LeanIX GmbH (“LeanIX”)
The following application data is collected and processed within the scope of the online application:
In addition, technical information might be transmitted to us from your web browser when you visit our pages. This includes, for example, information about the browser you are using, information about the operating system, the time and date of your visit and, if applicable, the referrer URL. This data will be processed solely as necessary to enable the technical delivery of the online application to your device, and be deleted thereafter, except as necessary to protect us against attacks on our web server or misuse of our online application (based on our legitimate interests in ensuring the effective and secure online application process according to Art. 6(1) lit. f) GDPR). It is not possible for us to combine this data with data from your online application.
Applications for job advertisements of LeanIX GmbH are possible in the following way:
via online application
via e-mail to email@example.com
via mail to HR, LeanIX GmbH, Friedrich-Ebert-Allee 37-39, 53113 Bonn
If you apply via email or mail, we will collect and process the personal data that your reveal to us in the context of your application. Please ensure that you do not reveal any sensitive personal data about your person in the context of your application (such as health data, racial or ethnic origin, political opinions, religious beliefs, trade union membership or sexual orientation) since we do not require such information for deciding on your application.
Your personal application data is collected and processed exclusively for the purpose of processing your application and deciding on the establishment of an employment relationship with you. To the extent necessary to process your application, such as where the position is with another group company or the relevant personnel overseeing your position or deciding on your application are employed with another group company, LeanIX will also share your personal data with the relevant group companies (subject to our intra-group data transfer agreement).
If it should be necessary during the application procedure to collect information on an applicant from a third party, the requirements of the corresponding national laws have to be observed (e.g. applicant background screening in accordance with local law).
If you receive a contract offer, your data will be used after completion of the application procedure for the preparation of the contract offer and for the organization of the training.
Legal basis for the processing of your personal application data for the purposes of establishing the employment are Art. 6 para. 1 lit. b) GDPR and Section 26 para. 1 sentence 1 Federal Data Protection Act (“BDSG”).
Personal data may only be stored for as long as it is necessary for the purpose for which the data is being processed. This means that personal data will be deleted or anonymized as soon as the purpose of its processing has been fulfilled or otherwise lapses. The maximum storage period is 120 days upon formal ending the recruiting process, unless documentation or retention obligations continue to apply, the data is necessary for the protection of our legitimate interests in the establishment, exercise or defense of legal claims, or you provide respective consent (such as in case you would like us to further store your personal data in our talent database for potential future job opportunities).
We have taken various technical and organizational precautions to protect the data collected in the context of your application against manipulation and unauthorized access. In particular, the transmission of your online application is encrypted in accordance with the current technical state of the art.
Your personal data will be stored in our applicant management system. The stored data is only made available to the employees within LeanIX and the relevant group of companies that need to know the data for the above recruitment purposes (see section on purposes).
The application management system is a software-as-a-service solution of a specialized provider. The data protection requirements with regard to the transfer are fulfilled. The data transmitted as part of your application is transferred in a secure way (e.g. TLS encryption) and stored in a database. This database is operated by Greenhouse Software, Inc. (“Greenhouse”) which offers personnel administration and applicant management software (https://www.greenhouse.io). In this context, Greenhouse is our processor according to Art. 28 GDPR. The basis for the processing here is a data processing agreement on the basis of the EU Standard Contractual Clauses between us as the controller and Greenhouse as processor since Greenhouse is based in the United States of America and will be processing your personal data in the United States of America.
A transfer of personal data to countries outside the European Union or the contracting states of the European Economic Area (so-called “third countries”) is generally not intended, but may occur especially when personal data is forwarded to our affiliated group companies, as necessary for recruitment purposes. The laws of third countries outside the EU/EEA may not provide for the same level of data protection as considered adequate within the European Union. However, we have – to the extent legally required – put into place appropriate safeguards and guarantees (such as contractual commitments on the basis of the EU Standard Contractual Clauses and the implementation of supplementary safeguards) to ensure that your personal data will always be protected in accordance with legal requirements. To the extent your personal data is transferred to our affiliated companies in third countries, such as in the USA or India, we have entered into an intra-group data transfer agreement on the basis of the EU Standard Contractual Clauses. For more information on the appropriate safeguards in place, and in order to receive a copy of them (as applicable), please contact us at the contact details set out in this Data Privacy Notice.
To the extent you are affected by the data processing carried out by LeanIX, you have the right subject to applicable legal provisions:
If the processing of personal data is based on your consent, you have the right to revoke this data protection consent in accordance with Art. 7 para. 3 GDPR. The withdrawal of your consent does not affect the lawfulness of the processing of your personal data based on consent before the withdrawal.
To the extent that the processing of your personal data is carried out in accordance with Art. 6 para. 1 lit. f. GDPR in order to safeguard legitimate interests, you have the right, according to Art. 21 GDPR, to object to the processing of such data at any time on grounds relating to your particular situation. LeanIX will then no longer process this personal data unless LeanIX can demonstrate compelling legitimate grounds for the processing. These reasons must override your interests, rights, and freedoms, or the processing must serve to establish, exercise, or defend legal claims.
If you have any questions about the collection, processing or use of your personal data or to exercise your rights, please refer to firstname.lastname@example.org or contact us via other means at the contact details set out in this Data Privacy Notice.
You have the right of lodge a complaint with a data protection supervisory authority if you believe that the processing of personal data concerning you violates applicable data protection law (in particular the EU General Data Protection Regulation).
If you require further information regarding the processing of your personal data, please contact LeanIX at the contact details set out at the beginning of this Data Privacy Notice or via email to the data protection team at email@example.com.
You can also contact our external data protection officer, Mr. Andreas Schmidt, at our postal address with the addition "personally" to the data protection officer or via email to Andreas.Schmidt@tekit.tuev-saar.de.
If you are located in the United Kingdom and have questions about your personal data or would like to request to access, update or delete it, you may contact our representative at:
Bird & Bird GDPR Representative Services UK
12 New Fetter Lane
Main point of contact:Vincent Rezzouk-Hammachi