Data Privacy Statement
Information pursuant to Art. 13 and 14 GDPR
With regard to the registration and use of the applicant portal, we inform you below about the processing of your personal data, taking into account the data protection requirements of Art. 13 GDPR:
1. Controller
The Controller of data processing is:
JENOPTIK AG
Carl-Zeiß-Straße 1;07743 Jena, Germany
Phone: +49 3641 65-0; Fax: +49 3641 424514
E-mail: info@jenoptik.com; Website: www.jenoptik.de
2. Data Protection Officer
Data Protection Officer of the controller is:
Data Protection Officer of JENOPTIK AG
Carl-Zeiß-Straße 1; 07743 Jena Germany
Phone: +49 3641 65-2340; e-mail: data-protection@jenoptik.com
3. Purpose and scope of the processing
3.1 Registration (creation of an account)
We use a career portal for an application. Registration is required to use the portal. The portal helps us to transmit your data to the HR department in encrypted form. If you send us a postal application, the registration of the application in the career portal will be handled by the HR department. The following data is processed for an application and registration in the career portal:
First name, last name
Password
E-mail address
Country/region of residence
Your registration allows you to complete, manage and modify your application documents.
3.2 Application procedure
When you apply, we process your data in order to fill advertised vacancies and to select qualified applicants. Among other things, this includes the following data:
First name, last name
Date of birth
Title
Gender
Address
Telephone number
E-mail address
Images
Value judgements/ testimonials
Qualification data
Other information included in CV etc.
Sensitive data such as religious or philosophical beliefs, memberships in a trade union or political party, health data or data on sexual life etc. may also be collected as part of the application. We recommend that, if possible, data of this kind should not be transmitted to us for processing.
3.3 Pre-Employment Screening and Background-Checks
To the extent permitted by law, customary in the industry and reasonable in relation to the position to be filled, we may also collect individual relevant data on your application in career portals (Indeed, LinkedIn) or with general search engines, provided that they are generally available or have been released by you. In individual cases, we may ask your former employer to confirm certain information, where legally permissible. AI-based “scraping” (or other AI-based procedures) is not used in application procedures at the companies of the JENOPTIK Group, nor is the collection of data that is not related to your qualifications.
3.4 Re-addressing and forwarding
Should you choose to be included in our talent pool, we will not collect any additional data from you. This is, however, an extension of the processing. The data provided in the application process will then be stored for future positions, and will be visible to a wider number of Group companies and these Group companies may also approach you with vacancies.
4. Legal basis for the processing
4.1 Application procedure
Your details will be used for processing your application and deciding on the establishment of an employment relationship. The legal basis is Art. 6 para. 1 lit b) GDPR.
Furthermore, your personal data may be processed insofar as this should be necessary for the defence of asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. The legitimate interest lies in the defence of possible legal claims and the proof that legal requirements (e.g. from the German General Equality Act [Allgemeines Gleichbehandlungsgesetz, AGG]) have been met.
4.2 Re-addressing and forwarding
The processing of data within the scope of the talent pool is based on your consent pursuant to Art. 6 Para. 1 S.1 lit. a GDPR.
5. Duration of storage
5.1 Registration and application procedure
Your application data will not be processed beyond the described use. Your personal data will be deleted no later than six months after completion of the application process, unless there are other legitimate interests on our part that prevent deletion. Other legitimate interest in this sense is, for example, a duty to provide evidence in proceedings under the General Equality Act.
Account data will be deleted six months after account inactivity.
5.2 Re-addressing and forwarding
In the event of consent to processing within the scope of the talent pool, your data will be stored for an additional six months.
6. Categories of recipients
6.1 Applicant portal and application procedure
Within the JENOPTIK Group, access to your applicant data is only granted to the company or companies to which you apply for a position. This can be any company affiliated with JENOPTIK AG in accordance with § 15 AktG (Stock Corporation Act [Aktiengesetz]). You will find a list of these companies under the following link: https://www.jenoptik.de/ueber-jenoptik/unternehmensstruktur/standorte
Data is only passed on to recipients outside our company if regulations permit or require this or if we are otherwise authorised to pass on data. Under these conditions, recipients of personal data may be:
Public bodies and institutions, where there is a legal or regulatory obligation.
In rare individual cases of maintenance or for fault analysis, support partners of hardware or software may be used. The legally stipulated contractual regulations on earmarking and confidentiality are concluded with these partners.
6.2 Re-addressing and transmission
If you have consented to processing within the scope of the talent pool or have selected "worldwide" or "national" for your profile visibility, all companies affiliated with the JENOPTIK AG Group may become recipients of your data in accordance with § 15 AktG. You can find a list of these companies under the following link: https://www.jenoptik.de/ueber-jenoptik/unternehmensstruktur/standorte
7. Recipients outside the EEA
For the purposes of risk management and sanctions list screening, your personal data from the application will be shared with Dow Jones & Company Inc (4300 U.S. Route 1 North Monmouth Junction, NJ 08852). In the absence of an adequacy decision by the Commission pursuant to Article 45 of the GDPR, we ensure an appropriate and adequate level of security for your personal data through contractual arrangements (namely the EU standard contractual clauses).
8. Data subjects' rights
As a data subject, you have the following rights. To assert your rights, please contact the data protection officer.
8.1 Information
You have the right to information about the data stored in relation to you and how we collect, process and store this data, Art. 15 GDPR.
8.2 Correction/ Addition
You can request the correction or completion of incorrect or incomplete data concerning you, Art. 16 GDPR.
8.3 Revocation of consent given
You can revoke your consent at any time with effect for the future, Art. 7 (3) GDPR.
8.4 Right to object in the case of processing based on legitimate interests and in the public interest (Art. 6 para. 1 lit. e) and f) GDPR)
You may object to processing of your personal data based on legitimate interests at any time for reasons arising from your particular situation, Art. 21(1) GDPR.
8.5 Deletion
According to Art. 17 of the GDPR, you have the right in certain situations to request the deletion of the data concerning you. For example, you can request deletion if the data is no longer necessary for the intended purpose or is processed unlawfully, or you have revoked your previously given consent or declared an objection to the processing; however, we can only delete your personal data if there is no legal obligation to retain it or there is no overriding right to retain it.
8.6 Restriction of processing
You can also request the restriction of data processing under the conditions of Art. 18 GDPR.
8.7 Data portability
In certain cases, you have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format. At the same time, you have the right to transmit this data to another controller or, if technically feasible, to have it transmitted by us, Art. 20 GDPR.
8.8 Right of appeal to the supervisory authority
If you believe that the processing of your data violates the GDPR or other data protection law, you can contact a data protection supervisory authority. The supervisory authority responsible for us is the Thuringian State Commissioner for Data Protection and Freedom of Information (TLfDI); Postfach 90 04 55; 99107 Erfurt; e-mail: poststelle@datenschutz.thueringen.de .
However, you may also submit your complaint to any other data protection supervisory authority, in particular in the Member State of your residence, workplace or the place of an alleged infringement.
As at July 2024