Skip to main content

Processing of (personal) data by the entity in charge of the online application process

--- Convenience translation, for information purposes only ---

In case of discrepancies between the german and the english text, the german text shall take priority.   


Privacy Notice for Job Applicants
The job application process, receipt of your application and, if applicable, the employment relationship established as a result, requires that we process some of your personal data. Since data protection is of particular importance to us, we will inform you below which of your personal data we process, how and for what purpose. This information is provided in order to fulfill our duty to inform you under data protection law.

1. Definitions 
In this privacy policy, the official terms of the General Data Protection Regulation (GDPR) or the German Federal Data Protection Act (BDSG) are generally used. The official definitions are explained in Art. 4 GDPR or § 26 BDSG. According to these, "personal data" is any information relating to an identified or identifiable natural person. This includes, for example, your civil name, your address, your telephone number or your date of birth.

2. Person responsible for the processing of your personal data
 
AssetMetrix GmbH
Theresienhöhe 13, 80339 Munich (hereinafter referred to as "we")
is the controller within the meaning of the GDPR.

3. Data Protection Officer 
For all questions related to the processing of your personal data and the exercise of your rights under the GDPR, you can contact our data protection officer:
 
Katja Roganec
General Counsel & DPO
T +49 89 5432880322
E Katja.Roganec@asset-metrix.com
Theresienhöhe 13
D-80339 Munich

4. Purpose and legal basis of data processing
We process your personal data for the purpose of your application for employment to the extent necessary to decide whether to enter into an employment relationship with you. The legal basis is § 26 para. 1 in conjunction with para. 8 BDSG.
Furthermore, we may process your personal data to the extent necessary to defend against legal claims asserted against us in the application process. The legal basis is Art. 6(1)(f) GDPR. Our legitimate interest lies, for example, in complying with evidentiary obligations in proceedings under the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).
If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with § 26(1) BDSG, insofar as this is necessary for the performance or termination of the employment relationship or for the exercise or fulfillment of rights and obligations arising from a law, collective agreement, works agreement, or service agreement.

5. Categories of personal data
We only process data that is related to your application. This may be general personal data (such as name, address and contact details), information on your professional qualifications and school education or information on professional training or other information that you provide to us in connection with your application. You can provide additional information voluntarily, but it is not a prerequisite for consideration of an application. You will not be disadvantaged if you do not provide such information. This voluntary information includes, for example, application photos. Furthermore, we may process job-related information that you have made publicly available, such as a profile on professional social media networks (e.g. Xing or LinkedIn). Such further evaluation serves our legitimate interest in getting to know our potential future employees better even before an interview. However, we will only carry out such evaluations once we have already made a pre-selection of all applications. We will only obtain further information as described above on applicants whom we would like to get to know better after such a pre-selection.

Please note that resumes, cover letters, or other data you provide for the purpose of the interview may also regularly contain information about “special categories of personal data” as defined in Art. 9(1) GDPR (e.g., a photo revealing ethnic origin or information about severe disability status). If you send us information of this kind, you consent to our storing this information as part of your application documents pursuant to Art. 9(2)(a) GDPR. Any processing of your personal data beyond storage will only take place if expressly described in this Privacy Notice. If special legal obligations arise for us from health-related information, for example regarding severe disability status, we will process this data on the basis of Art. 9(2)(b) GDPR in order to comply with those legal obligations.
 
6. Data sources
Unless otherwise stated in this Privacy Policy, we collect your personal data directly from you.
 
7. Recipients of data
We may transfer your personal data to companies affiliated with us to the extent permitted by the purposes and legal bases set out above.

8. Transfer to a third country
A transfer to a third country is not intended. Insofar as external service providers come into contact with your personal data, we ensure through legal, technical, and organizational measures, as well as regular reviews, that they comply with applicable data protection laws. In addition, these service providers may use your data only in accordance with our instructions. Please note, however, that operators of applicant portals on which we place job advertisements may, in turn, process personal data in third countries. In this respect, please consult the privacy notices of the relevant applicant portals.

9. Cooperation with personnel service providers/applicant platforms 
We also work with external recruitment service providers to fill vacancies in our company and place advertisements on applicant platforms. We may have received and reviewed certain of your personal data from these third parties before contacting you. In view of our contractual arrangements with staffing service providers and applicant platforms, we assume that you have also concluded agreements with them regarding the provision of your personal data to us as a potentially interested employer, or that you have initiated the transfer of your data to us yourself. In this respect, please also refer to the privacy notices of the relevant recruitment service providers or applicant platforms. Depending on the structure of these privacy notices, it is possible that recruitment service providers or applicant platforms may provide us with additional profile information alongside your application documents. The legal basis for the transfer of your personal data to us is our legitimate interest in achieving the broadest possible selection of qualified applicants pursuant to Art. 6(1)(f) GDPR. We will process data that we obtain in this way from sources other than directly from you in the same way as applications that you send to us directly without involving recruitment agencies or applicant platforms. However, where available, we may use direct communication channels, for example those provided by applicant platforms, to exchange messages with you. After receiving your personal data, we will process it in the same way as we would in the case of an application sent directly to us. Please note that once we have received an application via a recruitment service provider or applicant platform, we will not inform you again in detail about the source of your application. Because you initiated this application yourself via a specific recruitment service provider or applicant platform, or were in any case already in contact with such provider or platform in advance, you already have the relevant information as to where we obtained your data. It is therefore not necessary to inform you again for legal reasons, Art. 14(5)(a) GDPR. Of course, we will still be happy to inform you upon request at any time from whom exactly we received your personal data.

10. Application management via Personio GmbH
As a general platform for managing the application process, we work together with Personio GmbH, Rundfunkplatz 4, 80335 Munich. Personio may process your personal data exclusively in accordance with our instructions. We have concluded a corresponding data processing agreement pursuant to Art. 28 GDPR with Personio and ensure that your data is processed lawfully in this context. All personal data provided to us as part of the application process, including your application documents, will be stored in the Personio portal and further processed by us.

11. Interviews via MS Teams/online conference
As an alternative to the traditional in-person interview, we offer the option of conducting interviews as an online meeting via video conference (hereinafter “Online Meeting”). For this purpose, we use the tool “Microsoft Teams”. “Microsoft Teams” is a service provided by Microsoft Corporation or, for users based in the EU, by Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

To the extent that you access the Microsoft Teams website or install applications, the provider of Microsoft Teams is responsible for the data processing. However, installation of the application is not required for use. If you do not wish or are unable to use the application, you may also participate via a web browser. In certain cases, participation via telephone may also be possible.

We kindly ask that you use the Microsoft Teams application or a web browser for the Online Meeting and, where appropriate, enable your camera.

When using Microsoft Teams, various types of data are processed. The scope of data processing depends in particular on the information you provide before or during your participation in an Online Meeting.

In particular, the following categories of personal data may be processed:
  • Identification data (e.g., name, email address)
  • Communication content (e.g., verbal contributions, chat messages)
  • Audio and video data
  • Metadata (e.g., time of participation, duration, IP address, technical log data)
If you use the chat function, the text you enter will be processed to display it within the Online Meeting. To enable audio and video transmission, data from your device’s microphone and, if applicable, camera will be processed for the duration of the meeting. You may switch off your camera and/or microphone at any time.

Online Meetings are generally not recorded.

Transcription Function and Microsoft 365 Copilot
In individual cases, the transcription function and the AI-powered service “Microsoft 365 Copilot” may be used to support meetings.

If the transcription function is activated, participants’ spoken contributions are automatically converted into text (transcript). The transcript typically contains the meeting content, speaker attribution, and time stamps.

Microsoft 365 Copilot may process meeting content (in particular the transcript) to provide functionality such as:
  • generating summaries,
  • structuring content,
  • enabling search and analytical functions.
Processing is carried out exclusively within our Microsoft 365 environment and based on the respective access permissions. According to our contractual arrangements, personal data is not used by Microsoft to train AI models.

The use of the transcription function is limited to cases where this is necessary. Participants will be informed in advance.

Voluntary Participation and Consent for Transcription 
Participation in a meeting with an active transcription function is voluntary. Where required, processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Any consent given may be withdrawn at any time with effect for the future.

Purposes and Legal Basis

Personal data is processed for the purpose of conducting interviews, as well as organizing and following up on the recruitment process.

The legal bases are:
  • Section 26 German Federal Data Protection Act (BDSG) (processing for employment-related purposes),
  • Art. 6(1)(b) GDPR (performance of pre-contractual measures),
  • Art. 6(1)(f) GDPR (legitimate interest in efficient communication),
  • where applicable, Art. 6(1)(a) GDPR (consent, in particular for transcription).
Retention

Personal data is only stored for as long as necessary to carry out the recruitment process. If no employment relationship is established, the data will generally be deleted no later than six months after completion of the recruitment process, unless statutory retention obligations or legitimate interests require otherwise.

Recipients and Data Transfers

Personal data processed in connection with participation in Online Meetings will generally not be disclosed to third parties unless this is necessary for conducting the recruitment process.

The provider of Microsoft Teams necessarily has access to such data as part of our data processing agreement with Microsoft.

Personal data is generally processed within the European Union (EU). We have restricted our storage location to data centers within the EU. However, it cannot be excluded that data may be routed via servers located outside the EU (e.g., if participants join from a third country). In such cases, data transmission is encrypted, and appropriate safeguards (e.g. standard contractual clauses) are in place in accordance with GDPR.

12. Use of Psychometric Assessment Method with HR Diagnostics 
As part of our recruitment process, we may – depending on the position – use scientifically validated psychometric assessment methods to support an objective and fair evaluation of applicants’ suitability. For this purpose, we cooperate with HR Diagnostics AG, Königstraße 20, 70173 Stuttgart, Germany, a specialized provider of psychological aptitude assessments in personnel selection. HR Diagnostics AG acts as a data processor on our behalf pursuant to Art. 28 GDPR and processes personal data exclusively in accordance with our instructions.

Categories of Personal Data

Within the scope of the assessment procedures, the following categories of personal data may in particular be processed:
  • master data (e.g. name, email address)
  • test results and performance data derived from the assessment procedures
  • data relating to cognitive abilities (e.g. analytical thinking, problem-solving ability, concentration)
  • job-related personality traits (e.g. work behavior, motivation, teamwork)

Depending on the specific test used, this may also include special categories of personal data within the meaning of Art. 9 GDPR.

Purpose of Processing

The processing is carried out solely for the purpose of conducting the recruitment process and assessing the applicant’s suitability for the respective position.

The test results represent an additional component of the selection process and are always considered in the overall context (e.g. interviews, qualifications, professional experience).

Conduct of the Assessment

The assessments are generally conducted online via a secure platform provided by the service provider. Participation is location-independent.

Personal data collected during the assessment is processed exclusively for the purposes described above. It is not used for any other purposes.

Legal Basis

The processing is based on:
  • Section 26 German Federal Data Protection Act (BDSG) (processing for employment-related purposes)
  • Art. 6(1)(b) GDPR (performance of pre-contractual measures)
  • Art. 6(1)(f) GDPR (legitimate interest in objective and standardized selection procedures)
  • where applicable, Art. 9(2)(a) GDPR (explicit consent), insofar as special categories of personal data are processed
Retention

Personal data collected within the recruitment process – including test results – is stored only as long as necessary for the purposes of the selection process.

If no employment relationship is established, the data will generally be deleted no later than six months after completion of the recruitment process, unless statutory retention obligations apply or further consent has been obtained.

Recipients and Data Processing

Personal data is processed by HR Diagnostics AG as a data processor. The provider is contractually obliged to process personal data only in accordance with our instructions and to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

Personal data will not be disclosed to other third parties unless required by law.

13. Talent Pool
If you do not apply for a specific job posting with us, or if we select another person for the position but would nevertheless like to consider your application for future vacancies, we may include you in our Talent Pool. However, this requires your express consent within the meaning of Art. 6(1)(a) and Art. 9(2)(a) GDPR. In such a case, we will request your consent separately. In all other respects, the general data protection information in this Privacy Notice applies accordingly.

14. Recommendation by employees (referrals)
We encourage our employees to recommend suitable candidates to us for vacant positions. Our referral process requires that employees provide us with your application materials only on the basis of your consent to share them. We will process the data we receive in connection with referrals solely for the purposes of the application process, as described in this Privacy Notice.

15. Duration of data storage
We store your personal data for as long as necessary to make a decision regarding your application. If no employment relationship is established between you and us, we may continue to store data to the extent necessary to defend against possible legal claims. The application documents will be deleted no later than six months after notification of the rejection decision, unless longer storage is required due to legal disputes or statutory retention obligations.

16. Your rights
As an applicant, you have the following data protection rights in individual cases, depending on the situation:
 
Information
You have the right to obtain information about your personal data processed by us and to request access to your personal data and/or copies of these data. This includes information on the purpose of use, the category of data used, its recipients and authorised persons and, if possible, the planned duration of data storage or, if this is not possible, the criteria for determining this duration.

Correction of inaccurate data
You have the right to request that we correct any inaccurate personal data concerning you without undue delay. Taking into account the purposes of the processing, you also have the right to request the completion of incomplete personal data, including by means of a supplementary statement.

Right of objection
Insofar as the processing of personal data concerning you is based on Art. 6(1)(f) GDPR, you have the right to object to the processing of such data at any time on grounds relating to your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or unless the processing serves the establishment, exercise, or defense of legal claims.

Right of erasure/deletion
  • You have the right to request that we erase personal data concerning you without undue delay, and we are obliged to erase personal data without undue delay if one of the following grounds applies:
  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
  • You object to the processing in accordance with section 3 above, and there are no overriding legitimate grounds for the processing.
  • The personal data have been processed unlawfully.
  • The deletion of personal data is necessary to fulfil a legal obligation under Union law or the law of the Member States to which we are subject.
This does not apply if the processing is necessary:
  • To comply with a legal obligation that requires processing under Union or Member State law to which we are subject.
  • To assert, exercise or defend legal claims.
Right to limitation of processing
You have the right to request that we restrict processing if one of the following conditions is met:
  • The accuracy of your personal data is disputed for a period of time that enables us to verify the accuracy of the personal data.
  • The processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted,
  • We no longer need the personal data for the purposes of processing, or you have lodged an objection to the processing under paragraph 3 above until it has been determined whether our legitimate reasons outweigh yours.
If processing has been restricted in accordance with this section, such personal data may, apart from being stored, be processed only with your consent or for the establishment, exercise, or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or a Member State.

Right of appeal
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the member state of your place of residence, your place of work or the place of the alleged infringement, if you are of the opinion that the processing of personal data relating to you violates the GDPR. The competent supervisory authority regarding data protection issues is the Bavarian State Office for Data Protection Supervision (BayLDA).

17. Automated decision-making
No automated decision-making within the meaning of Art. 22 GDPR takes place, i.e. the decision on your application is not based exclusively on automated processing.

18. Withdrawal of the application
Upon receipt of your application, we will send you an e-mail confirming receipt of your application. Thus, you know that you have applied successfully. However, if you wish to withdraw your application shortly afterwards and request the deletion of the data accordingly, please write to us via E-Mail: recruiting@asset-metrix.com.

19. Reimbursement of travel expenses 
If you have traveled to a personnel selection interview, it is possible that in some cases we will reimburse the travel expenses incurred by you and proven to us. For this purpose, we process the necessary additional information on the basis of Section 26 (1) Sentence 1 BDSG, namely your bank account details, information on travel expense reimbursement claims incurred including receipts (cab, fuel receipt, train ticket or similar).

20. Changes to this privacy policy
We reserve the right to change this privacy policy at any time in compliance with the applicable data protection regulations.

June 2026
© AssetMetrix GmbH

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.