Dear applicants, we appreciate your interest in the open job vacancies at Lightcurve GmbH. Your privacy is important to us. We would therefore like to acquaint you with how we handle the information you send and provide us with.
I. Collection, processing and use of your personal data
1. Responsible entity and data protection officer
The entity responsible for collecting, processing and using your personal data in accordance with Art. 4 no. 7 of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") is Lightcurve GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter referred to as “Lightcurve” or “Data Controller”).
The data protection officer of Lightcurve is Mr. Frederic Hannesen, Köpenicker Straße 126, 10179 Berlin, and can be reached at the following e-mail address: firstname.lastname@example.org.
2. Scope of the data collected
Submitted application documents and other data collected in the course of the application process can personally relate to you as an applicant. As such, they are considered personal data in the meaning of Art. 4 no. 1 GDPR.
In principle, you yourself decide which data you want to send us with your application. However, we would like to point out that the lack of information about your training and your career path means that we cannot evaluate your application sufficiently with regard to an advertised position with us. Therefore, where some crucial information might be missing from your application, we would not be able to consider it.
In addition, we collect personal data from you during job interviews, which can take place as part of the progress of the application process.
We do not advise you to send us any data that is considered to be sensitive personal data in the meaning of Art. 9 GDPR, i.e. information on your racial or ethnic origin, sexual orientation, marital status, political affiliation, religion or any other beliefs, health, criminal records or a trade union membership.
3. Legal basis for the processing of personal data and their retention periods.
The collection and processing of your personal data is necessary to reach a decision leading to a potential employment relationship. The legal basis for this is § 26 Abs.1 of the Federal Data Protection Act (BDSG) in combination with Art. 6 para. 1 sentence 1 lit. b GDPR.
Under this legal basis, these data will be kept for the duration of the recruitment process.
If your application is unsuccessful, we might retain your data beyond the recruiting time frame in Lightcurve’s legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), e.g.: defence against legal claims, for a period not exceeding 6 months.
If you voluntarily provide us with sensitive personal data as part of your application process, the legal basis for the collection and processing is Art. 9 Para. 4 GDPR, § 26 Para. 3 BDSG.
II. Recipients of your personal data and where it is stored
Insofar as we disclose data to other persons and companies (Data Processors) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this only takes place on the following legal basis: consent Art. 6 para. 1 letter a GDPR, performance of a contract Art. 6 para. 1 letter b GDPR, a legal obligation Art. 6 para. 1 letter c GDPR, our legitimate interests Art. 6 para. 1 letter f GDPR.
1. Data processors
The following categories of third-party providers (Data Processors) are used to enable the work of our website and to communicate with you
- Email provider.
- CRM software provider.
- Cloud storage providers.
If you wish to receive a complete and exhaustive list of all companies to which your personal data is transferred to, please contact our Data Protection Officer at email@example.com or our legal counsel at firstname.lastname@example.org.
2. Data storage location
Switzerland was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.
If we transfer data to a third party located outside of the EEA which is not in a White Listed Country, as data exporters, we enter into the European Commission’s model contracts (“SCCs”) for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) with the relevant data importer. Prior to entering into SCCs we assess, on a case-by-case basis, as outlined in the CJEU decision in Case C‑311/18 [also known as Schrems II] on 16.07.2020, whether an adequate level of data protection, comparably to the level of data protection within the EU is given in the country where the data will be transferred to. If the appropriate level of protection is not given, additional protection provisions and measures will be contractually agreed and/or implemented by us to ensure the protection of personal data.
III. Your rights and storage periods
1. Your rights
As a data subject you have the following rights under the legal provisions:
With regard to the processing of personal data, you may request information from the Data Controller (Art. 15 GDPR), have incorrect or incomplete personal data concerning you corrected or completed (Art. 16 GDPR) and, in particular, exercise your right to erasure ("right to be forgotten") (Art. 17 GDPR). In addition, you may request that the processing be restricted (Art. 18 GDPR) and that the data be preserved and transferred to another responsible party (Art. 20 GDPR).
You may also object at any time to the future processing of the personal data relating to you pursuant to Art. 21 GDPR, for the data we have collected in our legitimate interest. Provided that it was collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and there are no compelling legitimate reasons on our part to the contrary.
If you are of the opinion that we have in any way processed your data against data protection laws, please let us know how. You can, in any case, complain to a supervisory authority (Art. 77 GDPR). The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based, which is in our case Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin, https://www.datenschutz-berlin.de/.
2. Storage periods
If the application procedure does not lead to your recruitment, we will regularly delete and destroy your data as soon as a period of 6 months has elapsed after your or our final rejection. The legal basis for the duration of this storage is Art. 6 para. 1 lit. f GDPR (“legitimate interest”), to protect us against legal claims in regard to the applicant’s rejection.
If your application procedure leads to employment, we will include your application document in your personnel file on the legal basis of Art. 6 para. 1 sentence 2 lit. b GDPR, § 26 para. 1 BDSG.