Privacy Policy - Applicants - Employee Positions

Dear applicants, we appreciate your interest in the open job vacancies at Lightcurve GmbH. Your privacy is important to us. We would therefore like to acquaint you with how we handle the information you send and provide us with.


First of all, we would like to point out that this is the Privacy Policy regarding the handling of personal data in the context of applications for jobs advertised by Lightcurve GmbH. Independently of or in addition to this Privacy Policy, the general Privacy Policy of Lightcurve applies when using the Lightcurve homepage (


I. Collection, processing and use of your personal data


1. Responsible entity and data protection officer

The entity responsible for collecting, processing and using your personal data in accordance with Art. 4 no. 7 of the EU General Data Protection Regulation (hereinafter referred to as "GDPR") is Lightcurve GmbH, Köpenicker Str. 126, 10179 Berlin (hereinafter referred to as “Lightcurve” or “Data Controller”).


The data protection officer of Lightcurve is Mr. Frederic Hannesen, Köpenicker Straße 126, 10179 Berlin, and can be reached at the following e-mail address:


2. Scope of the data collected

Submitted application documents and other data collected in the course of the application process can personally relate to you as an applicant. As such, they are considered  personal data in the meaning of Art. 4 no. 1 GDPR.

In principle, you yourself decide which data you want to send us with your application. However, we would like to point out that the lack of information about your training and your career path means that we cannot evaluate your application sufficiently with regard to an advertised position with us. Therefore, where some crucial information might be missing from your application, we would not be able to consider it.

In addition, we collect personal data from you during job interviews, which can take place as part of the progress of the application process.

We do not advise you to send us any data that is considered to be sensitive personal data in the meaning of Art. 9 GDPR, i.e. information on your racial or ethnic origin, sexual orientation, marital status, political affiliation, religion or any other beliefs, health, criminal records or a trade union membership.


3. Legal basis for the processing of personal data and their retention periods. 

The collection and processing of your personal data is necessary to reach a decision leading to a potential employment relationship. The legal basis for this is § 26 Abs.1 of the Federal Data Protection Act (BDSG) in combination with Art. 6 para. 1 sentence 1 lit. b GDPR.

Under this legal basis, these data will be kept for the duration of the recruitment process.

If your application is successful and we offer you an employment contract that you eventually sign, this data will be processed in accordance with our Employee Privacy Policy.
If your application is unsuccessful, we might retain your data beyond the recruiting time frame in Lightcurve’s legitimate interest (Art. 6 para. 1 sentence 1 lit. f GDPR), e.g.: defence against legal claims, for a period not exceeding 6 months. 

If you voluntarily provide us with sensitive personal data as part of your application process, the legal basis for the collection and processing is Art. 9 Para. 4 GDPR, § 26 Para. 3 BDSG.

If you disclose personal information about others in your application, you declare and warrant that you are authorized to do so and that you will permit us to use such information in accordance with this Privacy Policy. The legal basis for the collection and processing of this data is Art. 6 para. 1 S, 1 lit. a, b, c GDPR.


II. Recipients of your personal data and where it is stored

Insofar as we disclose data to other persons and companies (Data Processors) within the scope of our processing, transfer them to them or otherwise grant them access to the data, this only takes place on the following legal basis: consent Art. 6 para. 1 letter a GDPR, performance of a contract Art. 6 para. 1 letter b GDPR, a legal obligation Art. 6 para. 1 letter c GDPR, our legitimate interests Art. 6 para. 1 letter f GDPR.

1. Data processors

The following categories of third-party providers (Data Processors) are used to enable the work of our website and to communicate with you

  • Email provider.
  • CRM software provider.
  • Cloud storage providers.

If you wish to receive a complete and exhaustive list of all companies to which your personal data is transferred to, please contact our Data Protection Officer at or our legal counsel at

2. Data storage location

The information that we collect from you is transferred, stored, and processed within the EEA, Switzerland, the United States, and in other countries where our Data Processors are located. We will take all reasonable steps to ensure that your personal data is treated securely when transferred outside of the EU, with a level of protection adequate to GDPR and in accordance with this Privacy Policy.

Whitelisted countries

Switzerland was found to have an adequate level of protection for personal data under European Commission Decision 2000/518/EC of 26 July 2000.

Model clause

If we transfer data to a third party located outside of the EEA which is not in a White Listed Country, as data exporters, we enter into the European Commission’s model contracts (“SCCs”) for the transfer of personal data to third countries (i.e., the standard contractual clauses pursuant to Decision 2010/87/EU) with the relevant data importer. Prior to entering into SCCs we assess, on a case-by-case basis, as outlined in the CJEU decision in Case C‑311/18 [also known as Schrems II] on 16.07.2020, whether an adequate level of data protection, comparably to the level of data protection within the EU is given in the country where the data will be transferred to. If the appropriate level of protection is not given, additional protection provisions and measures will be contractually agreed and/or implemented by us to ensure the protection of personal data.


III. Your rights and storage periods


1. Your rights

As a data subject you have the following rights under the legal provisions:  

With regard to the processing of personal data, you may request information from the Data Controller (Art. 15 GDPR), have incorrect or incomplete personal data concerning you corrected or completed (Art. 16 GDPR) and, in particular, exercise your right to erasure ("right to be forgotten") (Art. 17 GDPR). In addition, you may request that the processing be restricted (Art. 18 GDPR) and that the data be preserved and transferred to another responsible party (Art. 20 GDPR). 

You may also object at any time to the future processing of the personal data relating to you pursuant to Art. 21 GDPR, for the data we have collected in our legitimate interest. Provided that it was collected on the basis of Art. 6 para. 1 sentence 1 lit. f GDPR and there are no compelling legitimate reasons on our part to the contrary.

If you are of the opinion that we have in any way processed your data against data protection laws, please let us know how. You can, in any case, complain to a supervisory authority (Art. 77 GDPR). The responsible supervisory authority for data protection issues is the data protection officer of the federal state in which our company is based, which is in our case Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstraße 219, 10969 Berlin,


2. Storage periods

If the application procedure does not lead to your recruitment, we will regularly delete and destroy your data as soon as a period of 6 months has elapsed after your or our final rejection. The legal basis for the duration of this storage is Art. 6 para. 1 lit. f GDPR (“legitimate interest”), to protect us against legal claims in regard to the applicant’s rejection. 

If your application procedure leads to employment, we will include your application document in your personnel file on the legal basis of Art. 6 para. 1 sentence 2 lit. b GDPR, § 26 para. 1 BDSG.


IV. Updates of this Privacy Policy

Further development of our website and the implementation of new technologies to improve our recruitment process may require changes to this Privacy Policy. We therefore recommend that you re-read this Privacy Policy from time to time, especially if you re-apply for an advertised position.


V. Disclaimer

The operators of the linked pages are solely responsible for their content. Please note that by clicking on a link you will be redirected to another website or document. These offers can be beyond Lightcurve's sphere of influence. Liability is excluded. We refer you to their privacy policy.