1. General
We are providing this privacy statement, which relates solely to data collected during the online application process, to inform you about how we handle your personal data collected during the application process.
‍

2. Controler
Controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member states of the European Union, and other provisions related to data protection is:

UnternehmerTUM GmbH
Lichtenbergerstr. 6
85748 Garching bei München
Deutschland
+49 89 18 94 69 0
info@unternehmertum.de
www.unternehmertum.de
‍

3. Data Protection Officer
The Data Protection Officer of the controller is:

Alexander Stolberg-Stolberg
SVDFJ Rechtsanwälte
Oberanger 30
80331 München
Deutschland
+49 89 210 25 120
stolberg@unternehmertum.de
www.svdfj.de

Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.
‍

4. Application Process
‍In the context of online applications, your data (name/first name and email address) is stored and evaluated for the purposes of the advertisement and application process using the Recruitee program. As soon as you select an offer via Recruitee, a cookie is only set when you click on the button in order to be able to view the offer.If you send us an application but there is no suitable vacancy available at the moment, we would like to keep a copy of your application documents in individual cases, even beyond the duration of a single application procedure. In this case, however, we will first obtain your consent.Further information on the processing of applicant data can be found in the data protection declaration of the online applicant tool at https://recruitee.com/de/privacy-policy.
The personal data required as part of the application process is passed on to and processed by other service providers, e.g. cloud providers.
‍

5. Basis and Purposes for Processing Personal Data
a) If you apply to us electronically, i.e. by e-mail or via our web form, we will collect and process your personal data for the purpose of processing the application procedure and carrying out pre-contractual measures
b) By submitting an application on our page, you express your interest in participating in the respective batch of DPS In this context, you provide us with personal data that we use and store exclusively for the purpose of your application.
c) In particular, the following data are collected:
- Name (first and last name)
- E-mail address
- Phone number
d) You also have the option of uploading your CV and references. These may contain further personal data such as date of birth, address, etc.
e) Only authorized employees involved in the application process have access to your data.
f) Personal data is stored exclusively for the purpose of the application process and if accepted to administrate your participation in the batch for which you have applied for.
g) Your data will be stored for a period of 12 months beyond the end of the application process. This is usually done in order to fulfil legal obligations or to defend against any claims arising from legal regulations. Subsequently, we are obliged to delete or anonymize your data. In this case, the data is only available to us as so-called metadata without direct personal reference for statistical evaluations (for example, the proportion of women or men in applications, number of applications per period, etc.).
‍

6. Google Firebase
DPS uses the Storage module of Google Firebase (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) to update content. In these cases, data can be transferred to all Google data centers (also in non-EU countries without an adequate level of data protection, in particular, the USA) without appropriate safeguards within the meaning of Art. 46 GDPR. In its judgment of 16 July 2020, Case C-311/18 (“Schrems II”), the ECJ found that an adequate level of data protection cannot be guaranteed in the USA. On the one hand, there is a risk of access to the transferred data by US security authorities without the possibility of effective legal remedies. On the other hand, there are no enforceable data subject rights. The transfer therefore only takes place with your express consent on the basis of Art. 49 (1) GDPR. Further information on dataprotection in connection with Google Firebase can be found at: https://www.firebase.com/terms/privacy-policy.html
‍

7. Disclosure of Data to Third Parties
The data transmitted as part of your application will be transferred via TLS encryption and stored in a database.
‍

8. Legal Basis
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any other service, the processing is based on Article 6(1) lit. b GDPR. The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. Is our company subject to a legal obligation by which processing of personal data is required, such as for the fulfillment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third parties. Then the processing would be based on Art. 6(1) lit. d GDPR. Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the abovementioned legal grounds, if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. He considered that a legitimate interest could be assumed if the data subject is a client of the controller (Recital 47 Sentence 2 GDPR). Where the processing of personal data is based on Article 6(1) lit. f GDPR our legitimate interest is to carry out our business in favor of the well-being of all our employees and shareholders.
‍

9. Rights of the Data Subject
Each data subject shall have the following rights:
- for information pursuant to Article 15 GDPR,
- to rectification under Article 16 GDPR,
- to cancellation under Article 17 GDPR,
- to limit the processing pursuant to Article 18 GDPR,
- to appeal under Article 21 GDPR, and
- to data transferability under Article 20 GDPR.The restrictions according to §§ 34 and 35 BDSG apply to the right of information and the right of deletion. Furthermore, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with & 19 BDSG). You can revoke your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

10. Concluding Provisions
a) We reserve the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the application process or other processes. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.
b) In addition to this data privacy statement, please view our general data privacy statement at https://www.unternehmertum.de/en/privacy