Application Data Protection declaration

Dear applicant, Here you will find information on how we handle personal data relating to your application. Below we explain what data we collect about you, what this is necessary for, who receives this data, how long it is stored and what rights you have with regard to your data.

1. Who is responsible for data processing and who can I contact?

The controller for applications to Expleo Technology Germany GmbH is:

Expleo Technology Germany GmbH
Stollwerckstrasse 11
51149 Cologne
Represented by the managing director Ralph Gillessen

The responsible body for applications at Expleo Germany GmbH is:

Expleo Germany GmbH Wilhelm-Wagenfeld-Str. 1-3 80807 Munich Represented by the managing directors Marcus Ganguin and Ralph Gillessen

In addition, you may contact our external data protection officer at:

Horst Speichert
Data Protection Officer
esb Attorneys at Law Stuttgart
Schockenriedstr. 8A
70565 Stuttgart
Phone: +49 711 46 90 58 – 0
Fax: +49 711 46 90 58 – 99

2. Which data do we process?

We only process personal data that we receive from you as part of your application. These are in particular:
  • Personal data (first and last name, date of birth, address, school certificate)
  • Communication data (telephone, mobile phone, fax number, e-mail address)
  • Data on assessment and evaluation in the application process
  • Data on education (school, vocational training, civil/military service, studies, doctorate)
  • Data on previous professional career, training and work references, information on other qualifications (e.g. language skills, PC skills),
  • Application photo
  • Application history
  • Other data provided to us voluntarily during the application process (e.g. voluntary activities, hobbies, etc.)

3. Data processing purposes and legal basis

We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such. Where we share your data with third parties, we provide written instructions to them to ensure that your data are held securely and in line with GDPR requirements. Third parties must implement appropriate technical and organisational measures to ensure the security of your data.

a) Your consent according to Art. 6 para. 1 lit. a) GDPR, §26 para. 2 BDSG.

If you have consented to process personal data for specific purposes (e.g. participating in our application pool), the lawfulness of this processing is based on your consent. You can withdraw your consent at any time with effect for the future. Your data will then be deleted or will no longer be used after the expiration of legal retention obligations. If you withdraw your consent, the processing of your data that took place until the withdrawal remains lawful.

b) Art. 6 para. 1 lit. b), Art. 88 para. 1 GDPR in conjunction with. § Section 26 BDSG.

The legal basis for the processing of personal data based on the application procedure results from Art. 6 para. 1 lit. b), Art. 88 para. 1 GDPR in conjunction with. § 26 BDSG.

c) Art. 6 para. 1 lit. f) GDPR.

To the extent necessary, we process your data to protect the legitimate interests of us or third parties (measures for building and facility security, for example, access controls, ensuring IT security, assertion of legal claims and defense in legal disputes).

d) Art. 9 para. 2 lit. h) GDPR in conjunction with. § 22 para. 1 lit. b) BDSG.

In addition, the processing of health data for the assessment of your ability to work may be subject to Art. 9 (2) h) GDPR in conjunction with. § 22 para. 1 lit. b) BDSG may be necessary.

4. Who receives my data (categories of recipients)?

a) Internal offices

Your data will only be received by the internal bodies involved in the decision (responsible personnel or specialist departments, works council).

b) External service providers

The following external service providers have access to personal data who work for the data controller and receive personal data of the data subject in this context:

  • Service provider for telecommunications
  • Service providers for file and data destruction
  • Service providers for system hosting

Data transfers to third countries only occur within the scope of communication required for the fulfillment of the contract and other exceptions expressly provided for in the GDPR. Otherwise, there is no transfer to third countries.

Other data recipients may be those entities for which you have given us your consent to transfer data.

5. How long will your personal data be stored?

We store your personal data for six months, taking into account § 61b para. 1 ArbGG in conjunction with. § 15 para. 4 AGG. The start of the term is the receipt of the rejection letter. This does not apply if you give us your consent to store your data for a longer period (e.g. inclusion in an application pool). In the case of inclusion in the applicant pool, deletion takes place after two years.

6. What data protection rights do you have?

Here you will find your rights in relation to your personal data. Details are provided in Articles 7, 15-22 and 77 of the GDPR. You can contact the controller or the data protection officer in this regard.

a) Right to withdraw your consent under data protection law pursuant to Art. 7 para. 3 P. 1 GDPR

You may withdraw your consent to the processing of your personal data at any time with effect for the future. However, the lawfulness of the processing carried out on the basis of the consent until the withdrawal is not affected by this.

b) Right of access according to Art. 15 GDPR.

You have the right to request confirmation as to whether we are processing personal data relating to you. If this is the case, you have the right of access to  this personal data as well as further information, e.g. the processing purposes, the recipients and the planned duration of storage or the criteria for determining the duration.

c) Right to rectification and completion according to Art. 16 GDPR.

You have the right to request the rectification of inaccurate data without undue delay. Taking into account the purposes of the processing, you have the right to request the completion of incomplete data.

d) Right to erasure (“right to be forgotten”) according to Art. 17 GDPR.

You have a right to erasure insofar as the processing is not necessary. This is the case, for example, if your data is no longer necessary for the original purposes, you have withdrawn your declaration of consent under data protection law or the data was processed unlawfully.

e) Right to restriction of processing according to Art. 18 GDPR.

You have a right to restriction of processing, e.g. if you believe that the personal data is incorrect.

f) Right to data portability according to Art. 20 GDPR.

You have the right to receive the personal data concerning you in a structured, common and machine-readable format.

g) Right to object according to Art. 21 GDPR.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of certain personal data concerning you. In the case of direct marketing, you as the data subject have the right to object at any time to the processing of personal data concerning you for the purposes of such marketing; this also applies to profiling, insofar as it is related to such direct marketing.

h) Automated decision in individual cases including profiling according to Art. 22 GDPR

You have the right not to be subject to a decision based solely on automated processing – including profiling – except in the exceptional circumstances mentioned in Art. 22 GDPR. No decision-making based exclusively on automated processing – including profiling – shall take place.

i) Complaint to a data protection supervisory authority pursuant to Art. 77 GDPR.

You can also lodge a complaint with a data protection supervisory authority at any time, for example if you believe that data processing is not in compliance with data protection regulations. Competent data protection supervisory authority for Expleo Technology Germany GmbH: State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia. Kavalleriestraße 2-4, 40213 Düsseldorf, Germany Telephone: +49 (0) 211 38424 – 0 Fax: +49 (0) 211 38424 – 10 E-mail: Competent data protection supervisory authority for Expleo Germany GmbH: Bavarian State Office for Data Protection Supervision PO Box 1349 91504 Ansbach, Germany Phone: +49 (0) 981 180093-0 Fax: +49 (0) 981 180093-800 E-mail: