request information as to whether or not we process personal data about you.The first copy is free of charge; for further copies, a reasonable fee may be charged. A copy can only be provided if as the rights of other persons are not affected by this.

Right to rectification of data (Article 16 GDPR)

You have the right to request us to rectify your data when these are incorrect, incomplete, or both. This right also includes the right of completion through supplementary explanations or statements.

Right to erasure of personal data (Article 17 GDPR)

You have the right to request the erasure of your personal data when:

• The personal data are no longer necessary for the purposes for which they were collected and processed.
• The data processing is based on consent given by you and you have revoked the consent; this does not apply, however, if another legal permission for the data processing exists.
• You have filed an objection to data processing, the legal permission of which lies in the so-called “legitimate interest” (according to Article 6 Section 1 Letter e or f GDPR); however, erasure need not take place if there are overriding legitimate reasons for further processing.
• You have filed an objection to processing for the purpose of direct marketing.
• Your personal data have been processed unlawfully.
• It is data of a child collected for information society services (= electronic service) on the basis of consent (according to Article 8 Section 1 GDPR).

A right to erasure of personal data does not exist when:

• the right to freedom of expression and information precludes the request for erasure.
• the processing of personal data is necessary to fulfil a legal obligation (for example, legal obligations to preserve business records).
• the processing of personal data is necessary to carry out public functions and interests in accordance with applicable law (this also includes “public health”).
• the processing of personal data is necessary for the purposes of archiving, research, or both.
• the personal data are necessary to assert, exercise, or defend legal claims.

If personal data have been made public by us (e.g., on the Internet), we must, to the extent technically feasible and reasonable, ensure that other data processors are also informed of the request for erasure, including the erasure of links, copies, and/or replications.

Right to restriction of data processing (Article 18 GDPR)

You have the right to have the processing of your personal data restricted in the following cases:

• If you have disputed the accuracy of your personal data, you can request that we do not use your data for other purposes for the duration of the verification and thus limit their processing.
• In the case of unlawful data processing, instead of erasure of the data, you can request the restriction of the use of the data.
• If you need your personal data to assert, exercise, or defend legal claims, but we no longer need your personal data, you can request us to restrict processing to the purposes of legal proceedings.
• If you have objected to data processing (pursuant to Article 21 Section 1 GDPR) and it has not yet been determined whether our interests in processing override your interests, you can request that your data are not used for other purposes during the duration of the verification and thus limit their processing.

Personal data, the processing of which has been restricted at your request, may, provided that they are stored, only be processed – with your consent, for the assertion, exercise, or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest. Should a processing restriction be revoked, you will be informed of this in advance.

Right to data portability (according to Article 20 GDPR)

You have the right to request the data which you have provided to us in a commonly used electronic format (e.g., as a PDF or Excel document). You can also request that these data are transmitted by us directly to another company (determined by you) provided that this is technically feasible for us. The prerequisite that you have this right is that:

• The processing is carried out on the basis of consent or for the execution of a contract and is carried out by means of automated procedures.
• The exercise of the right of data portability does not infringe on the rights and freedoms of other persons.

When you exercise the right of data portability, you also continue to have the right to the erasure of data pursuant to Article 17 GDPR.

Exercise of the rights of the persons affected

To exercise your rights of the persons affected, please contact the above office. Requests that are submitted electronically will as a rule be answered electronically. The information, notifications, and measures to be made available under the GDPR, including “the exercise of the rights of the persons affected”, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for processing or to refrain from taking action (pursuant to Article 12 Section 5 GDPR).

Should reasonable doubts as to your identity exist, we are permitted for the purpose of identification to request additional information from you. If identification is not possible for us, we have the right to deny the processing of your request. We will as far as possible inform you separately of a missing possibility for identification (see Article 12 Section 6 and Article 11 GDPR).

Requests for information are usually processed immediately, within one month of the receipt of the request. The period may be extended by an additional two months as long as this is necessary given the complexity and/or the number of requests; in the event of an extension, we will inform you of the reasons for the delay within one month of receipt of your request. If we do not act on a request, we will inform you immediately within one month of receipt of the request of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking legal redress. (See Article 12 Section 3 and Section 4 GDPR.)

Please note that you may exercise your rights as an affected person only within the framework of restrictions and limitations provided for by the Union or one of its member states. (Article 23 GDPR)

During processing, your data may be transferred to:

• Persons within our company who are directly involved in data processing (e.g., human resources department).
• Service providers who are contractually bound and bound to secrecy and who perform partial tasks of data processing.
• External companies, if necessary. Examples of this are postal service providers for the delivery of letters.

Data transfers into third countries are not planned and occur only in the framework of existing contractual requirements, necessary communication, and other exceptions expressly provided for in Articles 44-49 GDPR. No further transmission to third countries is currently taking place.

We save your data during the period of time in which we need them to achieve the purposes described in point 2. No later than six months after the decision, the documents shall be returned in paper form or the digital documents erased (deleted). This period results as protection against claims by the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG). However, there may be legal provisions (e.g., the Fiscal Code of Germany (Abgabenordnung) Section 147) that force us to retain certain documents for six or ten years. After the retention period has expired, we delete data that is no longer required.