Privacy Policy for applicants (m/f/d)

We are happy that you are interested in joining us and that you are applying or have applied for a position in our company. You can send us your application by email or by regular post.

We would like to provide you with the following information on the processing of your personal data in connection with your application.

Entity responsible for data processing and contact details

Responsible party in the sense of data protection law:
PROMATIS software GmbH
Pforzheimer Str. 160
76275 Ettlingen
Phone: +49 7243 2179 – 0

We have appointed a data protection officer in our company, who can be contacted as follows:
PROMATIS software GmbH
– Data Protection Officer –
Pforzheimer Str. 160
76275 Ettlingen

Purpose and legal basis of the processing of personal data

In the following, we explain the purpose for which and the legal basis on which we process your data:

  • Consent to data processing pursuant to Art. 6 para. 1 lit. a of the General Data Protection Regulation (GDPR).
    By submitting your application documents, you give us your consent to process the data as part of the relevant application process.
  • Implementation of pre-contractual measures according to Art. 6 para. 1 lit. b of the General Data Protection Regulation (GDPR).
    In the context of our applicant selection processes, pre-contractual measures may be taken for which your data will be used.
  • Safeguarding legitimate interests according to Art. 6 para. 1 lit. f of the General Data Protection Regulation (GDPR).
    Your data may be used for a balancing of interests for the protection of legitimate interests on our part or on the part of third parties. In the described application framework, this involves the topic of IT security and the application for the enforcement and defense of legal claims and interests.

Collection of your data

We store all data that you provide to us by submitting your application. This includes, among other things, your contact details, your application documents (CV, cover letter, previous work experience, education and certificates as well as our notes from interviews with you), your desired salary, the type of employment you are seeking and the date available. In addition, this also applies to any other data you provide to us, including any correspondence you have with us during the application process.

We may also obtain the above data about you from other sources, including recruitment agencies, the references you provide to us, websites and other publicly available data on the internet. This includes, for example, data that you have made obviously public as part of an online profile. We may also receive data that you provide to us via third-party websites, e.g. from online job platforms such as Stepstone or Monster.

In addition, we require your account details, name and address as soon as you request reimbursement of travel expenses as part of your application. If the data was not already collected when you submitted your application, it will be requested from you personally.

Recipients of your data

Otherwise, we conduct our selection process in-house with our own personnel. As a matter of principle, only employees who need your data for the proper conduct of the application process are granted access to it. Our employees are bound to confidentiality and trained in data protection.

Other recipients of your personal data are companies associated with us. Your data will not be passed on to other third parties.

Duration of the storage of your data

After the application process has been completed, your application data will be deleted after 6 months. If we have received your application via a personnel service provider, we will store your surname, first name, date of birth and email address for 24 further months.

In the context of the settlement of travel expenses, a retention period of 10 years applies for the storage of the required data.

If you accept employment with us, we will store your personal data throughout the duration of your employment in accordance with the employee privacy notice we provide to you upon acceptance of employment.

Your rights / further information

Right of objection

Pursuant to Art. 21 of the General Data Protection Regulation (GDPR), you have the right to object to the processing of data that has been or will be collected on the basis of your consent (Art. 6 (1) (f) GDPR) at any time on grounds relating to your particular situation. If you exercise your right to object, your data will not be further processed unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves, for example, to assert, exercise or defend legal claims.

Furthermore, you are free at any time to withdraw your application and thus your consent pursuant to Art. 6 para. 1 lit. a of the General Data Protection Act (GDPR). In this case, we commit to deleting your data in accordance with the above-mentioned deadlines (see " Duration of the storage of your data").

Right of revocation in the case of consent

Insofar as the data processing is based on your consent, you have the right to revoke the consent at any time. This also applies to the revocation of declarations of consent that you gave us before the GDPR came into force on May 25, 2018. The revocation of consent is for the future and does not affect the lawfulness of the data processed until the revocation. The revocation of consent can be submitted by email to the Data Protection Officer. Alternatively, you can choose any other way to notify us of the withdrawal of consent. However, you must prove your identity with two factors.

Further data protection rights according to Art. 13 para. 2 lit. b/d GDPR

In addition to your right to object, in accordance with the provisions of the GDPR, you have a

  • Right to disclosure (Art. 15 GDPR, § 34 BDSG)
  • Right to correction (Art. 16 GDPR)
  • Right to deletion (Art. 17 GDPR, § 35 BDSG)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to appeal to a data protection regulatory authority (Art. 77 GDPR, § 19 BDSG)