Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Privacy Notice Regarding Applications
– Information pursuant to Articles 13 and 14 of the General Data Protection Regulation (GDPR)

Thank you very much for your application to KRÜSS GmbH!

Below, we inform you about the processing of your personal data (Art. 4 No. 2 GDPR) in connection with your application submitted to us.

Who is responsible for data processing and whom can I contact?

We take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory provisions of the relevant data protection laws, in particular the European General Data Protection Regulation (GDPR).

The controller responsible for processing your personal data is:

KRÜSS GmbH
Scientific Laboratory Instruments
Borsteler Chaussee 85
22453 Hamburg
Germany

Contact details of the Data Protection Officer of the controller:

You can contact our Data Protection Officer at the postal address above, adding “To the Data Protection Officer”, or via email at privacy-officer@kruss.de. Our Data Protection Officer will also be happy to answer your questions, suggestions, or comments regarding data protection.

What data do we process, for what purpose, and on what legal basis?

We process personal data that we receive from you as part of the application process. This includes, among other things, master data (such as gender, name, address, telephone numbers, and email address, date of birth, marital status, etc.), where applicable health data, reimbursement data for travel expenses (bank details, travel data such as arrival and departure), data on school and professional education, data on extracurricular interests, data on the content of former/current employment relationships, passport photos, and other data that you have voluntarily provided to us during the application process.

To make the application process transparent for you, you can register in our application portal. For this purpose, you must provide your first and last name, country/region of residence, email address, and a password. This data is required to create and manage an account for you in the career portal. We also require this and possibly other data to respond to requests, questions, or feedback. The legal basis for processing is Art. 6(1)(b) GDPR.

The following data are stored separately from other data that you may transmit when visiting our career page: date and time of access, browser type and version, operating system used, URL of the previously visited website, amount of data transmitted, and the IP address of access. This data is stored exclusively for technical reasons and is not assigned to any specific person at any time. The legal basis is Art. 6(1) sentence 1 lit. f GDPR.

We process and analyze documents uploaded by you in order to extract résumé data and convert it into a structured format (so-called “CV parsing”). The legal basis for processing is Art. 6(1)(b) GDPR in conjunction with Section 26(1) German Federal Data Protection Act (BDSG) as well as Art. 6(1) sentence 1 lit. f GDPR, in order to establish an employment relationship and make the application process efficient for you.

After conclusion of an employment contract, data are stored in the personnel file. These data then serve as a basis for future professional development (e.g., identifying training and development opportunities/needs, promotion opportunities depending on existing qualifications, etc.). After conclusion of an employment contract, the data are also stored in the personnel file for misuse control. The legal basis for this processing is Art. 6(1)(b) GDPR and Art. 6(1) sentence 1 lit. f GDPR.

Cookies

We may use so-called cookies on some of our websites. Information about the cookies used can be found on the website or in the career portal under Privacy.

Social Share Buttons

There is an option to share job postings on various social networks. Different buttons are provided for each network. After clicking one of these buttons, you will be redirected to the respective networks and to their login pages. These buttons are not plug-ins and do not transmit personal data directly to the operators of the social networks. Currently, you can share job postings on the following social networks:

You can also find information at the links provided on how these social networks handle your personal data.

Who receives my data?

Within KRÜSS GmbH, only those departments that are involved in preparing and carrying out the application process have access to your data. These include employees in the Human Resources department, the specialist departments in which a position is to be filled, managers, and potential supervisors. In addition, the Works Council has access to the application documents. All KRÜSS employees are obliged to maintain confidentiality regarding personal data within the framework of their employment contracts.

We have implemented the necessary organizational and technical measures to ensure the confidentiality of your application and the security of your data.

Your data will be stored, evaluated, processed, or forwarded internally exclusively for the purposes of your application. Your data will only be transferred to third parties if this is necessary for the aforementioned purpose.

Where we use third-party services (so-called processors) to carry out and handle processing activities, the provisions of the GDPR are complied with. Service providers who support us in providing our services to you include:

  • IT service providers

  • Hosting providers

  • Email service providers

  • Data destruction service providers

  • Providers for video conferences and online meetings

  • Document archiving and destruction services

To carry out the application process, we use the applicant management system of
Personio SE & Co. KG, Seidlstraße 3, 80335 Munich.

Personio processes personal data on our behalf within the framework of data processing pursuant to Art. 28 GDPR. Processing takes place exclusively on our instructions and on secure European servers.

How long will my data be stored?

Where necessary, we process and store your personal data for the duration of the application process. Otherwise, the application process ends when the applicant receives a rejection. The data will be deleted no later than six months after receipt of the rejection. This does not apply where processing and storage of personal data are necessary in a specific case for the assertion, exercise, or defense of legal claims (duration of a legal dispute).

In individual cases, certain data may be stored for longer periods (e.g., travel expense reimbursement). The storage period is then determined by statutory retention obligations, for example under the German Fiscal Code (6 years) or the German Commercial Code (10 years). Finally, the storage period is also determined by statutory limitation periods, which, for example under Sections 195 et seq. of the German Civil Code (BGB), may be up to thirty years, although the regular limitation period is three years.

If you have consented to further storage of your personal data, we will include your data in our applicant pool. The data will be deleted there after two years. You may withdraw your consent at any time.

If an employment contract is concluded, the data from the applicant data system will be transferred to a personnel file.

What data protection rights do I have?

Every data subject has the right of access pursuant to Art. 15 GDPR, the right to rectification pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to restriction of processing pursuant to Art. 18 GDPR, and the right to data portability pursuant to Art. 20 GDPR. To exercise these rights, you may contact the controller (see section 1).

Where the processing of your personal data is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, you may object to such processing in accordance with the statutory provisions of Art. 21 GDPR. The objection may be made informally, including via privacy-officer@kruss.de.

If you have given us consent to collect your data, you may withdraw this consent at any time without formal requirements, including via privacy-officer@kruss.de.

Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR) if you believe that the processing of your personal data is unlawful.

Am I obliged to provide data?

There is no legal or contractual obligation to provide data. However, within the application process, you should provide only the personal data required to initiate and carry out the application. Without this data, we will have to reject your participation in the application process.

To what extent is automated decision-making used in individual cases?

Our decision-making within the application process is not based on automated processing pursuant to Article 22 GDPR.

We wish you every success with your application!

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.