We are delighted that you are interested in working at our company. As part of your application, personal data of you will be processed. Personal data is all information with which you can be identified, or which can be related to your person.
In the following, you will find our comprehensive data protection notice in fulfilment of our duty to provide information, according to GDPR (EU General Data Protection Regulation) for the processing of your personal data in relation to the application.
Please also note our data protection notice for online meetings because job interviews can also take place online.
Name and contact details of the Controller and the Data Protection Officer
The Controller according to Art. 4(7) GDPR is:
Carpus+Partner AG
represented by the board M.Re. Dipl.-Ing. Architect Tobias Ell
Forckenbeckstrasse 61
52074 Aachen | Germany
Tel +49 (241) 88 75-0
Mail info@carpus.de
The Data Protection Officer for Carpus+Partner AG can be contacted at the above address, for the attention of the Data Protection Officer or at datenschutz@carpus.de.
Processing of personal data and purpose of the processing
We process the personal data of you, which you sent us in relation to your application. The purpose of data processing is to review your suitability for the position (or, if applicable, other vacant positions at our company) and to complete the application process.
As a rule, the following personal data from you will be processed:
- Gender (optional)
- First and last name
- Date of birth (optional)
- Address (optional)
- Email address
- Phone number (optional)
- Motivation / interest issues
- Availability date (optional)
- Desired salary (optional)
- Desired work location
- Xing and LinkedIn profile (optional)
- If applicable, Interest in department and position
- If applicable, further data from the curriculum vitae or application (e.g. title, school / university or vocational qualification, professional career, certificates / work samples, marital status, photo etc.)
Legal basis
When clicking on a vacancy on the website, job posting platforms or social media channels, potential applicants are forwarded to the Personio application management software. There, all details about the job and the option to submit an application are provided. The legal basis for the processing of your personal data by us as part of the application process is primarily Art. 6(1) lit. b) GDPR. According to this, processing of the data required in relation to the decision on the establishment of an employment relationship is permitted. The forwarding of data to Personio takes place on the basis of Art. 6(1) lit. f) GDPR. Our legitimate interest is the effective and professional implementation of applicant management through the use of an HR tool.
Insofar as data of you are processed within the scope of Active Sourcing, Art. 6(1) lit. f) GDPR forms the legal basis for the data processing. Our legitimate interest is the need to recruit personnel. We assume that you, as a potential candidate, are also interested in being notified of suitable vacancies. This applies in particular if public profiles with job-related information are used as a research source (e.g. in career networks). The names of people approached via Active Sourcing are retained for a defined period of time to avoid repeated contact in the future. The data is stored on the basis of Art. 6(1) lit. f) GDPR (legitimate interest). We assume that you are also interested in a corresponding storage.
Should the data be further required for the assertion of legal rights after the application procedure has been concluded, data processing can be carried out on the basis of the prerequisites under Art. 6 GDPR, in particular on the safeguarding of legitimate interests according to Art. 6(1) lit. f) GDPR. Thus, our interest is in the assertion of or defence against claims.
Insofar as you consent to the application documents being stored beyond the current application procedure for consideration in later application procedures in the talent pool, according to Art. 6(1) lit. a) GDPR the consent forms the legal basis for the further processing of these data.
We may also have a legal obligation to process your personal data. In this case, Art. 6(1) lit. c) GDPR forms the legal basis for the processing.
Storage location
The data are basically processed at data centres within the European Union. For individual processing steps, data is in certain circumstances forwarded to Great Britain. The EU Commission has issued an adequacy decision for Great Britain and thus recognized the UK as a third country with an adequate level of data protection within the meaning of Art. 45 GDPR. Thus, a corresponding data transfer is permissible.
Storage period
Data from applicants shall be automatically anonymized after 6 months in the case of rejection. The period begins when the applicant receives the rejection. In the case of anonymization, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations.
If you receive a commitment in the context of the application procedure, the data are transferred from the application management system to our personnel management system. Only the data relevant to the employment relationship will be transmitted. The remaining data will be deleted.
The names of people approached via Active Sourcing will be kept for 5 years to prevent the person concerned from being contacted multiple times in the future.
Data in the Talent Pool will be stored for 1 year subject to revocation of your consent. After one year have expired, it will be reviewed whether there is a need for further storage. Otherwise, the data are deleted.
Data sources
We process personal data we have received from you within the context of the application process. Under certain circumstances, we also receive personal data from headhunters for the placement of applicants or via Active Sourcing.
Recipients / disclosure of data
Your data are reviewed by the personnel department after receipt of the documents. In addition, the data can be viewed by the person responsible for the respective position. Within the company, only the persons who require your data for the proper execution of our application procedure and in the onboarding process have access to it.
The data is stored in the application management software from Personio (data storage in the EU). The service of Cronofy is used for interview scheduling / calendar synchronization (data storage in the UK). Furthermore we use an IT service provider for general maintenance and support activities as well as an external service provider for legally compliant file and data destruction. In this context, it may happen that a service provider becomes aware of personal data. We ensure that the service providers are carefully selected – especially in regard to data protection and data security – and take all measures required under data protection law for permissible data processing.
Rights of data subjects
You have the right to information about the personal data concerning your person processed by us. In the case of a request for information that is not made in writing, please understand that we may then request information from you that proves that you are the person you claim to be. Furthermore, you have a right of correction or deletion or to restriction of the processing, insofar as you are legally entitled to this. Moreover, you have a right of objection to the processing within the context of the statutory provisions. The same applies for a right to data portability.
Please contact the Data Protection Officer (datenschutz@carpus.de) to assert your rights as a data subject.
Right of revocation and right of objection
Insofar as the data processing is based on a consent pursuant to Art. 6(1) lit. a) GDPR, you have the right to revoke your consent at any time with effect for the future. Notice of revocation does not affect the legality of the processing carried out before the revocation notice.
If your personal data are processed on the basis of legitimate interests in accordance with Art. 6(1) lit. f) GDPR, you have the right to lodge an objection against the processing of your personal data, in accordance with Art. 21 GDPR, insofar as reasons exist for this, which arise from your specific situation.
If you wish to assert your right of revocation or your right of objection, it is sufficient to send an e-mail to datenschutz@carpus.de.
Right of complaint
If you see any reason to be dissatisfied with the handling of your data by us or if you think that the data processing is not in accordance with the law, please contact the Data Protection Officer by email (datenschutz@carpus.de). The majority of questions and problems relating to data protection law can probably be resolved quickly and easily. If your request has not been dealt with satisfactorily, you have regardless to this the right to complain to a data protection supervisory authority about the processing of personal data by us.
Currency of and amendments to this data protection notice
We reserve the right to amend and update this data protection notice as required in compliance with the applicable data protection regulations. The respective current version applied for your visit.
This data protection notice applies as of: June 2023