Information to Job Applicants about Data Processing
The protection of your personal data is a matter of great importance to us and a high priority for our company. Adherence to these legal stipulations is a matter of course for us. The following information provides an overview of how we process your personal data, and your rights under data protection law.
1. Who is responsible for data processing?
Bio‑Hybrid GmbH is responsible for data processing.
90408 Nuremberg (Germany)
You can contact our company’s data protection officer at:
Data Privacy Officer
90408 Nuremberg (Germany)
2. For what purpose do we process your data (purpose of processing) and what is the legal basis for this?
We process your personal data in accordance with the terms of the European General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG):
Subject to your consent (article 6, paragraph 1a of the GDPR)
If you have given your consent for us to process personal data for specific purposes, it is lawful for us to process these data based on this consent. A declaration of consent that has been made can be revoked at any time. Please note that this revocation only applies for the future. Data processing that took place prior to the revocation remains unaffected.
Justification, implementation, and termination of an employment relationship (§ 26, paragraph 1 of the German Federal Data Protection Act / BDSG)
Your personal data is used to justify (e.g. as part of the application process), to implement, or to terminate your employment relationship with Bio‑Hybrid GmbH. This processing can also take place on the basis of a collective agreement (for example company agreement, union agreement).
3. What data relating to me will be processed?
We will process the following data or data categories relating to you:
- Personnel data
- Contact data
- Application documents incl. curriculum vitae
4. From what sources do my data originate?
We have received your data from you personally.
5. Who can access my data?
Within the Bio‑Hybrid GmbH, your data are accessible to those parties who require access to them according to the so-called “Least Privilege” principle (assignment of rights of use in the smallest possible scope) and the need-to-know principle (knowledge of data only when required). Service providers and vicarious agents employed by us may receive data from us for these purposes if this is necessary, it is required by law, you have given your consent, or processors commissioned by us required that the specifications of the GDPR and the German Federal Data Protection Act (BDSG) will be observed. Under these prerequisites, recipients of personal data can include persons and administrators of the system involved in the selection process.
6. Are data transferred to third-party countries or international organizations?
The transfer of data to countries outside of the EU/EEA (so-called “third-party countries”) only takes place when necessary or legally proscribed, when you have given us your consent, or as part of the processing of an order. If service providers in third-party countries are employed, they are obliged to confirm that they will observe the European level of data security by agreeing in writing to the EU’s standard contractual clauses.
7. How long will my data be stored?
We will process and store your personal data for as long as this is necessary for the respective purpose. If your data are no longer required or do you have object to the data processing, they will be deleted regularly after 6 months, unless legal obligations to preserve records prevent this deletion. Your data can be stored for one year If you have given us your consent.
8. Am I under obligation to provide data?
As part of the conclusion of contracts, you are obliged to provide such personal data as are necessary to justify, implement, and terminate the contract and fulfill the obligations arising from it, or such personal data as Bio‑Hybrid GmbH is obliged to record. Without these data, no contracts can be concluded with Bio‑Hybrid GmbH.
9. What data protection rights do I have?
You have the right to the following:
- Information regarding your personal data that have been processed in accordance with article 15 of the GDPR
- Correction of incorrect personal data according to article 16 of the GDPR
- Deletion of your personal data according to article 17 of the GDPR
- Restriction of data processing according to article 18 of the GDPR
- Objection according to article 21 of the GDPR
- Data portability according to article 20 of the GDPR
The restrictions specified in §§ 34 and 35 of the German Federal Data Protection Act / BDSG apply to the right to information and the right to deletion. You additionally have the right to complain to the supervisory authority for data protection according to article 77 of the GDPR in conjunction with § 19 of the German Federal Data Protection Act / BDSG.
10. To what extent are decisions made automatically?
Automated decisions are decisions that are made exclusively by a machine, without evaluation by a natural person. We generally do not use any automated decision-making systems in accordance with article 22 of the GDPR. Should we use such systems in individual cases, we will inform you of this separately provided that this is legally required and if necessary obtain your prior consent.
11. Does “profiling” take place?
“Profiling” refers to any kind of automated processing of personal data for the purpose of analyzing or predicting the working performance, financial status, health, personal preferences, interests, reliability, conduct, location, or relocation of a natural person. Bio‑Hybrid GmbH generally does not use “profiling”. Should we use such systems in individual cases, we will inform you of this separately provided that this is legally required and if necessary obtain your prior consent.