Helsing’s candidate privacy and confidentiality regime

We are pleased that you have applied to Helsing, and that you have placed your trust in us to handle the personal information you have submitted as part of this application process. Below we inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation (GDPR).
As Data Controller, Helsing GmbH is responsible for the processing of your personal data. Helsing GmbH is registered with the commercial register of the local court of Munich under registration number HRB 264368, having its registered business address at Mühldorfstrasse 8, 81671 Munich, Germany.

Helsing’s Data Protection Officer

You can contact Helsing’s Data Protection Officer (DPO) at DPO@helsing.ai

1. Information on the processing of your personal data relating to the job application process

What personal data do we use?

We process your personal data, as far as it is necessary for the execution of your job application. This is likely to include the following data categories:

Standard information:

• Applicant data (first name, last name, address, job position)
• Qualification data (cover letter, CV, previous employment and education, professional qualifications)
• Work certificates (performance data, assessment data etc.)

Special information (as may be required for specific positions):

• Police certificate of good conduct
• Creditworthiness information
• Results of aptitude tests
• Result of the medical aptitude test (e.g., suitable, not suitable, conditionally/restrictedly suitable)

Other information:

• Publicly accessible, job-related data (e.g., your professional social media profile)
• Voluntary information (e.g., an application photo, information on severely disabled persons or other information that you voluntarily provide to us in your application)

2. Where is this data sourced from?

We process personal data that we receive from you during the application process. We also may receive personal data from the following sources:

• Other Helsing group companies (see https://helsing.ai/privacy-policy-legal)
• Recruitment service providers
• LinkedIn and other open sources

3. For what purposes do we process your data and on what legal basis?

We process your personal data in compliance with GDPR and any applicable national privacy regulations or equivalent in the countries where we hire employees or are doing business, such as the German Federal Data Protection Act (BDSG) in Germany.

3.1 Data processing for the purpose of the application

Personal data of applicants may be processed for the purposes of the application if this is necessary for the decision to establish an employment relationship with us
The necessity and scope of the data collection are judged, among other things, by the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health conditions, more extensive data collection may be necessary. In order to protect data, such data processing takes place only after the selection of applicants has been completed and immediately before you are hired.

3.2 Data processing on the basis of consent given by you

By applying for a job at Helsing, you have given us your voluntary consent to the collection, processing, transfer and/or storage of certain personal data. This consent forms the legal basis for the processing of this data. In the following cases we process your personal data on the basis of your consent:

• Admission to the applicant pool (this means we store the application documents beyond the current application procedure for consideration in later application procedures)
• Share the application with other Helsing group companies

3.3 Data processing on the basis of a legitimate interest of the controller (Art. 6 para.1 lit. f GDPR)

In certain cases, we process your data to protect our legitimate interests or that of third parties:

• To defend legal claims in proceedings under equal treatment laws, such as the German General Equal Treatment Act (AGG). In the event of a dispute, we have a legitimate interest in processing the data for evidence purposes.
• Data comparison with EU anti-terrorist lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002.

4 To whom will your data be passed on?

Your data will be processed mainly by our human resources department and the department manager of the position to be filled. In some cases, however, other internal and external bodies are also involved in the processing of your data. These may include:

Internal departments:

• Legal and Compliance, if required

Other Helsing group companies:

• See https://helsing.ai/privacy-policy-legal

External Services Providers:

• Service provider of candidate management systems, such as Greenhouse
• IT service providers (e.g. maintenance service providers, hosting service providers
• Service Provider for data and file destruction

5 Will your data be transferred to countries outside the European Union (so-called third countries)?

We may use service providers located in third countries outside the European Union to process your data. We acknowledge that countries outside the European Union (and the European Economic Area (EEA)) handle the protection of personal data differently from countries within the European Union and there is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection. We have therefore taken special measures to ensure that your data is processed in third countries as securely as within the European Union, where applicable. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.

6 For how long do we store your data?

We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us is not concluded, we may also further store data, insofar as this is necessary to defend against possible legal claims. Your data will be deleted within one year after the end of the application process.

If an employment relationship is not established, but you have given us your consent for the further storage of your data, we will store your data until your consent is revoked, or for a maximum of three years. On specific occasions, we may store your data for longer periods for the defense purposes against possible legal claims.

7 What rights do you have in connection with the processing of your data?

See https://helsing.ai/privacy-policy-legal

8 Is there an obligation to provide your personal data?

There is no legal or contractual obligation to provide your personal data. However, providing your personal data is required to carry out the application process. This means that if you do not provide this data we will not be able to carry out the application process.

9 Changes to this information

If the purpose or manner of processing your personal data changes significantly, we will update this information and inform you about the changes.

10 Confidentiality regime

During the application process, we may disclose or share with you information that may be highly confidential and of considerable value. The transfer of some or all of such information and/or disclosure thereof to any third party is liable to cause severe and irrevocable damage to Helsing. By agreeing to this policy, you are undertaking to maintain the Confidential Information (as defined below) in strict confidentiality, all as detailed hereunder.

The term “Confidential Information” shall mean all information of confidential nature in any and all media disclosed by us to you. This shall include all information, analyses, compilations, studies, documents, books, papers, drawings, ideas, concepts, systems, processes, procedures, methods, models, sketches and all embodiments of any of the foregoing (whether communicated orally, in written form or stored in any other media) regarding Helsing or its shareholders, backers, or affiliates. It also includes any information concerning our business activities and strategies, financial information, customer and supplier lists, intellectual property, technology, research, marketing information or plans and information regarding our products and services. For the avoidance of doubt, Confidential Information shall include (i) any such information disclosed by us to you during the preliminary meetings, and (ii) unless otherwise agreed in writing, the existence of the relationship between us and you, or the considerations thereof.

You undertake to maintain all Confidential Information in strict and absolute confidence and to refrain from any disclosure and/or publication and/or description and/or communication of the Confidential Information, in whole or in part, to any third party whatsoever. Furthermore, you shall at all times take the necessary precautions to keep the Confidential Information confidential, and such precautions shall in no event be less than those you utilise to protect your own confidential information.