Data privacy job applicants2024-01-02T11:39:43+01:00

Data privacy statement for job applicants

Information on handling your data as a job applicant.

1. General

Konrad-Zuse-Str. 3
52477 Alsdorf

Commercial registry entry at the local court (Amtsgericht) of Aachen, HRA 9222
Value added tax (VAT) number: DE 121677156

Personally liable partner:

IHO Holding GmbH & Co. KG, Herzogenaurach
Register court: Fürth Local Court (Amtsgericht Fürth), HRA 2681

Personally liable partner:

IHO Management GmbH, Herzogenaurach
Register Court: Fürth Local Court (Amtsgericht Fürth), HRB 12191
Board of Directors: Maria-Elisabeth Schaeffler-Thumann, Georg F.W. Schaeffler, Klaus Rosenfeld, Dr. Alexandra Zech

Represented by the managing partner:

ATESTEO Management GmbH, Herzogenaurach
Register Court: Fürth Local Court (Amtsgericht Fürth) HRB 13140
Board of Directors: Tim Willers, Dr. Josef Görgens, Dr. Lei Kan

Contact person in the human resources department:

Ms Saltik di Memmo
Email address:

Controller for data protection:

Mr. David Zinzius
Optiqum GmbH
Siegburger Str. 223
50679 Cologne

Responsible regulatory authority for monitoring and compliance with data protection law:

State Representative for Data Protection, North Rhine-Westphalia
Kavalleriestraße 2-4
40213 Düsseldorf

2. Purpose of collecting, processing, or using data

As part of the job application process, we would like to get to know each other — before you decide for us and we for you. Your job application documents, which you send us in writing or in text form, are to serve as a basis. During a personal interview, we would like to learn even more about each other. The purpose of collecting this data is to make a well-founded decision for long-term cooperation.

3. Legal regulations on data protection

In accordance with Section 26 Paragraph 1 Sentence 1 of the new version of the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) in conjunction with Article 88 Section 1 of the European Union General Data Protection Regulation (GDPR), collection of data which is necessary for establishing an employment relationship is permitted. If you voluntarily provide us with data beyond what is necessary, processing of it is permitted by the data protection law within the framework of consent pursuant to Article 6 Section 1 Sentence 1 letter a of the GDPR.

The basis of law for collecting the above-named obligatory details is Section 26 Paragraph 1 Sentence 1 of the German Federal Data Protection Act, new version, in conjunction with Article 88 Section 1 of the GDPR.

We ensure that your personal data is processed in a way that guarantees the protection of your data. The data will be processed by electronic means and in paper form. We adhere to the security standards to protect your privacy and the risk of unauthorized access to this data. We have taken extensive technical and organizational precautions to protect your data from loss, manipulation, destruction, and unauthorized access. Our security measures are continuously improved in line with technological developments and legal requirements.

4. Rights of the persons affected

As a person affected by data processing, in accordance with the GDPR, you have, among others, the following rights (hereafter referred to as “rights of the persons affected”):

Right to information (Article 15 GDPR)

You have the right to request information as to whether or not we process personal data about you.The first copy is free of charge; for further copies, a reasonable fee may be charged. A copy can only be provided if as the rights of other persons are not affected by this.

Right to rectification of data (Article 16 GDPR)

You have the right to request us to rectify your data when these are incorrect, incomplete, or both. This right also includes the right of completion through supplementary explanations or statements.

Right to erasure of personal data (Article 17 GDPR)

You have the right to request the erasure of your personal data when:

  • The personal data are no longer necessary for the purposes for which they were collected and processed.
  • The data processing is based on consent given by you and you have revoked the consent; this does not apply, however, if another legal permission for the data processing exists.
  • You have filed an objection to data processing, the legal permission of which lies in the so-called “legitimate interest” (according to Article 6 Section 1 Letter e or f GDPR); however, erasure need not take place if there are overriding legitimate reasons for further processing.
  • You have filed an objection to processing for the purpose of direct marketing.
  • Your personal data have been processed unlawfully.
  • It is data of a child collected for information society services (= electronic service) on the basis of consent (according to Article 8 Section 1 GDPR).

A right to erasure of personal data does not exist when:

  • the right to freedom of expression and information precludes the request for erasure.
  • the processing of personal data is necessary to fulfil a legal obligation (for example, legal obligations to preserve business records).
  • the processing of personal data is necessary to carry out public functions and interests in accordance with applicable law (this also includes “public health”).
  • the processing of personal data is necessary for the purposes of archiving, research, or both.
  • the personal data are necessary to assert, exercise, or defend legal claims.

If personal data have been made public by us (e.g., on the Internet), we must, to the extent technically feasible and reasonable, ensure that other data processors are also informed of the request for erasure, including the erasure of links, copies, and/or replications.

Right to restriction of data processing (Article 18 GDPR)

You have the right to have the processing of your personal data restricted in the following cases:

  • If you have disputed the accuracy of your personal data, you can request that we do not use your data for other purposes for the duration of the verification and thus limit their processing.
  • In the case of unlawful data processing, instead of erasure of the data, you can request the restriction of the use of the data.
  • If you need your personal data to assert, exercise, or defend legal claims, but we no longer need your personal data, you can request us to restrict processing to the purposes of legal proceedings.
  • If you have objected to data processing (pursuant to Article 21 Section 1 GDPR) and it has not yet been determined whether our interests in processing override your interests, you can request that your data are not used for other purposes during the duration of the verification and thus limit their processing.

Personal data, the processing of which has been restricted at your request, may, provided that they are stored, only be processed – with your consent, for the assertion, exercise, or defence of legal claims, for the protection of the rights of another natural or legal person, or for reasons of important public interest. Should a processing restriction be revoked, you will be informed of this in advance.

Right to data portability (according to Article 20 GDPR)

You have the right to request the data which you have provided to us in a commonly used electronic format (e.g., as a PDF or Excel document). You can also request that these data are transmitted by us directly to another company (determined by you) provided that this is technically feasible for us. The prerequisite that you have this right is that:

  • The processing is carried out on the basis of consent or for the execution of a contract and is carried out by means of automated procedures.
  • The exercise of the right of data portability does not infringe on the rights and freedoms of other persons.

When you exercise the right of data portability, you also continue to have the right to the erasure of data pursuant to Article 17 GDPR.

Exercise of the rights of the persons affected

To exercise your rights of the persons affected, please contact the above office. Requests that are submitted electronically will as a rule be answered electronically. The information, notifications, and measures to be made available under the GDPR, including “the exercise of the rights of the persons affected”, are generally provided free of charge. Only in the case of manifestly unfounded or excessive requests are we entitled to charge an appropriate fee for processing or to refrain from taking action (pursuant to Article 12 Section 5 GDPR).

Should reasonable doubts as to your identity exist, we are permitted for the purpose of identification to request additional information from you. If identification is not possible for us, we have the right to deny the processing of your request. We will as far as possible inform you separately of a missing possibility for identification (see Article 12 Section 6 and Article 11 GDPR).

Requests for information are usually processed immediately, within one month of the receipt of the request. The period may be extended by an additional two months as long as this is necessary given the complexity and/or the number of requests; in the event of an extension, we will inform you of the reasons for the delay within one month of receipt of your request. If we do not act on a request, we will inform you immediately within one month of receipt of the request of the reasons for this and inform you of the possibility of lodging a complaint with a supervisory authority or seeking legal redress. (See Article 12 Section 3 and Section 4 GDPR.)

Please note that you may exercise your rights as an affected person only within the framework of restrictions and limitations provided for by the Union or one of its member states. (Article 23 GDPR)

5. Recipients or categories of recipients of the data

During processing, your data may be transferred to:

  • Persons within our company who are directly involved in data processing (e.g., human resources department).
  • Service providers who are contractually bound and bound to secrecy and who perform partial tasks of data processing.
  • External companies, if necessary. Examples of this are postal service providers for the delivery of letters.

6. Data transfer into third countries

Data transfers into third countries are not planned and occur only in the framework of existing contractual requirements, necessary communication, and other exceptions expressly provided for in Articles 44-49 GDPR. No further transmission to third countries is currently taking place.

7. Duration of data storage/Standard periods for the erasure of data

We save your data during the period of time in which we need them to achieve the purposes described in point 2. No later than six months after the decision, the documents shall be returned in paper form or the digital documents erased (deleted). This period results as protection against claims by the General Act on Equal Treatment (Allgemeines Gleichbehandlungsgesetz, AGG). However, there may be legal provisions (e.g., the Fiscal Code of Germany (Abgabenordnung) Section 147) that force us to retain certain documents for six or ten years. After the retention period has expired, we delete data that is no longer required.

8. Data processing


We process your data on our own server. This is protected against access by unauthorized persons through technical and organizational measures taken in accordance with Article 32 GDPR. An authorization concept ensures that only authorized staff members may receive access to these data. Our security measures are continuously improved in line with technological developments and legal requirements.

Go to Top