Privacy policy application

We, [GEMESYS GmbH] (hereinafter referred to as “we” or “[GEMESYS]”), are happy about your interest in our online service (hereinafter referred to as the “Online Service”). We take the protection of your personal data very seriously. Your personal data will be processed exclusively in accordance with the statutory provisions of data protection law, in particular the General Data Protection Regulation (hereinafter referred to as “GDPR”). In this Privacy Policy, we provide you with information about the processing of your personal data and your data protection rights in relation to the online contact form and online application procedure at GEMESYS GmbH.

https://gemesys.tech/careers has for every job posting a several application form (hereafter “electronic application system”) and a online contact form where you can send us an E-mail request. For information on the processing of personal data in other areas, please refer to the respective specific privacy policies.

If we refer to this Privacy Policy from external social media profiles, the following explanations apply only insofar as the processing takes place in our area of responsibility and insofar as no more specific and therefore prior information on data protection is provided in the context of such social media profiles.

1.Controller and data protection officer

Responsible for the data processing as controller in terms of data protection law is:

GEMESYS GmbH

c/o RUB, ID 2/347

Universitätsstraße 150

44801 Bochum

Germany

E-mail: info@gemesys.tech

If you have any questions or suggestions regarding data protection, please feel free to contact us via the indicated E-mail address.

2. Subject of data protection

The subject of data protection is the protection of personal data that you submit via our online contact form or the electronic application system. This is all information relating to an identified or identifiable natural person (so-called data subject). When you use our online contact form or application system, you may submit your Title, Name, Date of Birth, E-Mail, Phonenumber, and all information that are included in your document upload, such as details of your qualifications, education and training, and previous jobs. Moreover, we save metadata such as date of submission, time of submission, page url, uer agent, remote ip and credit.

After submitting your online application you might hand in more information during the application process such as detailed personal information, details about your history, career, etc.  This includes information such as name, postal address, email address or telephone number, as well as information that originates during the application procedure and during use of the electronic application system

3. Purposes and legal basis of data processing

Below you will find an overview of the purposes of and legal grounds for data processing during the application procedure at GEMESYS.

If you obtain an employment contract from us, further data processing will be governed by our Privacy Policy for the employment relationship.

The provision of personal data by you may be required by law or contract or may be necessary for the conclusion of a contract. We will point it out separately if you are obliged to provide personal data and what possible consequences the non-supply would then have (e.g. a loss of claims or our position not to provide the requested service without providing certain information). The use of the Online Service is generally possible without registration. Even if you use the Online Service without registration, personal data may still be processed.

3.1 Performance of a contract and pre-contractual measures

We process your personal data if this is necessary for the performance of a contract to which you are a party or for the implementation of pre-contractual measures taken in response to your request. The data processing is based on Article 6 paragraph 1 letter b) GDPR.

We process personal data insofar as this is necessary for the application procedure and, if applicable, to prepare an employment contract with you. The main purposes of data processing are:

• Recording and checking your application
• Application management and the selection process (forwarding to the responsible persons in-house, organizing and conducting interviews, recruitment management and administration)
• Organizing and holding selection days and tests for certain application procedures, such as the trainee program, apprenticeships, and general application days
• In the case of internal applications for in-house programs: application management and the selection process

Data is processed on the basis of Section 26 (1) (1) BDSG. We process the personal data that is required to conduct the application procedure and, if applicable, to prepare an employment contract.

If no employment contract arises, we will anonymize your data after four months, unless legal grounds apply for not doing so or if you give us the consent to process data in our talent database for contacting you to a later time. If the latter is the case, we anonymize the data once the other legal grounds cease to apply. You can then no longer be identified. Data is processed after anonymization only for the purpose of statistical analysis.

3.2 Fact check

We conduct a review of your personal information to ensure that potential employees perform their duties without conflicting interests and in compliance with high ethical standards while they commit to the company’s principles.

Personal data verification includes your personal data (surname, first name, date of birth, address), your original identity document (or an equivalent document) and your certificates (in particular the last certificate of secondary education) either in the original or in the form of a certified paper copy. In addition, it is checked whether you already have been employed by GEMESYS and if so – limited to this case and in compliance with the data protection regulations – whether written disciplinary measures have been issued to you in the past three calendar years. For this purpose, personal data in the existing personal file for the past three calendar years are queried. Your personal data will also be compared with publicly available EU sanction lists under Regulations (EC) No. 2580/2001 and 881/2002, as well as with the additions made and received by the European Commission. Only in case of need, you will be asked to provide further documents such as your original residence permit, severely disabled person’s card or certificate of good conduct (reliability test).

The fact check is carried out by the respective HR department and, if necessary, additionally by the HR Compliance & labor law department (MAC). Only a limited group of people internally has access to your data. In the case of conspicuous findings within the framework of the fact check, the results are discussed in a committee (department, personnel area, works council). The result of the consultation is documented and stored in the personnel file. For new hires, the completed checklist for the fact check will be deposited in the personnel file and will remain there according to the deletion period for relevant personnel documents and data. Other data storage or processing does not take place. For not hired external candidates, the checklist for the fact check will be deleted after four months while for all other candidates, it will be deleted after three years of storage in their personal file.

The processing of your personal data for the purpose of establishing an employment relationship is required in the sense of Section 26 (1) (1) BDSG, since we have a legitimate interest in people who are integer and acting in accordance with applicable law. The contents of the fact check are also regulated in a collective agreement.

The provision of personal data is required for a contract.

3.3 Compliance with legal obligations

We process your personal data to comply with legal obligations to which we are subject. The data processing is based on Article 6 paragraph 1 letter c) GDPR. These obligations may arise, for example, from commercial, tax, money laundering, financial or criminal law. The purposes of the processing result from the respective legal obligation; as a rule, the processing serves the purpose of complying with state control and information obligations.

Data is processed on the basis of Article 6 (1) (c) GDPR. We process the personal data that is required in order to comply with the respective statutory obligation.

We delete the data once the statutory obligation ceases to apply, unless other legal grounds apply. If the latter is the case, we delete the data once the other legal grounds cease to apply.

3.4 Safeguarding of legitimate interests

We also process your personal data to pursue the legitimate interests of ourselves or third parties, unless your rights, which require the protection of your personal data, outweigh these interests. The data processing is based on Article 6 paragraph 1 letter f) GDPR. The processing to safeguard legitimate interests is carried out for the following purposes or to safeguard the following interests.

• Operational reporting
• Performing and optimizing the recruitment process (performing consultations in personnel marketing, applicant surveys and statistical analyses)

When you call up the Online Service, data relating to your end device and your use of the online offer are processed and stored in a so-called log file. This concerns in particular technical data such as date and time of access, duration of the visit, type of terminal device, operating system used, functions used, amount of data sent, IP address and referrer URL. We process this data to ensure technical operation and to determine and eliminate faults. In doing so, we pursue the interest of permanently ensuring technical operability. We do not use this data for the purpose of drawing conclusions about your person.

3.5 Consent

We process your personal data on the basis of corresponding consent. The data processing is based on Article 6 paragraph 1 letter a) GDPR. If you give your consent, it is always for a specific purpose; the purposes of processing are determined by the content of your declaration of consent. You may revoke any consent you have given at any time, without affecting the legality of the processing that has taken place on the basis of the consent until revocation.

If you have given consent for certain purposes, such as the checking of your application, the purposes are evident in the wording of this granted consent.

Data is processed on the basis of Article 6 (1) (a) GDPR. You may withdraw your consent at any time without stating a reason. This withdrawal will not affect the lawfulness of processing based on consent given before it is withdrawn.

We delete the data when you have withdrawn your consent, unless other legal grounds apply. If the latter is the case, we delete the data once the other legal grounds cease to apply

3.6  Change of purpose

If we process your personal data for a purpose other than that for which the data was collected, beyond the scope of a corresponding consent or a mandatory legal basis, we will take into account, in accordance with Article 6 paragraph 4 GDPR, the compatibility of the original and the now pursued purpose, the nature of the personal data, the possible consequences of further processing for you and the guarantees for the protection of the personal data.

3.7 Profiling

We do not carry out automated decision making or profiling in accordance with Article 22 GDPR. Profiling is only carried out to protect our legitimate interests as described above.

5. Cookies and comparable technologies

We use cookies and comparable technologies in connection with the Online Service which serve to communicate with your end device and exchange stored information (hereinafter collectively referred to as “Cookies”). These Cookies are primarily used to make the functions of the Online Service usable. General examples in which the use of Cookies is technically required in this sense are the storage of a language selection. Accordingly, technically required Cookies may be used by us to enable the processing described in section 3.1 and to

If you do not wish to use Cookies in general, you can also prevent their storage by adjusting the settings of your end device accordingly. Stored Cookies can be deleted at any time in the system settings of your terminal device. Please note that blocking certain types of Cookies can lead to impaired use of the Online Service.

6. Integrated third-party services

To provide you with the best user experience, we use professional third party services for organizing your application process. For the application form, we use the tool Elementor Pro. Your data is submitted and safed via our office 365 cloud server that are operated by Microsoft in Germany. For a connection of the online application system and our servers, we use products from wpforms.

7. Recipients of personal data

Within our company, only those persons who need your personal data for the respective purposes mentioned have access to it. Your personal data will only be passed on to external recipients if we have legal permission to do so or have your consent. Below you will find an overview of the corresponding recipients: 

• Ruhr-University Bochum: if your application is connected to the GEMESYS Exist Grant, taking place as a project at the Ruhr-University Bochum, we will process your data to the respective HR Department after making you a job offer.  

8. Storage duration, erasure of data

We store your personal data on ouroffice 365 server operated by Microsoft in Germany, if there is legal permission to do so, only as long as necessary to achieve the intended purposes or as long as you have not revoked your consent. In the event of an objection to processing, we will delete your personal data, unless further processing is still permitted by law. We will also delete your personal data if we are obliged to do so for other legal reasons. Applying these general principles, we will usually delete your personal data immediately

• after the legal permission has ceased to apply and provided that no other legal basis (e.g. commercial and tax law retention periods) intervenes. If the latter applies, we will delete the data after the other legal basis has ceased to apply;
• if your personal data is no longer required for the purposes we pursue and no other legal basis (e.g. commercial and tax law retention periods) intervenes.

9. Rights of data subjects

Right to access: You have the right to receive information about your personal data stored by us.

Right to rectification and erasure: You can demand that we correct incorrect data and, if the legal requirements are met, delete your data.

Restriction of processing: You can demand that we restrict the processing of your data, provided that the legal requirements are met.

Data portability: If you have provided us with data on the basis of a contract or consent, you may, if the legal requirements are met, demand that the data you have provided us with are handed over in a structured, common and machine-readable format or that we transfer it to another controller.

Objection: You have the right to object at any time to data processing by us based on the safeguarding of legitimate interests for reasons arising from your particular situation. If you make use of your right to object, we will stop processing the data unless we can prove compelling reasons for further processing worthy of protection which outweigh your rights and interests.

Objection to direct marketing: If we process your personal data for the purpose of direct marketing, you have the right to object to our processing of your data for this purpose at any time. If you exercise your right to object, we will stop processing your data for this purpose.

Revocation of consent: If you have given us your consent to process your personal data, you can revoke it at any time with effect for the future. The legality of the processing of your data until revocation remains unaffected.

Right to lodge a complaint with a supervisory authority: You can also lodge a complaint with the competent supervisory authority if you believe that the processing of your data violates applicable law. You can contact the supervisory authority responsible for your place of residence or your country or the supervisory authority responsible for us.

Your contact with us and the exercise of your rights: Furthermore, you can contact us free of charge if you have questions regarding the processing of your personal data and your rights as a data subject. Please contact us at https://www.porsche.com/privacy-contact/ or by letter mail to the address provided under Section 1. Please make sure that we can definitely identify you. If you revoke your consent, you can alternatively choose the contact method that you used when you gave your consent.

11. Effective date

The latest version of this Privacy Policy applies. This version dates from 15.12.2020.