Skip to main content

Processing of (personal) data by the entity in charge of the online application process

--- Convenience translation, for information purposes only ---

In case of discrepancies between the german and the english text, the german text shall take priority.   

 

Data Protection Declaration for Job Applicants


The job application process, the receipt of your application and, if applicable, the resulting employment relationship require us to process some of your personal data. Since data protection is of particular importance to us, we will inform you below which of your personal data we process, how and for what purpose. This information is provided to fulfill our duty to inform you in accordance with data protection laws.


1. Definitions 

In this privacy policy, we generally use the official terms of the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG). The official definitions are explained in Art. 4 GDPR or § 26 BDSG. According to these, “personal data” is any information relating to an identified or identifiable natural person. This includes, for example, your full name, address, telephone number, or date of birth.

2. Controller responsible for the processing of your personal data


AssetMetrix GmbH

Theresienhöhe 13, 80339 Munich (hereinafter referred to as "we")

is the controller within the meaning of the GDPR.


3. Data Protection Officer 

For all questions regarding the processing of your personal data and the exercise of your rights under the GDPR, please contact our Data Protection Officer:

 

Katja Roganec

General Counsel & DPO

T +49 89 5432880322

E Katja.Roganec@asset-metrix.com

Theresienhöhe 13

D-80339 Munich


4. Purpose and legal basis of data processing

We process your personal data for the purpose of assessing your application for employment to the extent necessary to decide whether to enter an employment relationship with you. The legal basis is § 26 para. 1 in conjunction with para. 8 BDSG.

Furthermore, we may process personal data about you to the extent necessary to defend against legal claims asserted against us in the application process. The legal basis is Art. 6 (1), lit. f GDPR. Our legitimate interest, for example, may lie in fulfilling a duty to provide evidence in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz - AGG).

If there is an employment relationship between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with § 26 (1) BDSG if this is necessary for the performance or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of the representation of the interests of the employees resulting from a law or collective agreement, a works agreement or a service agreement.

5. Categories of personal data
We only process data that is related to your application. This may include general personal data (such as name, address and contact details), information about your professional qualifications, school education or information on professional training or other information that you provide to us in connection with your application. You can provide additional information voluntarily, but it is not a prerequisite for consideration of an application. You will not be disadvantaged if you do not provide such information. This voluntary information includes, for example, application photos. We may also process job-related information you have made publicly available, such as profiles on professional social media networks (e.g., Xing, LinkedIn). This further evaluation serves our legitimate interest in getting to know potential future employees better before an interview. However, we will only conduct such evaluations after making a pre-selection of applicants.


Please note that resumes, cover letters or other data provided by you for the purpose of the interview may also regularly contain information about "special categories of personal data" as defined in Art. 9 (1) GDPR (e.g., a photo that reveals ethnic origin, information about severely disabled status, etc.). If you send us such information, you agree that we may store this information as part of your application documents, Art. 9 (2) lit. a GDPR. Any processing of your personal data that goes beyond storage will only take place if expressly described in this data protection declaration. If special legal obligations arise for us from health-related information, for example regarding a severely disabled status, we will process this data based on Art. 9 (2) lit. b GDPR to comply with these legal obligations. 


6. Data sources

Unless otherwise stated in this Privacy Policy, we collect your personal information only from you directly.


7. Recipients of data

We may transfer your personal data to affiliated companies if permitted by the purposes and legal bases outlined above.

8. Transfer to a third country
The transfer to a third country is not intended. Insofar as external service providers come into contact with your personal data, we have ensured through legal, technical and organizational measures as well as regular checks that they comply with the provisions of data protection laws. In addition, these service providers may only use your data in accordance with our instructions. Please note, however, that the operators of applicant portals where we place job advertisements may in turn also process personal data in third countries. In this respect, please check the data protection notices of the relevant applicant portals.


9. Cooperation with personnel service providers/applicant platforms 
We also work with external personnel service providers to fill vacancies in our company and place advertisements on applicant platforms. We may have received and evaluated certain of your personal data from these third parties before contacting you.

In view of our contractual agreements with the staffing service providers and the applicant platforms, we assume that you have also concluded agreements with them regarding the provision of your personal data to us as a potentially interesting or interested employer, or that you have initiated the transfer of your data to us yourself. In this respect, please also refer to the data protection notices of the relevant personnel service providers or applicant platforms.

Depending on the structure of these data protection notices, it is possible that the personnel service providers or applicant platforms may provide us with further profile information in addition to your application documents. The legal basis for the transfer of your personal data to us is our legitimate interest in the broadest possible selection of qualified applicants* pursuant to Art. 6 (1) f GDPR. We will process data that we obtain in this way from sources other than from you directly in the same way as applications that you send to us directly without involving recruitment agencies or applicant platforms. However, where available, we may use direct communication channels, e.g., from applicant platforms, to exchange messages with you. 

After receiving your personal data, we will process it in the same way as we would process it herein in the case of an application sent directly to us. Please note that once we have received an application via a recruitment service provider or applicant platform, we will not inform you again in detail about the source of your application. Because you initiate this application yourself via a specific personnel service provider or applicant platform, or were in any case in contact with this personnel service provider or applicant platform in advance, you already have the information as to where we obtained your data; it is therefore not necessary to inform you again for legal reasons alone, Art. 14 (5) lit. a GDPR. Of course, we will still be happy to inform you upon request at any time about who exactly we have received your personal data from.


10. Application management via Personio GmbH 

As a general platform for managing the application process, we work together with Personio GmbH, Rundfunkplatz 4, 80335 Munich. Personio may process your personal data exclusively in accordance with our instructions. We have concluded a corresponding data processing agreement pursuant to Art. 28 GDPR with Personio and ensure that your data is processed lawfully in this context. All personal data provided to us as part of the application process, including your application documents, will be stored in the Personio portal and further processed by us.


11. Interviews via MS Teams/ online conference

As an option to the classic on-site interview, we offer the interview as an online meeting by means of video conferencing (hereinafter "online meeting"). We use the "Microsoft Teams" tool for this purpose. "Microsoft Teams" is a service of Microsoft Corporation or, for users based in the EU, Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. As far as you access the website or install application of "Microsoft Teams", the provider of "Microsoft Teams" is responsible for the data processing. However, installation of the application is not required to use "Microsoft Teams". If you do not want to or cannot use the "Microsoft Teams" application, you can also use "Microsoft Teams" via your browser. The service will then also be provided via the "Microsoft Teams" website to this extent. In principle, it may also be possible to participate in online meetings by telephone; however, we would like to ask you to participate in the context of an online meeting via the "Microsoft Teams" application or via the browser and, in particular, to switch on your camera. When using "Microsoft Teams", various types of data are processed. In this context, the scope of the data also depends on the information on data you provide before or when participating in an online meeting.


The following personal data is in principle subject to processing: - Information about the user*: e.g. display name ("display name"), e-mail address if applicable, profile picture (optional), preferred language; - Meeting metadata: e.g. date, time, meeting ID, phone numbers, location - Text, audio and video data; You may have the option of using the chat function in an "online meeting". In this respect, the text entries you make will be processed to display them in the "online meeting". To enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device will be processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time. Online meetings are not recorded. The legal basis for data processing when conducting online meetings as part of job interviews is Section 26 (1) Sentence 1 BDSG, as well as our legitimate interest in application management that saves time and resources, including for our applicants (Art. 6 (1) lit. f GDPR). Personal data processed in connection with participation in online meetings will generally not be passed on to third parties unless required for technical reasons. The provider of "Microsoft Teams" necessarily obtains knowledge of the above-mentioned data insofar as this is provided for in the context of our order processing agreement with Microsoft. Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centers in the European Union. However, we cannot exclude the routing of data via Internet servers that are located outside the EU. This may be the case if online meeting participants are located in a third country. However, the data is encrypted during transport over the Internet and thus protected against unauthorized access by third parties.


12. TalentPool 

If you do not apply for a specific job posting with us or if we select another person for the specific job posting but would like to consider your application for future job postings, we may include you in our TalentPool. However, this requires your express consent within the meaning of Art. 6 (1) lit. a, 9 (2) lit. a GDPR. In such a case, we will request this separately from you. In all other respects, the general data protection information also applies accordingly in these cases.


13. Recommendation by employees (referrals)

We encourage all our colleagues to recommend suitable candidates to us to fill vacancies. Our referral process requires that our colleagues provide us with your application materials only based on your consent to share them. We will only process the data we receive about our colleagues for the purposes of the application process, as described in this Policy.


14. Duration of data storage

We store your personal data for as long as is necessary to make a decision about your application. If an employment relationship between you and us is not established, we may also further store data to the extent necessary to defend against possible legal claims. The application documents will be deleted at the latest six months after notification of the rejection decision, unless longer storage is necessary due to legal disputes.

15. Your rights
As an applicant, you have the following data protection rights in individual cases, depending on the situation:


15.1. Information

You have the right to obtain information about your personal data processed by us and to request access to your personal data and/or copies of these data. This includes information on the purpose of use, the category of data used, its recipients and authorized persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.


15.2. Correction of inaccurate data

You have the right to request us to correct any inaccurate personal data concerning you without delay. Considering the purposes of the processing, you have the right to request the completion of incomplete personal data - also by means of a supplementary declaration.


15.3. Right of objection

Insofar as the processing of personal data concerning you takes place based on Art. 6 (1) lit. f GDPR, you have the right to object to the processing of these data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can prove compelling reasons worthy of protection for the processing, which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.


15.4. Right of erasure/deletion

You have the right to request us to delete personal data concerning you immediately and we are obliged to delete personal data immediately if one of the following reasons applies:

  • - The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.

  • - They shall oppose processing in accordance with paragraph 3 above and there are no overriding legitimate grounds for processing.

  • - The personal data have been processed unlawfully.

  • - The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.


This does not apply if processing is necessary:

    - To fulfil a legal obligation required for processing under the law of the Union or         the Member States to which we are subject.

  •     - To assert, exercise or defend legal claims.


15.5. Right to limitation of processing

You have the right to request us to restrict processing if one of the following conditions is met:

  • - The accuracy of your personal data is disputed for a period that enables us to verify the accuracy of the personal data.

  • - The processing is unlawful, and you refuse to delete the personal data and instead request that the use of the personal data be restricted,

  • - We no longer need personal data for processing purposes, or

  • - you have lodged an objection to the processing under paragraph 3 above until it has been determined whether our legitimate reasons outweigh yours.


If the processing has been restricted in accordance with point 5, these personal data may only be processed - apart from being stored - with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the Union or a Member State.

15.6. Right of appeal

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you violates the GDPR. The competent supervisory authority regarding data protection issues is the Bavarian State Office for Data Protection Supervision (BayLDA).


16. Automated decision making

There is no automated decision in individual cases within the meaning of Art. 22 GDPR, i.e. the decision on your application is not based exclusively on automated processing.

17. Withdrawal of the application

Upon receipt of your application, we will send you an e-mail confirming receipt of your application. Thus, you know that you have applied successfully. However, if you wish to withdraw your application shortly afterwards and request the deletion of the data, accordingly, please write to us via e-mail: recruiting@asset-metrix.com.

18. Reimbursement of travel expenses 

If you have traveled to a personnel selection interview, it is possible that in some cases we will reimburse the travel expenses incurred by you and proven to us. For this purpose, we process the necessary additional information based on Section 26 (1) Sentence 1 BDSG, namely your bank account details, information on travel expense reimbursement claims incurred including receipts (cab, fuel receipt, train ticket or similar).

19. Changes to this privacy policy

We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations.

February 2025
© AssetMetrix GmbH

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.