Logo

Data protection information for applicants

 
We are very pleased that you are interested in our company. We would like to provide you with all the necessary information about the processing of your personal data in relation to your application.
 
 
 
1. Controller
 
The controller for data processing within the meaning of data protection law is the LORENZ company named in the job advertisement. The respective contact details are also listed there.
 
You can find more information about our company, details of the authorised representatives and further contact options on our website: https://www.lorenz.cc/
 
 
 
2. Contact details of the data protection officer
 
Boris Reibach
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn
Germany 
Tel.: (+49) 0228-227 226 0
https://www.scheja-partners.de/en/contact/contact.html 
 
 
 
3. Purposes and legal bases of processing
 
3.1. Conducting the application process
We process your personal data in order to check your suitability for the position (or, if applicable, other open positions in our companies) and to carry out the application process.
 
Data processing for the purpose of conducting the application procedure is carried out on the basis of Art. 6(1)(b) GDPR (performance/initiation of a contract). We process special categories of personal data, if necessary, on the basis of Art. 6(1)(b) GDPR, § 26(3)(1) German Federal Data Protection Act (“Bundesdatenschutzgesetz” – BDSG), Art. 9(2)(b) GDPR.
 
3.2. Defence against legal claims
If necessary, we process your personal data if this is required for defence against legal claims asserted as part of the application process.
 
Any data processing for defence purposes in the context of legal disputes is carried out on the basis of Art. 6(1)(f) GDPR (balancing of interests). The legitimate interests here lie in being able to prove the lawful conduct of the application process in any legal proceedings. We process special categories of personal data in this context, if necessary, on the basis of Art. 6(1)(f) and Art. 9 (2)(f) GDPR.
 
3.3 Inclusion in the talent pool
If your application has not led to an employment with us and you have allowed us to include your application data in our talent pool for future job postings, we will also process your personal data in order to be able to consider you for future job postings and to contact you, as well as to be able to prove your consent in this regard.
 
Data processing for inclusion in the talent pool is carried out on the basis of Art. 6(1)(a) GDPR (consent) in conjunction with § 26(2) BDSG.
 
If we also process special categories of personal data on the basis of your consent, the data processing is carried out on the basis of Art. 6(1)(a), 9(2)(a) GDPR in conjunction with § 26(2), (3) BDSG.
 
You have the right to withdraw your consent at any time. We will then no longer process your personal data on the basis of your consent. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. This means that processing carried out before consent was withdrawn remains lawful.
 
The data processing for the proof of your consent is carried out on the basis of Art. 6(1)(c) in conjunction with Art. 5(1)(a), (2), Art. 7(1) GDPR.
 
 
 
4. Sources and categories of personal data
 
As part of the application process, we only process the personal data that is related to your application and that is necessary to determine your professional and personal abilities in relation to the vacancy.
 
This may include the following:
 
  • Contact details, including your name, address and telephone number;
  • Data on your education and qualifications;
  • Data on any further training measures and additional qualifications;
  • Other information that you provide to us during the application process.
 
Insofar as we collected your personal data from third parties, these originate from the following sources:
 
  • Personnel recruiters/headhunters;
  • Job markets and job search engines;
  • Your publicly viewable profile in professional social media networks (such as StepStone, Monster, LinkedIn, Xing).
 
 
 
5. Recipients of the data
 
After receipt of your application, it will be reviewed by the Human Resources department. Suitable applications are then forwarded internally to the respective department heads for the open position. The next steps will then be agreed. Within the company, access to your data is restricted to those individuals who require it for the proper processing of our application procedure.
 
Data will only be passed on to recipients outside our company to the extent permitted or required by law or with your consent. External recipients may be:
 
  • Public authorities: Authorities and state institutions, such as public prosecutors, courts or tax authorities, to which we may be obliged to transfer personal data in individual cases.
  • Data processors: Service providers that we use to provide services or that are entrusted with the maintenance of our IT systems.
  • Our affiliated group companies LORENZ Archiv-Systeme GmbH, LORENZ Bridge Software GmbH and LORENZ Life Sciences GmbH, with the exception of the LORENZ company that is named as the employing company to the job advertisement.
  • Other private bodies: Private bodies to which we transfer your personal data, for example lawyers, tax advisor, auditors.
 
 
6. Transfer to third countries
 
As part of your application process, your personal data may be transferred to recipients that are not located in a member state of the European Union or in another state party to the Agreement on the European Economic Area. In such cases, we ensure before the transfer that, except in exceptional cases permitted by law, either an adequate level of data protection exists at the recipient (e.g. through an adequacy decision by the European Commission or through appropriate safeguards such as the agreement of so-called EU standard data protection clauses of the European Commission with the recipient) or your explicit consent has been obtained. You can obtain a copy of these safeguards from us. Please use the contact details provided in Section 1 of this data protection information.
 
 
 
7. Storage period
 
In the event of a rejection, your personal data will generally be deleted six months after the end of the application process.
 
If we process your personal data in order to defend ourselves against legal claims asserted against us as a result of the application process, we will store your data for as long as is necessary for the aforementioned purpose.
 
If you have agreed to the further storage of your personal data, we will transfer your data to our talent pool. The data in the pool will be deleted after a maximum of two years after the inclusion in our talent pool. If you withdraw your consent, we will delete your data immediately.
 
We will delete the personal data that we process to prove your consent three years after the end of the year in which you withdrew your consent or it expired (see above).
If you have been offered a job as part of the application process, the data will be transferred from the applicant data system to our Human Resources information system.
 
 
 
8. Your rights
  • You have the following rights in connection with the processing of your data:
  • Request information about the processing of personal data concerning you and a copy of this data (right to information in accordance with Art. 15 GDPR);
  • Request the rectification of inaccurate data and, taking into account the purposes of the processing, the completion of incomplete data (right to rectification in accordance with Art. 16 GDPR);
  • to request the erasure of your data where there are legitimate grounds for doing so (right to erasure in accordance with Art. 17 of the GDPR);
  • to request the restriction of the processing of your data where the legal requirements are met (right to restriction of processing in accordance with Art. 18 of the GDPR);
  • to receive the data you have provided in a structured, commonly used and machine-readable format and to transmit those data to another controller or to have them transmitted by us where technically feasible (right to data portability pursuant to Art. 20 GDPR);

Right to object

Right to object in individual cases

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Art. 6(1)(f) GDPR, including profiling based on those provisions. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
  • Insofar as the processing of your data is based on consent, you also have the right to withdraw your consent at any time, without affecting the lawfulness of the processing of your data carried out on the basis of the consent until withdrawal.
      
 
You can contact us at any time to assert your aforementioned rights as a data subject. To do so, please use the contact details of the data controller provided in section 1 above.
 
If you believe that the processing of your personal data violates data protection law, you can also file a complaint with a supervisory authority, in particular in the EU member state or federal state of your habitual residence, place of work or the place of the alleged infringement you are objecting to.
 
This also applies to the supervisory authority responsible for us:
 
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Gustav-Stresemann-Ring 1
65189 Wiesbaden 
Tel.: 0611-1408-0
Fax: 0611-1408-611 
E-Mail: poststelle@datenschutz.hessen.de
 
 
 
9. Requirement to provide personal data
 
You are neither contractually nor legally required to provide us with personal data. However, the provision of certain personal data is necessary for the application process and for the decision to enter into an employment contract.
 
If you do not provide us with all the personal data required for the application process, we will not be able to consider you in the application process.
 
If you do not allow us to include your application data in our talent pool for future job postings, we will also not be able to consider you for future job postings.
 
 
 
10. Automated decision-making
Automated decision-making in individual cases within the meaning of Art. 22 GDPR does not take place in connection with your applicaton process.