Skip to main content

Processing of (personal) data by the entity in charge of the online application process

   

Data protection information

on the   collection and processing of applicant data



by

Scienion GmbH

Otto Hahn Street 15
44227 Dortmund

- hereinafter referred to as "Controller" -







Preamble
In   accordance with the requirements of the General Data Protection Regulation, this   information sheet informs you about how the Controller uses personal data of applicants   and about your rights under data protection law in this regard. In order to ensure that you are fully informed about the processing of your personal data   in the context of the application, please take note of the following   information   Please forgive   us that we are obliged to provide more detailed information due to mandatory   legal requirements.   

Definitions

General Data Protection Regulation

The General Data Protection Regulation (GDPR) is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Federal Data Protection Act

BDSG is the Federal Data Protection Act (Bundesdatenschutzgesetz), promulgated as Article 1 of the Act of 30 June 2017 (BGBl. I p. 2097), which entered into force on 25 May 2018 pursuant to Article 8(1) of the Act.

Third country

A third country is any country which is not a Member State of the European Union.

Personal data

Personal data means any information relating to a natural person. Special categories of personal data are data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data or data concerning the health or sex life of the data subject.

Responsible

The controller is the body which alone or jointly with others determines the purposes and means of the processing of personal data. The controller in this case is therefore Scienion GmbH.

Data Subject

The data subject is any natural person whose data are processed.

Third Party

Third party means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor.

Recipient

Recipient means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party.

Authorisation

The legal basis for the processing of personal data is the authorization.

Consent

Consent of the data subject is any freely given specific, informed and unambiguous indication of his or her wishes in the form of a statement by which the data subject signifies his or her agreement to personal data relating to him or her being processed.

Processing

Processing is any operation performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

Contact Details

 

Controller

Scienion GmbH

Otto Hahn Street 15

44227 Dortmund

Management: Dr. Holger Eickhoff, Dr. Frauke Hein

Commercial Register: Amtsgericht Dortmund HRB 32851

Tel. : 0231/97426900
Fax: 0231/97426901
E-mail: support@scienion.com

Responsible data protection officer

Dr. Christian Holtermann
Datarea GmbH
Meißner Straße 103
01445 Radebeul
Telephone: +49 351 272 20 880
Fax: +49 351 272 20 887
E-mail: christian.holtermann@datarea.de

Personal data

As part of the application process, we process personal data from you insofar as this is necessary to determine your suitability to fill the vacant positions. This data processing may concern the following data or data categories, among others:

Personal and   contact information, such as name, email address and telephone number, home   address, date of birth, national identification number, gender, marital status and nationality.   

Education,   performance and employment data, such as school and college graduation   information, professional experience and skills, and performance appraisals.  

Other   application documents that you make available to us, such as letters of   application, references, CVs, driving licence class, passport photos or other   information, e.g. reference to hobbies or voluntary work.                 

The Controller processes special categories of personal data (e.g. information on marital status which may allow conclusions to be drawn about your sexual orientation; information on your health; attachment of a photograph which allows conclusions to be drawn about your ethnic origin and, where applicable, your eyesight and/or religion) only under specific conditions. Similarly, it processes personal data relating to criminal offences only in specific circumstances provided for by law. The processing must be expressly permitted or required by law. You may also voluntarily give your explicit consent to the processing of such data. Insofar as the Controller processes special categories of personal data, the Controller shall ensure that your interests are protected by taking appropriate and specific measures (Section 22 (2) BDSG).

Purposes of the processing of personal data

The Controller processes personal data in the application process, in particular for contacting and communicating with applicants, for interviews, for forwarding the data to internal departments to assess whether the applicant is a suitable candidate for that department, if necessary for initiating or concluding an employment relationship.

Legal basis for processing of personal data

The Controller may process your personal data in the application process if this is necessary for the decision on the establishment of an employment relationship (Art. 6 (1) (b) DS-GVO or Section 26 (1) sentence 1 BDSG). In addition, the Controller may base the processing of your personal data on, among others, the fulfilment of legal obligations (Art. 6 (1) (c) DS-GVO) or the protection of legitimate interests (Art. 6 (1) (f) DS-GVO). The processing of personal data is also permissible if you consent to the processing (Art. 6 para. 1 lit. a DS-GVO). You have the right to revoke the consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. In the event of revocation of consent, further processing may continue to be justified on another legal basis.

Source of personal data

The Controller collects personal data in particular from the application documents, the information in the recruitment questionnaire, the results of the interview and generally accessible data sources (in particular professional social networks).

Recipients of personal data

Within the company, only those departments that are entrusted with the preparation and implementation of the application process will receive your data. This includes employees of the HR department and the departments in which a vacancy is to be filled. Personal data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary to process the application, if you have given your consent or if the Controller is authorised to provide information. Insofar as the Controller transfers personal data to recipients outside the company, it obligates the recipient of the data to use it only for the specified purposes. Personal data will not be passed on to recipients in third countries outside the European Union.

Storage period

The Controller deletes personal data as soon as they are no longer necessary for the fulfilment of the purpose for which they were collected. The Controller also deletes the personal data if their storage is inadmissible (in particular if the data is incorrect and a correction is not possible). The Controller shall comply in particular with the legal requirements (General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG), DSG-VO). The Controller deletes applicant data no later than six months after the end of the application process, unless an employment relationship is established or consent to longer data processing has been given.

Automated decision-making

In the context of the application procedure, the Controller does not process personal data in an automated way.

Data subject rights

As a person affected by data processing (data subject), you are entitled to the following rights if the respective legal requirements are met:

Right to information about the stored personal data (Art. 15 DS-GVO)

In particular, the data subject may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom the data are disclosed, the planned storage period, the origin of the data if the Controller has not collected them directly from him, the existence of a right of appeal to a supervisory authority, the existence of automated decision-making, including profiling, and about appropriate safeguards in case of transfer of personal data to a third country.

Right of rectification (Art. 16 DS-GVO)

The data subject may request that inaccurate data be corrected or that incomplete, accurate data be completed.

Right to erasure of stored data (Art. 17 DS-GVO)

The data subject has the right to demand the immediate deletion of personal data if there is a reason for doing so and insofar as there are no legal or contractual retention periods or other legal obligations or rights to continued storage. Reasons for deletion exist in particular if the Controller no longer needs the data for the specified purposes, if the data subject has withdrawn consent or lodged an objection, if the Controller is processing the data unlawfully or if deletion is required by law.

Right to restrict the processing of data (Art. 18 DS-GVO)

The data subject may request the restriction of processing if he or she disputes the accuracy of the data, if the processing is unlawful but the data subject objects to its erasure, if the Controller no longer requires the data but the data subject needs it for the assertion, exercise or defence of legal claims, or if the data subject has objected to the processing pursuant to Article 21 DS-GVO.

Right to data portability (Art. 20 DS-GVO)

The data subject has the right to have the data provided and stored by him transferred by the Controller in a common, machine-readable format or to request the transfer to another controller. This right only exists if the processing of the personal data is based on the consent of the data subject or a contract pursuant to Art. 6 (1) (b) DS-GVO and the processing is carried out with the aid of automated procedures.

Right of appeal

The data subject has the right to lodge a complaint with a supervisory authority, in particular at his or her habitual residence, place of work or place of the alleged infringement, if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

Right of objection (Art. 21 (1) DS-GVO)

The data subject may object to data processing on grounds relating to the specific situation of his or her person. However, this right only exists for processing operations carried out by the Controller on the basis of Art. 6(1)(e) or (f) DS-GVO, i.e. in particular processing based on legitimate interests of the Controller (cf. point 3.4 above). The existence of a reason of overriding importance is required. Furthermore, the data subject may contact the supervisory authority mentioned in Section 2.

Dealing with data protection breaches (Art. 34 DS-GVO)

The Controller shall inform you without undue delay of any data breaches that may result in a high risk to personal rights and freedoms. The notification may be omitted in the cases of Article 34(3) of the GDPR, i.e. in particular if the Controller has taken precautions to prevent third parties from accessing the personal data (such as encryption), if the high risk for you no longer exists due to certain measures taken by the Controller or if the notification would involve disproportionate effort and the notification is made by other means, such as a public announcement.

Obligation to disclose information to third parties (Art. 19 DS-GVO)

Insofar   as the Controller has disclosed personal data to other bodies or recipients,   the Controller is obliged, as far as is technically possible and reasonable,   to notify the recipients of the data of any rectification, erasure and/or   restriction of processing. Upon request, the Controller shall inform the data   subject about the respective recipients of the data (see Section 10.1).


Declaration of consent for the storage of my applicant data

Should my application be unsuccessful, I  

[Employee name]

agree that Scienion GmbH, Otto-Hahn-Straße 15, 44227 Dortmund ("Scienion") stores my personal data that I have provided during the entire application process (e.g. in letters, CV, certificates, applicant questionnaires, applicant interviews) for up to two years beyond the end of the specific application process. I consent to Scienion using this data to contact me at a later date and to continue the application process should I be considered for another position.

Insofar as I myself have provided "special categories of personal data" pursuant to Article 9 of the GDPR in my letter of application or other documents submitted by me in the application process (e.g. a photo that reveals the so-called racial or ethnic origin, information on severely disabled status, etc.), my consent also relates to these data), my consent also refers to this data. However, Scienion would like to evaluate all applicants only according to their qualifications and therefore requests that such information be omitted from the application if possible.

This consent also applies to data about my qualifications and activities from generally accessible data sources (in particular professional social networks) that Scienion has permissibly collected as part of the application process. My data will not be passed on to third parties.

This consent is voluntary and has no effect on my chances in the current application procedure. I can refuse it without giving reasons and without having to fear any disadvantages because of it.

I can also revoke my consent at any time (e.g. by e-mail to [address]); in this case, my data will be deleted immediately after completion of the application process. Legal permissions for data processing - for example from tax regulations, if I have received a reimbursement of application costs - remain unaffected by a revocation, as my consent does not cover such processing.

      



Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.