The protection of your personal data is of the utmost importance to us. Consequently, we process your data exclusively in compliance with statutory and data protection regulations.
I. Responsible party
The party responsible for processing your personal data is
Symanto Research GmbH & Co. KG
represented by managing director Mr Khalleq Aziz
Pretzelder Straße 15
Telephone: +49 911 378 466 39
Email [email protected]
The following person has been appointed as the data protection officer
Dr Matthias Müller
Arndtstraße 4, 90419 Nuremberg
II. Which data is processed?
Personal data is any data or information about yourself provided to us by you that refers to you personally or can be used to establish a reference to your person.
The personal data we process includes, in particular, your contact information (such a first name, surname, name suffixes, private address, (mobile) phone number, email address) and information on your career (e.g. CV, qualifications and degrees, professional experience) and person (e.g. cover letter, personal interests, salary details). This also includes data from files provided to us, such as your CV, cover letter and certificates. Personal data consists of information you have provided, files you have uploaded and data you entered into the online questionnaire.
Furthermore, in some cases we process personal data obtained from publicly accessible sources (e.g. professional networks).
III. Purpose of processing and legal basis
We process your personal data on the basis of the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other applicable laws (e.g. AGG (General Act on Equal Treatment), etc.).
We collect and process your personal data to enable you to initiate an employment relationship with us for vacancies advertised by us. If an employment relationship is established, we will collect and process data for the duration of the employment relationship and the processing thereof. The primary legal basis for this is Section 6 (1)(b) GDPR in conjunction with Section 26 (1) BDSG.
In individual cases, we process your data in order to protect the legitimate interests of the responsible party or third parties. A legitimate interest is deemed to exist, in particular, if your data needs to be processed for the investigation of criminal offences (legal basis Section 6 (1)(f) GDPR in conjunction with Section 26 (1) p.2 BDSG).
If we process special categories of personal data (e.g. severe disability) in accordance with Section 9 (1) GDPR, this serves to exercise our rights or fulfil legal obligations as stipulated by labour law, social security law and social protection, within the framework of the application procedure. This data is processed on the basis of Section 9 (2) GDPR in conjunction with Section 26 (3) BDSG. Furthermore, the processing of special categories of personal data may be subject to consent in accordance with Section 9 (2) GDPR in conjunction with Section 9 (2)(a) GDPR and Section 26 (3)(2) p.2 BDSG.
Processing of your personal data shall not occur for any other purpose.
IV. Recipients of personal data
To the extent possible, Symanto processes personal data from its applicants internally through its own employees. Symanto employs various specialists for this purpose, who store and process personal data within the scope of their specialist areas. In addition to this, your data may be shared within the Symanto company group or with third parties. In this case, we may be required to conclude statutory contractual provisions or adhere to the corresponding data protection provisions.
The following parties may receive your personal data
Owners and employees of Symanto
Owners and employees of Symanto subsidiaries
Bank institutions, for the settlement and collection of debts
A tax consultancy firm for the purpose of processing tax and accounting information
Financial accounting for the purpose of handling accounts
A law firm for the purpose of representing our legitimate interests and legal advice
An IT service provider for the maintenance of our IT systems
Companies for invoicing purposes
Strategy partners (e.g. for storing data and documents, sending emails, providing product support, maintaining software quality, diagnosing software issues, and tracking user activity)
Due to existing statutory monitoring and reporting obligations, Symanto may need to forward certain information to the competent authorities.
Symanto is permitted to share your personal information with third parties in the following scenarios: (a) if you have provided your consent; (b) in order to comply with valid summons, a legal document, a court order, legal proceedings or any other legal obligation; (c) to implement conditions or policies; or (d) to assert available remedies or defend against legal claims, if necessary.
V. Transfer of personal data to countries outside the EU
Symanto operates as a global company. In this respect, data is primarily processed within the European Union. To ensure that the services provided by Symanto maintain a consistent level of quality and that customers are provided with the best possible service, Symanto aims to hire qualified employees through its effective applications process. As such, certain circumstances may require an applicant’s personal information to be transferred to other Symanto group companies or other recipients in countries outside the European Union.
Symanto protects applicant data at all times, whether it is stored and processed within or outside the European Economic Area, and whether it is processed by Symanto itself or service providers on behalf of Symanto.
If data is transferred outside the European Economic Area it will be protected by appropriate contractual, technical and organisation measures, such as the standard contractual clauses approved by the EU Commission or by the transfer of data to third countries for which a decision has been made on the adequacy of data protection.
It should be noted that data may also be transmitted to countries for which the Commission has not yet reached a decision regarding the adequacy of protection. In this case, Symanto will also take the necessary technical and organisational measures or agree contractual regulations to ensure the greatest possible security for the personal data concerned.
VI. Storage and deletion of data
If we conclude an employment contract with you, the data transmitted will be stored for the purpose of processing the employment relationship in compliance with statutory provisions.
After completion of the application procedure (e.g. in the form of a rejection), your application documents will be deleted after a six month period, provided that we have no legitimate reason to keep them. A legitimate reason in this sense would be, for example, providing evidence in legal proceedings related to the General Act on Equal Treatment (AGG).
If you agree to the storage of your application data after your application to the current vacancy, we will continue to store your application data for future vacancies.
VII. Right to access, correction, deletion or restriction of your personal data; right to objection; right to data transfer
You are entitled to demand information from Symanto about your personal data that has been collected and processed, and demand that your personal data is corrected or deleted, if necessary.
Furthermore, you are entitled to transfer your data and restrict and object to the processing of your personal data.
Please contact Symanto’s data protection officer if you would like to exercise the abovementioned rights.
VIII. General data protection information
We reserve the right to adapt this data protection information to ensure that it always corresponds to current statutory requirements.
Please also refer to our data protection statement for further information on the use of our website.
You can also find descriptions of the settings for web tracking on our website there.
If you have any further questions regarding data protection, please contact the data protection officer for our company
Dr Matthias Müller
Arndtstraße 4, 90419 Nuremberg
You have the right to complain to the responsible supervisory authority about data processing undertaken by our company. The data protection authority responsible for our company it
Landesamt für Datenschutzaufsicht
*For improved legibility we have not used male or female pronouns. All genders (male, female and diverse) are, of course, implied.