Data Privacy Statement

Initial information pursuant to Art. 13 GDPR

With regard to the registration and use of the applicant portal, we inform you below about the processing of your personal data, taking into account the data protection requirements of Art. 13 GDPR:

1. Responsible

The person responsible for data processing is:


Carl-Zeiß-Straße 1;07743 Jena, Germany

Phone: +49 3641 65-0; Fax: +49 3641 424514

E-mail:; Website:

represented by the Board of Directors:

Dr Stefan Traeger (Chairman), Dr Ralf Kuschnereit and Dr Prisca Havranek-Kosicek

Registered in the Commercial Register at Jena District Court, HRB 200146

Sales tax identification number: DE 150524241

2. Data Protection Officer

Data Protection Officer of the controller is:

Data Protection Officer of JENOPTIK AG

Carl-Zeiß-Straße 1; 07743 Jena Germany

Phone: +49 3641 65-2235; e-mail:

3. Purpose and scope of the processing

3.1 Registration (creation of an account)

We use a career portal for an application. Registration is required to use the portal. The portal helps us to transmit your data to the HR department in encrypted form. If you send us a postal application, the registration of the application in the career portal will be handled by the HR department. The following data is processed for an application and registration in the career portal:

  • First name, last name
  • Password
  • E-mail address
  • Country/region of residence

The processing of registration data allows you to complete, manage and modify your application documents.

3.2 Application procedure

When you apply to us, we process the data you provide in order to fill advertised vacancies and to select qualified applicants. Among other things, this includes the following data:

  • First name, last name
  • Date of birth
  • Title
  • Gender
  • Address
  • Telephone number
  • E-mail address
  • Images
  • Value judgements/ testimonials
  • Qualification data
  • Other information included in CV etc.

Sensitive data such as religious or philosophical beliefs, memberships in a trade union or political party, health data or data on sexual life etc. may also be collected as part of the application. We recommend that, if possible, data of this kind should not be transmitted to us for processing.

3.3 Re-addressing and transmission

Should you choose the option to be included in our talent pool, then we will not collect any additional data from you. This is an extension of the processing. The data provided in the application process will then be stored for longer for future positions, will be visible to a wider number of companies and companies may also approach you with vacancies.

4. Legal basis for the processing

4.1 Application procedure

Your details will be used for processing your application and deciding on the establishment of an employment relationship. The legal basis is Art. 6 para. 1 lit b) GDPR in conjunction with Art. 88 GDPR and  §26 BDSG.

Furthermore, your personal data may be processed insofar as this should be necessary for the defence of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest lies in the defence of possible legal claims and the proof that legal requirements (e.g. from the AGG) have been met.

4.2 Re-addressing and transmission

The processing of data within the scope of the talent pool is based on your consent pursuant to Art. 6 Para. 1 S.1 lit. a GDPR.

5. Duration of storage

5.1 Registration and application procedure

Your application data will not be processed beyond the described use. Your personal data will be deleted no later than six months after completion of the application process, unless there are other legitimate interests on our part that prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Account data will be deleted six months after account inactivity.

5.2 Re-addressing and transmission 

In the event of consent to processing within the scope of the talent pool, your data will be stored for an additional six months.

6. Recipient categories

6.1 Applicant portal and application procedure

Within the JENOPTIK Group, access to your applicant data is granted to the companies to which you apply for a position. This can be any company affiliated with JENOPTIK AG in accordance with § 15 AktG. You will find a list of these companies under the following link:

Data is only passed on to recipients outside our company if regulations permit or require this or if we are otherwise authorised to pass on data. Under these conditions, recipients of personal data may be:

  • Public bodies and institutions, where there is a legal or regulatory obligation.

In rare individual cases of maintenance or for fault analysis, support partners of hardware or software may be used. The legally stipulated contractual regulations on purpose limitation and confidentiality are concluded with these partners.

6.2 Re-addressing and transmission

If you have consented to processing within the scope of the talent pool or have selected "worldwide" or "national" for your profile visibility, all companies affiliated with the JENOPTIK AG Group may become recipients of your data in accordance with § 15 AktG. You can find a list of these companies under the following link:

7. Recipients outside the EEA

For the purposes of risk management and sanctions list screening, your personal data from the application will be shared with Dow Jones & Company Inc (4300 U.S. Route 1 North Monmouth Junction, NJ 08852). In the absence of an adequacy decision by the Commission pursuant to Article 45 of the GDPR, we ensure an appropriate and adequate level of security for your personal data through contractual arrangements (namely the EU standard contractual clauses).

8. Data subjects' rights

As a data subject, you have the following rights. To assert your rights, please contact the data protection officer.

8.1 Information

You have the right to information about the data stored in relation to you and how we collect, process and store this data, Art. 15 GDPR.

8.2 Correction/ Addition

You can request the correction or completion of incorrect or incomplete data concerning you, Art. 16 GDPR.

8.3 Revocation of consent given

You can revoke your consent at any time with effect for the future, Art. 7 (3) GDPR.

8.4 Right to object in the case of processing based on legitimate interests and in the public interest (Art. 6 para. 1 lit. e) and f) GDPR)

You may object to processing of your personal data based on legitimate interests at any time for reasons arising from your particular situation, Art. 21(1) GDPR.

8.5 Deletion

According to Art. 17 of the GDPR, you have the right in certain situations to request the deletion of the data concerning you. For example, you can request deletion if the data is no longer necessary for the intended purpose or is processed unlawfully, or you have revoked your previously given consent or declared an objection to the processing; however, we can only delete your personal data if there is no legal obligation to retain it or there is no overriding right to retain it.

8.6 Restriction of processing

You can also request the restriction of data processing under the conditions of Art. 18 GDPR.

8.7 Data portability

In certain cases, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. At the same time, you have the right to transmit this data to another controller or, if technically feasible, to have it transmitted by us, Art. 20 GDPR.

8.8 Right of appeal to the supervisory authority

If you believe that the processing of your data violates the GDPR or other data protection law, you can contact a data protection supervisory authority. The supervisory authority responsible for us is the Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI); Postfach 90 04 55; 99107 Erfurt; e-mail: .

However, you may also submit your complaint to any other data protection supervisory authority, in particular in the Member State of your residence, workplace or the place of an alleged infringement.


As at July 2023