Data protection
Data Protection Information for Applicants and CandidatesIn accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR)
1. Controller as defined by the GDPR
The controller responsible for processing your personal data in connection with the
The application process is as follows:
SAPHIR Germany, LLC
53 Kalkofenstr.
71083 Herrenberg, Germany
Represented by: Bruno Gross
2. Data Protection Officer
mhg protectit
19 Heerweg
72116 Mössingen, Germany
Managing Director: Michael Haug
Data Protection Officer: Larissa Haug
3. Purpose of processing personal data
Your personal data will be processed for the purpose of conducting and managing the application process. This includes, in particular:
– reviewing and evaluating your application,
– conducting selection and decision-making processes,
– contacting you as part of the application process,
– deciding whether to establish an employment relationship,
– introducing you to partner companies for suitable positions (Art. 6 (1) (a) GDPR),
– communicating with you, e.g., via online meetings (Art. 6(1)(b) and (f) of the GDPR),
– using anonymized data for scientific purposes (Art. 6(1)(a) of the GDPR).
If you have given us your express consent, your data will also be processed for the purpose of adding you to our talent pool so that we can inform you about job openings that may be relevant to you in the future or share them with potential employers.
4. Legal basis for processing
Your personal data is processed in accordance with the following legal provisions:
– Art. 6(1)(b) GDPR (implementation of pre-contractual measures),
– Section 26(1) of the Federal Data Protection Act (BDSG),
– Art. 6(1)(a) GDPR (consent, in connection with the talent pool).
5. Categories of personal data
As part of the application process, we process the following categories of personal data in particular:
– Identification and contact information (e.g., name, address, phone number, email address)
– Application documents (e.g., resume, cover letter, references, qualifications),
– Communication data (e.g., email correspondence, interview notes),
– Other personal data that you voluntarily provide to us as part of your application
6. Recipients of personal data
As part of our service, we share your personal data—specifically application documents, your resume, and your qualifications—with potential employers. This is done either in connection with a specific application for an advertised position or as part of our proactive recruitment efforts (e.g., unsolicited applications), provided you have given your consent.
The data is transferred using the tool “Canditate.ly – GUSTAV, 61 Greenpoint Ave #684, Brooklyn, NY 11222, United States.” The transfer of data to the United States is based on the EU Commission’s standard contractual clauses. Personal data will be made available for download to potential employers; GDPR rights regarding applicant data remain unaffected by this.
Data is transferred solely for application purposes and in compliance with data protection regulations. You may revoke your consent at any time, effective immediately. A simple email todatenschutz@saphir-deutschland.deis sufficient.
7. Pseudonymized short profile
As part of the application process, we create a pseudonymized summary of your career history, which is shared with interested companies via the SAPHIR talent catalog. This profile is deleted once the process is complete. You may withdraw your consent at any time.
8. Use of your data for research purposes
Anonymized applicant data may be used in scientific projects. Processing is carried out exclusively for research purposes and without reference to your identity. Anonymization is irreversible. This data is no longer considered personal data, and the GDPR does not apply. No consent is required in this case.
9. Use of External Services / Social Media Platforms
Microsoft Teams
For online job interviews, we use standard conferencing tools, particularly Microsoft Teams. The provider responsible is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft also maintains a branch in the EU (e.g., Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). Privacy information regarding Microsoft Teams is available at:https://privacy.microsoft.com/de-de/privacystatement
We use WhatsApp to communicate with customers and prospective clients/applicants. The service provider responsible is WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA. In the European Union, the platform is operated by WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find more information about WhatsApp’s privacy policy here:https://www.whatsapp.com/legal/?eea=1#privacy-policy
We also use WhatsApp/Meta to send news, updates, and marketing information via WhatsApp newsletters. The processing of phone numbers and communication data is carried out exclusively with explicit consent in accordance with Article 6(1)(a) of the GDPR.
We maintain professional profiles on LinkedIn. The entity responsible for data processing in connection with LinkedIn is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, California 94085, USA. For Europe, there is a branch office in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich. You can find LinkedIn’s privacy policy here:https://www.linkedin.com/legal/privacy-policy
Facebook & Instagram
Our profile pages on Facebook and Instagram are operated using services provided by the Meta platforms. The relevant providers are Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland (for Instagram & Facebook) and its parent company Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Personal data may be processed within the scope of these platforms (e.g., during interactions, comments, or direct messages). You can find further privacy information at Meta:https://www.facebook.com/about/privacy
Legal Basis & Data Processing
The processing of personal data via the platforms is based on the following legal grounds:
– Consent of the data subject (Art. 6(1)(a) GDPR), e.g., for newsletters or social media interaction,
– Contract performance or pre-contractual measures (Art. 6(1)(b) GDPR), to the extent that such use is part of the service,
– Legitimate interest (Art. 6(1)(f) GDPR) for marketing and communication purposes, provided that this has been weighed against data protection interests.
In all cases, we process data only to the extent necessary for the respective purpose. The legal basis, purpose, retention period, and recipients are clearly outlined in our general privacy policy.
Data transfers to third countries
Platforms based outside the EU also process personal data in third countries (e.g., the U.S. or Ireland). These transfers are protected by appropriate safeguards, such as EU Standard Contractual Clauses (SCCs), and, where necessary, additional protective measures.
Withdrawal of Consent & Data Subject Rights
You may withdraw your consent to the use of personal data for marketing, newsletters, or platform use at any time with future effect, without this affecting the lawfulness of the processing carried out prior to the withdrawal (Art. 7(3) GDPR). You can exercise your data subject rights—such as the right of access, rectification, data portability, erasure, and restriction—by contacting us or, in the case of the respective platform, directly through the platform.
10. Duration of storage
Your personal data will only be stored for as long as is necessary for the purposes for which it is processed.
After the application process is complete, your data will be stored for a period of six months to enable us to defend against any legal claims.
If you have consented to be included in our talent pool, we will store your data until you withdraw your consent, but for no longer than 24 months.
11. Rights of data subjects
As a data subject, you have the following rights:
– Right to information pursuant to Article 15 of the GDPR,
– Right to rectification pursuant to Article 16 of the GDPR,
– Right to erasure pursuant to Article 17 of the GDPR,
– Right to restriction of processing pursuant to Article 18 of the GDPR,
– Right to data portability pursuant to Article 20 of the GDPR,
– Right to object to processing pursuant to Article 21 of the GDPR.
You also have the right to file a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations.
If the processing is based on your consent, you have the right to withdraw your consent at any time, effective for the future.
12. Necessity of providing personal data
Providing your personal information is required for the application process. Without this information, your application cannot be considered.