Processing of (personal) data by the entity in charge of the online application process
Privacy Policy for applicants
Valid as of 06/07/2019
1. Introduction
This privacy policy is addressed to applicants of quantilope GmbH and its subsidiaries
quantilope Inc. and UAB quantilope (together, "quantilope"), regardless of whether you
apply for a specific job offer or on your own initiative. The general privacy policy for our
website can be found here: https://www.quantilope.com/en/data-privacy
We reserve the right to update this privacy policy at any time if necessary, for example in
order to comply with upcoming case law relating to data protection law or for other
operational, legal or official purposes. It is therefore advisable to review this privacy policy
regularly. The above date indicates the date of the last update.
2. Data categories and sources
We process personal data rightfully obtained from other agencies or third parties insofar as it
is necessary for our contractual relationship with you and the application submitted by you.
We also process personal data that we have lawfully taken, received or obtained from
publicly accessible sources (e.g. trade and association registries, resident registries, press,
career networks, the Internet or media) insofar as this data is required and that we are
permitted to process it in accordance with the law.
Relevant categories of personal data may include in particular:
3. Legal basis and purpose for the processing of personal data
3.1. Purposes for the performance of a contract or pre-contractual measures (Art. 6 I lit. b GDPR)
Your personal data is processed to process your application in response to a specific
advertisement of a vacant position or your unsolicited application, and in this connection
particularly for the following purposes: examination and assessment of your suitability for
the vacant position, assessment of performance and conduct within the legally permissible
limits, where applicable for the purpose of registration and authentication of the application
via our website, where applicable for the drafting of an employment agreement, the
verifiability of transactions, orders and other agreements, also for quality assurance by way
of the relevant documentation, measures for the fulfillment of general obligations of due
diligence, statistical analyses of corporate management, travel and event management,
travel reservations and settlement of travel expenses, authorization and credentials
management, cost accounting and controlling, reporting, internal and external
communications, invoicing and tax assessments relating to operational services (e.g. meals
in canteen), settlement of company credit card expenses, health and safety at work,
contract-related communication with you (including deadline agreements), the assertion of
legal claims and defense in litigation; guarantee of IT security (including system and
plausibility tests) and general safety, including building and plant safety, safeguarding and
exercising the right to grant or deny access by taking appropriate measures, such as, where
applicable, CCTV for the protection of third parties and our staff, as well as for the
prevention of crimes and the preservation of related evidence; guaranteeing integrity,
prevention and solving of crimes; authenticity and availability of data, controls by
supervisory bodies or control bodies (e.g. auditing).
3.2. Purposes within the scope of a legitimate interest of us or third parties (Art. 6 I lit. f GDPR)
In addition to the actual performance of the (preliminary) contract, we may process your
data as necessary to safeguard our legitimate interests or the legitimate interests of third
parties. Your data is processed only if and to the extent that there are no overriding
legitimate interests of yours against such processing, in particular for the following
purposes: measures for the further development of existing systems, processes and
services; comparisons with European and international anti-terror lists in cases where this
goes beyond the statutory obligations; enhancement of our data, inter alia through the use
of or research into publicly accessible data, where necessary; benchmarking; development
of scoring systems or automated decision-making processes; safety of buildings and plant
(e.g. by using access controls and CCTV) in cases where this goes beyond general obligations
of due diligence; internal and external investigations, security checks.
3.3. Purposes within the scope of your consent (Art. 6 I lit. a GDPR)
Your personal data may also be processed for specific purposes (e.g. obtaining references
from previous employers or using your data for future vacancies) if you have given your
consent.
3.4. Purposes for fulfilling legal requirements (Art. 6 I lit. c GDPR) or in the public interest (Art. 6 I
lit. GDPR)
Like everyone involved in economic activity, we too are subject to a number of legal
obligations. Primarily, these are statutory requirements (e.g. works constitution act, social
security code, commercial and tax law), but there may also be obligations imposed by
supervisory and other public authorities (e.g. employers' liability insurance association). The
purposes of processing may include, in certain cases, identity and age verification, fraud and
money-laundering prevention (e.g. comparisons with European and international anti-terror
lists), company health management, ensuring safety at work, fulfilling tax law control and
reporting obligations and the archiving of data for the purpose of data protection and data
security, and for the purpose of auditing by tax consultants/auditors, tax authorities and
other public authorities. It may also be necessary to disclose personal data for purposes of
collecting evidence, prosecuting or enforcing civil claims in the event of any official or
judicial measures.
4. Recipients of your data
Inside our company, your data is disclosed only to those internal offices or organizational units that
require this data to fulfill our contractual or statutory obligations (e.g. managerial personnel and
heads of department who are looking for new staff or who are involved in the decision to fill the
position, the accounting department, medical officer, occupational safety, where applicable staff
representatives, etc.) or as part of the processing and enforcement of our legitimate interest. Your
data will be disclosed to external parties only:
commission service providers to process your data, they will be subject to the security standards
specified by us in order to adequately protect your data. In other cases, the recipients may only use
the data for the purposes for which it was transmitted to them.
5. Storage duration of personal data
In general, we process and store your data for the duration of your application. This also includes
the process of initiating a contract (pre-contractual legal relationship).
If you have not been engaged, your original application documents will be destroyed at the end
of a period of six months. Electronic documents are accordingly erased after six months. Should
we wish to store your data longer in case of future vacancies or if you have entered your data in
an applicants' pool, the data will be erased at later points of time; you will be given the details in
connection with the process in question.
If the data are no longer necessary for the fulfilment of contractual or legal obligations and
rights, they will be deleted regularly, unless their further processing - for a limited period - is
necessary for the fulfilment of the above-mentioned purposes for a predominantly legitimate
interest of our company. Such an overriding legitimate interest exists, for example, if deletion is
not possible due to the special type of storage, or only at a disproportionately high expense. In
these cases we can also store your data after termination of our contractual relationship for a
period agreed with the purposes and if necessary use it to a limited extent. In these cases, a
restriction of the processing takes the place of a deletion. In other words, the data will be
blocked against the regular use by appropriate measures.
6. Processing of your data in a third country or by an international organisation
Data is transmitted to parties in countries outside the European Union (EU) or European
Economic Area (EEA), otherwise known as third countries, whenever such is necessary to meet
an order/contractual obligation towards or with you (e.g. application for a job abroad), or where
such is in our legitimate interest or the legitimate interest of a third party, or if you have issued
us with consent. Your data may be simultaneously processed in a third country, including the
involvement of service providers for the processing of an order. If no decision has been issued
by the EU Commission regarding the presence of an appropriate level of data protection for the
respective country, we warrant that your rights and freedoms will be reasonably protected and guaranteed
in accordance with EU data protection requirements through contractual agreements to this
effect. Upon request, we can provide you with relevant detailed information.
7. Scope of your obligations to provide us with your data
You need to provide only the data required for the purpose of processing your application or
implementing a pre-contractual relationship with us or the data which we are legally required to
collect. We are generally not in a position to complete the application or selection process
without such data. If we request data from you above and beyond this, you shall be informed
separately about the voluntary nature of the information.
8. Existence of automated decision-making in individual cases (including profiling)
We do not make use of a purely automated decision-making process as referred to in Art. 22
GDPR. If we should in future use such a process in individual cases, we will inform you separately,
provided that this is required by law.
9. Rights as a data subject
You may assert data protection rights against us in certain circumstances:
Every data subject has the right to obtain information pursuant to Art. 15 GDPR, the right to
correction pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to
restriction of processing pursuant to Art. 18 GDPR and the right to data transfer pursuant to Art. 20
GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to
erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77
GDPR in conjunction with § 19 BDSG). Furthermore, you can object to the processing of your data in
accordance with Art. 21 GDPR, on the basis of which we must terminate the processing of your data.
However, this right of objection only applies in very special circumstances of your personal situation,
whereby the rights of our company may conflict with your right of objection.
Furthermore, you have the right to withdraw consent you have given to the processing of personal
data at any time with effect for the future. Should you object, we shall no longer process your
personal data unless we can establish compelling legitimate grounds for processing that outweigh
your interests, rights and freedoms, or unless the processing is for the purposes of asserting,
exercising or defending legal claims.
10. Name and address of the controller as well as of the data protection officer
Within the meaning of data protection law, the controller is:
quantilope GmbH
Charlottenstraße 26
20257 Hamburg, Germany
Email: privacy (at) quantilope.com
Internet: www.quantilope.com
Contact details for our external data protection officer:
Herr Harald Eul
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
50321 Brühl, Germany
Email: DSB-quantilope (at) he-c.de
Valid as of 06/07/2019
1. Introduction
This privacy policy is addressed to applicants of quantilope GmbH and its subsidiaries
quantilope Inc. and UAB quantilope (together, "quantilope"), regardless of whether you
apply for a specific job offer or on your own initiative. The general privacy policy for our
website can be found here: https://www.quantilope.com/en/data-privacy
We reserve the right to update this privacy policy at any time if necessary, for example in
order to comply with upcoming case law relating to data protection law or for other
operational, legal or official purposes. It is therefore advisable to review this privacy policy
regularly. The above date indicates the date of the last update.
2. Data categories and sources
We process personal data rightfully obtained from other agencies or third parties insofar as it
is necessary for our contractual relationship with you and the application submitted by you.
We also process personal data that we have lawfully taken, received or obtained from
publicly accessible sources (e.g. trade and association registries, resident registries, press,
career networks, the Internet or media) insofar as this data is required and that we are
permitted to process it in accordance with the law.
Relevant categories of personal data may include in particular:
- Address and contact data (registration data and similar data, such as email address and
telephone number) - Professional data (education, qualifications, further training, degrees/certificates and
similar data) - Information about you available online or in career networks
- Sound and video recordings
- Other data you voluntarily give to us
3. Legal basis and purpose for the processing of personal data
3.1. Purposes for the performance of a contract or pre-contractual measures (Art. 6 I lit. b GDPR)
Your personal data is processed to process your application in response to a specific
advertisement of a vacant position or your unsolicited application, and in this connection
particularly for the following purposes: examination and assessment of your suitability for
the vacant position, assessment of performance and conduct within the legally permissible
limits, where applicable for the purpose of registration and authentication of the application
via our website, where applicable for the drafting of an employment agreement, the
verifiability of transactions, orders and other agreements, also for quality assurance by way
of the relevant documentation, measures for the fulfillment of general obligations of due
diligence, statistical analyses of corporate management, travel and event management,
travel reservations and settlement of travel expenses, authorization and credentials
management, cost accounting and controlling, reporting, internal and external
communications, invoicing and tax assessments relating to operational services (e.g. meals
in canteen), settlement of company credit card expenses, health and safety at work,
contract-related communication with you (including deadline agreements), the assertion of
legal claims and defense in litigation; guarantee of IT security (including system and
plausibility tests) and general safety, including building and plant safety, safeguarding and
exercising the right to grant or deny access by taking appropriate measures, such as, where
applicable, CCTV for the protection of third parties and our staff, as well as for the
prevention of crimes and the preservation of related evidence; guaranteeing integrity,
prevention and solving of crimes; authenticity and availability of data, controls by
supervisory bodies or control bodies (e.g. auditing).
3.2. Purposes within the scope of a legitimate interest of us or third parties (Art. 6 I lit. f GDPR)
In addition to the actual performance of the (preliminary) contract, we may process your
data as necessary to safeguard our legitimate interests or the legitimate interests of third
parties. Your data is processed only if and to the extent that there are no overriding
legitimate interests of yours against such processing, in particular for the following
purposes: measures for the further development of existing systems, processes and
services; comparisons with European and international anti-terror lists in cases where this
goes beyond the statutory obligations; enhancement of our data, inter alia through the use
of or research into publicly accessible data, where necessary; benchmarking; development
of scoring systems or automated decision-making processes; safety of buildings and plant
(e.g. by using access controls and CCTV) in cases where this goes beyond general obligations
of due diligence; internal and external investigations, security checks.
3.3. Purposes within the scope of your consent (Art. 6 I lit. a GDPR)
Your personal data may also be processed for specific purposes (e.g. obtaining references
from previous employers or using your data for future vacancies) if you have given your
consent.
3.4. Purposes for fulfilling legal requirements (Art. 6 I lit. c GDPR) or in the public interest (Art. 6 I
lit. GDPR)
Like everyone involved in economic activity, we too are subject to a number of legal
obligations. Primarily, these are statutory requirements (e.g. works constitution act, social
security code, commercial and tax law), but there may also be obligations imposed by
supervisory and other public authorities (e.g. employers' liability insurance association). The
purposes of processing may include, in certain cases, identity and age verification, fraud and
money-laundering prevention (e.g. comparisons with European and international anti-terror
lists), company health management, ensuring safety at work, fulfilling tax law control and
reporting obligations and the archiving of data for the purpose of data protection and data
security, and for the purpose of auditing by tax consultants/auditors, tax authorities and
other public authorities. It may also be necessary to disclose personal data for purposes of
collecting evidence, prosecuting or enforcing civil claims in the event of any official or
judicial measures.
4. Recipients of your data
Inside our company, your data is disclosed only to those internal offices or organizational units that
require this data to fulfill our contractual or statutory obligations (e.g. managerial personnel and
heads of department who are looking for new staff or who are involved in the decision to fill the
position, the accounting department, medical officer, occupational safety, where applicable staff
representatives, etc.) or as part of the processing and enforcement of our legitimate interest. Your
data will be disclosed to external parties only:
- for the purpose of complying with statutory requirements, according to which we are obliged
to provide information, ensure registration or disclose data (e.g. tax authorities) or when the
disclosure of the data is in the public interest; - insofar as external service providers process data on our behalf as data processors or they
have been commissioned with a function (e.g. banks, external computer centers, HR
management, travel agencies/travel management, print shops or companies providing data
disposal, courier, postal or logistic services); - due to our legitimate interest or the legitimate interest of the third party for the specified
purposes (e.g. transfer to authorities, credit agencies, collection agencies, lawyers, courts,
surveyors, affiliated companies and committees and supervisory bodies); - if you have given your consent to disclosure to third parties.
commission service providers to process your data, they will be subject to the security standards
specified by us in order to adequately protect your data. In other cases, the recipients may only use
the data for the purposes for which it was transmitted to them.
5. Storage duration of personal data
In general, we process and store your data for the duration of your application. This also includes
the process of initiating a contract (pre-contractual legal relationship).
If you have not been engaged, your original application documents will be destroyed at the end
of a period of six months. Electronic documents are accordingly erased after six months. Should
we wish to store your data longer in case of future vacancies or if you have entered your data in
an applicants' pool, the data will be erased at later points of time; you will be given the details in
connection with the process in question.
If the data are no longer necessary for the fulfilment of contractual or legal obligations and
rights, they will be deleted regularly, unless their further processing - for a limited period - is
necessary for the fulfilment of the above-mentioned purposes for a predominantly legitimate
interest of our company. Such an overriding legitimate interest exists, for example, if deletion is
not possible due to the special type of storage, or only at a disproportionately high expense. In
these cases we can also store your data after termination of our contractual relationship for a
period agreed with the purposes and if necessary use it to a limited extent. In these cases, a
restriction of the processing takes the place of a deletion. In other words, the data will be
blocked against the regular use by appropriate measures.
6. Processing of your data in a third country or by an international organisation
Data is transmitted to parties in countries outside the European Union (EU) or European
Economic Area (EEA), otherwise known as third countries, whenever such is necessary to meet
an order/contractual obligation towards or with you (e.g. application for a job abroad), or where
such is in our legitimate interest or the legitimate interest of a third party, or if you have issued
us with consent. Your data may be simultaneously processed in a third country, including the
involvement of service providers for the processing of an order. If no decision has been issued
by the EU Commission regarding the presence of an appropriate level of data protection for the
respective country, we warrant that your rights and freedoms will be reasonably protected and guaranteed
in accordance with EU data protection requirements through contractual agreements to this
effect. Upon request, we can provide you with relevant detailed information.
7. Scope of your obligations to provide us with your data
You need to provide only the data required for the purpose of processing your application or
implementing a pre-contractual relationship with us or the data which we are legally required to
collect. We are generally not in a position to complete the application or selection process
without such data. If we request data from you above and beyond this, you shall be informed
separately about the voluntary nature of the information.
8. Existence of automated decision-making in individual cases (including profiling)
We do not make use of a purely automated decision-making process as referred to in Art. 22
GDPR. If we should in future use such a process in individual cases, we will inform you separately,
provided that this is required by law.
9. Rights as a data subject
You may assert data protection rights against us in certain circumstances:
Every data subject has the right to obtain information pursuant to Art. 15 GDPR, the right to
correction pursuant to Art. 16 GDPR, the right to erasure pursuant to Art. 17 GDPR, the right to
restriction of processing pursuant to Art. 18 GDPR and the right to data transfer pursuant to Art. 20
GDPR. The restrictions under §§ 34 and 35 BDSG apply to the right to information and the right to
erasure. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77
GDPR in conjunction with § 19 BDSG). Furthermore, you can object to the processing of your data in
accordance with Art. 21 GDPR, on the basis of which we must terminate the processing of your data.
However, this right of objection only applies in very special circumstances of your personal situation,
whereby the rights of our company may conflict with your right of objection.
Furthermore, you have the right to withdraw consent you have given to the processing of personal
data at any time with effect for the future. Should you object, we shall no longer process your
personal data unless we can establish compelling legitimate grounds for processing that outweigh
your interests, rights and freedoms, or unless the processing is for the purposes of asserting,
exercising or defending legal claims.
10. Name and address of the controller as well as of the data protection officer
Within the meaning of data protection law, the controller is:
quantilope GmbH
Charlottenstraße 26
20257 Hamburg, Germany
Email: privacy (at) quantilope.com
Internet: www.quantilope.com
Contact details for our external data protection officer:
Herr Harald Eul
HEC Harald Eul Consulting GmbH
Auf der Höhe 34
50321 Brühl, Germany
Email: DSB-quantilope (at) he-c.de