Privacy Policy
Application Process
Dear Applicant,
We are very pleased about your interest in our company. Data protection is of a particularly high priority for the management of PHYSEC GmbH.
In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data provided by you as part of the application process and, if applicable, collected by us, and your rights in this regard.
1. Definition of Terms
The data protection declaration of PHYSEC GmbH is based on the terms used by the European Directive and Ordinance when issuing the General Data Protection Regulation (DSGVO). Our data protection declaration should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
We use the following terms, among others, in this privacy policy:
a) Personal Data
Personal data is any information relating to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data Subject
Data subject is any identified or identifiable natural person whose personal data are processed by the controller.
c) Processing
Processing means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.
e) Profiling
Profiling is any type of automated processing of personal data that consists of using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person's job performance, economic situation, health, personal preferences, interests, reliability, behavior, location or change of location.
f) Pseudonymization
Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
g) Controller or Responsible Party
The controller or responsible party is the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.
h) Processor
Processor means a natural or legal person, public authority, agency or other body that processes personal data on behalf of the Controller.
i) Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities that may receive personal data in the context of a specific investigation mandate under Union or Member State law shall not be considered as recipients.
j) Third Party
Third party means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorized to process the personal data under the direct responsibility of the controller or the processor.
k) Consent
Consent shall mean any freely given indication of the data subject's wishes for the specific case in an informed and unambiguous manner in the form of a statement or any other unambiguous affirmative act by which the data subject indicates that he or she consents to the processing of personal data relating to him or her.
2. Name and address of the responsible party
The responsible party within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:
PHYSEC GmbH
Suttner-Nobel-Allee 7
44803 Bochum
Germany
Tel.: 023754428224
E‑Mail: info@physec.de
Website: https://www.physec.de
3. Contact address of the data protection representative
The data protection representative of the controller is:
Lukas Wagner LL.M.
HK2 Comtection GmbH
Hausvogteilpatz 11 A
10117 Berlin
E-Mail: wagner@comtection.de
Any data subject may contact our data protection representative directly at any time with any questions or suggestions regarding data protection.
4. Categories of personal data
We only process data that is related to your application for one of our advertised positions or unsolicited applications. As part of this, we process data that you provide to us in connection with your application, this may include::
- General data about yourself (name, address, contact details ...)
- Information about your qualifications (school education, curriculum vitae, further education ...)
- Information related to the position (desired salary, motivation ...)
- If applicable, results of qualification tests (programming tasks ...)
- If applicable, further relevant references that you can provide us with
5. Purposes and legal bases
We process your personal data exclusively for purposes that are in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG), and
(1) as far as this is necessary for the decision on the establishment of an employment relationship with us or
(2) for the fulfillment of legal obligations or to defend legal claims asserted against us, or
(3) on the basis of your express consent. If we are unable to consider you for the advertised position, you will have the opportunity to be included in our pool of applicants. If you have already been interviewed, these results will also be included in the database.
The legal bases for this are (1) Art. 88 DSGVO in conjunction with. §26 BDSG as well as, depending on the concrete form of the relationship, Art. 6 para. 1 lit. b DSGVO for the initiation or implementation of contractual relationships. (2) Art. 6 para. 1 lit. c DSGVO or the legitimate interest according to Art. 6 para. 1 lit. f DSGVO of evidence in proceedings according to the General Equal Treatment Act (AGG). (3) the express consent according to Art.6 para. 1 lit. a DSGVO. The consent given can be revoked at any time with effect for the future without disadvantage.
6. Data Sources
We process your personal data that we receive in the course of your contacting us at jobs@physec.de or that you transmit to us via Indeed, LinkedIN, and BackInJob.
7. Recipients of your personal data
Your submitted data to jobs@physec.de or submitted through Indeed, LinkedIn, or BackInJob will first be reviewed by our HR department for purposes of further processing. The HR department will forward your data within the company exclusively to offices and persons who are involved in your selection process and who will use your data accordingly. After successful completion of the application process, we may transfer your data to your personnel file.
Your personal data is processed on our behalf, on the basis of order processing contracts in accordance with Art. 28 DSGVO. In these cases, we ensure that the processing of personal data is carried out in accordance with the provisions of the DSGVO. Categories of external recipients are:
- Data centers
- IT service providers
Otherwise, data is only forwarded to recipients outside the company if legal provisions allow or require this, the forwarding is necessary to fulfill legal obligations or we have your consent.
8. Third country transfer
A data transmission to a third country is not intended.
9. Duration of data storage
We store your personal data for as long as this is necessary for the decision on your application. Your personal data or application documents will be deleted a maximum of six months after the end of the application process (e.g. the announcement of the rejection decision), unless longer storage is legally required or permitted. We only store your personal data beyond this if this is required by law or in a specific case for the assertion, exercise or defense of legal claims for the duration of a legal dispute.
If the application procedure is followed by an employment relationship, training relationship or internship relationship, your data will, if necessary and permissible, initially continue to be stored and then transferred to the personnel file.
If you give us your consent in the application form, we will include you in our applicant pool for a period of two years so that we can contact you by e-mail and telephone and inform you about vacancies. If you no longer wish to be included at a later date, you can have your data deleted at any time without giving reasons. All you have to do is send a short message to jobs@physec.de (subject: Request for deletion of my personal applicant data).
10. Your rights as an applicant
Every data subject has the right to information under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, the right to notification under Art. 19 GDPR and the right to data portability under Art. 20 GDPR.
In addition, you have the right to lodge a complaint with a data protection supervisory authority pursuant to Art.77 DSGVO if you believe that the processing of your personal data is not lawful. The right of appeal is without prejudice to any other administrative or judicial remedy.
If the processing of data is based on your consent, you are entitled to revoke your consent to the use of your personal data at any time in accordance with Art.7 DSGVO. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected. Please also note that we may retain certain data for the fulfillment of legal requirements for a certain period of time.
Right of objection
Insofar as the processing of your personal data is carried out for the protection of legitimate interests pursuant to Art. 6 Para. 1 lit. f DSGVO, you have the right, pursuant to Art. 21 DSGVO, to object to the processing of this data at any time for reasons arising from your particular situation. We will then no longer process this personal data unless we can demonstrate compelling legitimate grounds for the processing. These must override your interests, rights and freedoms, or the processing must serve the assertion, exercise or defense of legal claims.
If you have given your consent pursuant to Art. 6 (1) a DSGVO to the processing of your data, you may revoke this consent at any time. Such revocation affects the permissibility of processing your personal data after you have expressed it to us, unless storage is necessary for other reasons.
To protect your rights, you can contact the above-mentioned authorities at any time.
11. Necessity of the provision of personal data
The provision of personal data, in the context of application processes, is neither legally nor contractually required. You are therefore not obliged to provide information about your personal data. However, please note that these are required for the decision on an application or the conclusion of a contract in relation to an employment relationship with us. If you do not provide us with any personal data, we will not be able to make a decision regarding the establishment of an employment relationship. We ask you to provide only such personal data in your application that is required to complete the application.
12. Automated decision making
Since the decision on your application is not based exclusively on automated processing, no automated decision in individual cases within the meaning of Art. 22 DSGVO takes place.
13. Changes to this Privacy Policy
The privacy policy is kept up to date by us.
This privacy policy is dated 21.03.2022