Information regarding the processing of your application data

Herewith we inform you about the processing of your personal data according to Art. 13 General Data Protection Regulation (GDPR) through the Chromsystems GmbH and your rights according to data protection law.

1.   Who is responsible for the processing of personal data?
Controller responsible for processing of data is Chromsystems Instruments & Chemicals GmbH, Am Haag 12, 82166 Gräfelfing/Munich, Germany, e-mail: mailbox@chromsystems.com (see legal notice).

2.   Who is our Data Protection Officer?
The company has appointed an external data protection officer. Mister Raimund Kalytta can be reached via the e-mail address datenschutz@chromsystems.com or directly via +49 8104 – 648 32 0.

3.   Which data categories do we use as employer and where did we get your data from?
Especially your basic claims data (such as first name, last name, name affixes), contact data (e.g. private address, (mobile) phone number, e-mail address), all data that result from your application (possibly also health data, as far as included) as well as data regarding your bank account (in order to reimburse travel expenses).
Usually, your personal data will be collected during the application procedure. Additionally, we can have collected data from third parties (such as employment agency).
Additionally, we process personal data that we have permissively collected from publicly accessible resources (e.g. professional social media).

4.   For what purposes and based on what legal basis will personal data be processed?
We process your personal data taking into account the provisions of the GDPR, the Federal Data Protection Act (FDPA) as well as any other relevant legal provisions (e.g. Working Time Law etc.).
The processing of personal data takes only place for the paramount legal provision for this is Art. 6 (1) 1 b) GDPR in conjunction with § 26 (1) 1 FDPA.
Furthermore, your separate consent according to Art. 6 (1) 1 a), 7 GDPR in conjunction with § 26 Abs.2 FDPA will be used as data protective permission requirement.
If you have given us your consent to store your personal data for a defined period of time after the end of the application process or to use your personal data for similar application processes within the group entity, the legal basis is Art. 6 (1) a GDPR in conjunction with § 26 (2) FDPA.
As far as special categories of personal data (especially health data, e.g. severe disability) according to Art. 9 (1) GDPR are being processed, within the application process this takes only place in order to fulfil our legal duties arising from § 164 SGB IX (Social Code IX).
Should we not want to process your personal data for the purposes mentioned above, we will inform you beforehand and fill you in on the applicable legal basis.

5.   Who will get your data?
Within our company, only the people and bodies receive your personal data, which are responsible for the concrete application process. These are the personnel in the HR department as well as the managers and potential supervisors of the departments in which a position is to be filled and the management

6.   Will your data will be transferred to a third country?
We do not transfer personal data to third parties outside the European Economic Area (EEA).

7.   How long will your data be stored?
As long as no legal storing period does exist, your data will be deleted as soon as storage is not needed any more, or if the legitimate interest of the storage has expired, respectively. If no employ-ment relationship is established, usually deletion will take place after six months upon termination of the application process, the latest.
In single cases a longer storage of individual data (e.g. travel expenses) can take place. The duration of storage depends on the legal storage obligations such as arising from the General Tax Code (6 years) or the Commercial Code (10 years).
If you have given us your consent to store your personal data beyond the application process for a determined period of time, this period of time shall be applicable.

8.   What data protection rights can you claim as data subject?
Every data subject has the right of access according to Art. 15 GDPR, the right to rectification ac-cording to Art. 16 GDPR, the right to erasure according to Art. 17 GDPR, the right to restriction of processing according to Art. 18 GDPR as well as the right to data portability according to Art. 20 GDPR.
Regarding the right of access as well as the right of erasure the limitations according to §§ 34 and 35 FDPA-new do apply.

9.   Where can you lodge a complaint?
Furthermore, you have a right of appeal to the competent supervisory authority. The competent supervisory authority is:
Bayerische Landesamt für Datenschutzaufsicht, Promenade 27 (Schloss), 91522 Ansbach, Germany
Phone: +49 981 53 1300, Fax: +49 981 53 98 1300,
E-Mail: poststelle@lda.bayern.de

10.   To what extent will automated individual decision making or measures of profiling take place?
We do not make use of pure automated individual decision making – including profiling – in order to induce a decision for the establishment of an employment relationship.