Legal Information
Privacy Notice for Job Applicants and Potential CandidatesIn accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).
1. Data controller as defined by the GDPR
The controller responsible for processing your personal data in connection with the
The application process is as follows:
SAPHIR Germany, LLC
53 Kalkofenstr.
71083 Herrenberg
Represented by: Bruno Gross
2. Data Protection Officer
mhg protectit
19 Heerweg
72116 Mössingen
Managing Director: Michael Haug
DSB: Larissa Haug
3. Purpose of the processing of personal data
Your personal data will be processed for the purpose of conducting and managing the application process. This includes, in particular:
- – reviewing and evaluating your application,
- – the conduct of selection and decision-making processes,
- – contacting you as part of the application process,
- – the decision to establish an employment relationship,
- – to refer you to partner companies for suitable positions (Art. 6(1)(a) GDPR),
- – to communicate with you, e.g., via online conferences (Art. 6(1)(b) and (f) of the GDPR),
- – to use anonymized data for scientific purposes (Art. 6(1)(a) GDPR).
Provided that you have given us your explicit consent, your data will also be processed for the purpose of adding you to ourtalent pool, so that we can inform you in the future about job openings that are relevant to you, or to share your information with potential employers.
4. Legal Basis for Processing
Your personal data is processed on the basis of the following
Legal provisions:
- – Art. 6(1)(b) of the GDPR (implementation of pre-contractual measures),
- – Section 26(1) of the Federal Data Protection Act (BDSG),
- – Art. 6(1)(a) GDPR (Consent, particularly in connection with the
- (Talent Pool).
5. Categories of personal data
As part of the application process, we process the following categories of personal data in particular:
- – Identification and contact information (e.g., name, address, phone number, email address),
- – Application materials (e.g., resume, cover letter, transcripts, credentials),
- – Communication data (e.g., email correspondence, meeting notes),
- – other personal data that you voluntarily provide to us as part of your application.
6. Recipients of personal data
- As part of our services, we share your personal data—specifically application materials, resumes, and qualification profiles—with potential employers. This occurs either in response to a specific application for an advertised position or as part of our proactive recruitment efforts (e.g., unsolicited referrals), provided you have given your consent.
- Data is transferred via the tool “Canditate.ly – GUSTAV, 61 Greenpoint Ave #684, Brooklyn, NY 11222, United States. Data transfers to the U.S. are based on the EU Commission’s Standard Contractual Clauses. Personal data will be made available for download by potential employers; GDPR rights regarding applicant data remain unaffected by this.
- Data will be shared solely for recruitment purposes and in compliance with data protection regulations. You may withdraw your consent at any time, effective immediately. Simply send an informal email to datenschutz@saphir-deutschland.de.
7. Pseudonymized brief profile
As part of the application process, we create a pseudonymized summary of your professional background, which is shared with interested companies via the SAPHIR Talent Catalog. This profile will be deleted once the process is complete. As with other aspects of this process, you may withdraw your consent at any time.
8. Use of Your Data for Research Purposes
Anonymized applicant data may be used in the context of research projects. The processing is carried out exclusively for research purposes and without any reference to your identity. The anonymization is irreversible. This data is no longer considered personal data, and the GDPR does not apply. No consent is required in this case.
9. Use of External Services / Social Media Platforms
Microsoft Teams
For online job interviews, we use standard conferencing tools, particularly Microsoft Teams. The provider responsible is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft also maintains a branch office in the EU (e.g., Microsoft Ireland Operations Ltd., One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland). Privacy information regarding Microsoft Teams is available at:https://privacy.microsoft.com/de-de/privacystatement
We use WhatsApp to communicate with customers and prospective clients/applicants. The service provider responsible is WhatsApp Inc., 1601 Willow Road, Menlo Park, California 94025, USA. In the European Union, the platform is operated by WhatsApp Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. You can find more information about WhatsApp’s privacy policy here:https://www.whatsapp.com/legal/?eea=1#privacy-policy
We alsouseWhatsApp/Meta to send news, updates, and marketing information viaWhatsApp newsletters. The processing of phone numbers and communication data is carried out exclusively with your explicit consent in accordance with Article 6(1)(a) of the GDPR.
We maintain professional profiles on LinkedIn. The entity responsible for data processing in connection with LinkedIn is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, California 94085, USA. For Europe, there is a branch office in Germany: LinkedIn, Hofstatt 4th Floor, Sendlinger Str. 12, 80331 Munich. You can find LinkedIn’s privacy policy here:https://www.linkedin.com/legal/privacy-policy
Facebook & Instagram
Our profile pages on Facebook and Instagram are operated via services provided by Meta Platforms. The relevant providers are: Meta Platforms Ireland Ltd., Merrion Road, Dublin 4, D04 X2K5, Ireland (for Instagram & Facebook) and its parent company Meta Platforms, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. Personal data may be processed within the scope of these platforms (e.g., during interactions, comments, or direct messages). For more information on data protection, please visit Meta:https://www.facebook.com/about/privacy
Legal Basis & Data Processing
The processing of personal data via the aforementioned platforms is based on the following legal grounds:
- – Consent of the data subject (Art. 6(1)(a) GDPR), e.g., for newsletters or social media interactions,
- – performance of a contract or pre-contractual measures ( Art. 6(1)(b) GDPR), to the extent that the use is part of the service,
- – legitimate interest ( Art. 6(1)(f) GDPR) for marketing and communication purposes, provided that this has been weighed against data protection considerations.
In all cases, we process data only to the extent necessary for the specific purpose. The legal basis, purpose, retention period, and recipients are clearly outlined in our general privacy policy.
Transfer of data to third countries
Platforms based outside the EU also process personal data in third countries (e.g., the United States or Ireland). These transfers are safeguarded by appropriate safeguards, such as EU Standard Contractual Clauses (SCCs) and, where necessary, additional protective measures.
Right of Withdrawal & Data Subject Rights
You may withdraw your consent to the use of personal data for marketing, newsletters, or platform use at any time with future effect, without this affecting the lawfulness of the processing carried out prior to the withdrawal (Art. 7(3) GDPR). You may exercise your data subject rights—such as the right to access, rectification, data portability, erasure, and restriction—by contacting us or, in the case of the respective platform, directly through that platform.
10. Duration of storage
Your personal data will generally be stored only for as long as is necessary for
is necessary for the purposes for which they are processed.
- – Once the application process is complete, your data will be stored for a period of six months to enable us to defend against any potential legal claims.
- – If you have consented to being added to our talent pool, we will store your data until you withdraw your consent, but for no longer than 24 months.
11. Rights of Data Subjects
As a data subject, you have the following rights:
- – Right of access pursuant to Article 15 of the GDPR,
- – Right to rectification under Article 16 of the GDPR,
- – Right to erasure under Article 17 of the GDPR,
- – Right to restriction of processing pursuant to Article 18 of the GDPR,
- -Right to data portability pursuant to Article 20 of the GDPR,
- – Right to object to processing under Article 21 of the GDPR.
You also have the right to file a complaint with a competent data protection supervisory authority if you believe that the processing of your personal data violates data protection regulations.
If the processing is based on your consent, you have the right to withdraw it at any time with future effect.
12. Necessity of Providing Personal Data
Providing your personal information is necessary for the application process. Without this information, your application cannot be considered.