Helsing’s candidate privacy and confidentiality regime

We are pleased that you have applied to Helsing, and that you have placed your trust in us to handle the personal information you have submitted as part of this application process. Below we inform you about how we process your data and how you can exercise your rights under the General Data Protection Regulation (GDPR).
As Data Controller, Helsing GmbH is responsible for the processing of your personal data. Helsing GmbH is registered with the commercial register of the local court of Munich under registration number HRB 264368, having its registered business address at Mühldorfstrasse 8, 81671 Munich (Germany).

Helsing’s Data Protection Officer

You can contact Helsing’s Data Protection Officer (DPO) as follows:

Tilman Spriegel

Address: Intersoft Consulting Services AG, Beim Strohhause 17, 20097 Hamburg

Phone: +49 40 790 235 – 0

Email: tspriegel@intersoft-consulting.de

1. Information on the processing of your personal data relating to the job application process

What personal data do we use?

We process your personal data, as far as they are necessary for the execution of your job application.
This includes the following data categories:

Standard information:

Applicant data (first name, last name, address, job position)
Qualification data (cover letter, CV, previous employment and education, professional qualifications)
Work certificates (performance data, assessment data etc.)
Special information may be required if the position to be filled requires:
Police certificate of good conduct
Creditworthiness information
Results of aptitude tests
Result of the medical aptitude test (suitable, not suitable, conditionally/restrictedly suitable)
Other information
Publicly accessible, job-related data, e.g. your professional social media profile
Voluntary information, e.g. an application photo, information on severely disabled persons or other information that you voluntarily provide to us in your application

2. Where is this data sourced from?

We process personal data that we receive from you during the application process. We also may receive personal data from the following sources:

Other Group companies (Helsing Germany GmbH, Helsing SAS, Helsing Ltd. and Helsing LLC)
Recruitment service providers
LinkedIn and other open sources

3. For what purposes do we process your data and on what legal basis?

We process your personal data in compliance with the General Data Protection Regulation (GDPR) and the national privacy regulations in the countries where we hire employees, such as the German Federal Data Protection Act (BDSG) in Germany, as well as all other relevant laws in the countries where we are doing business and hiring employees.

3.1 Data processing for the purpose of the application

Personal data of applicants may be processed for the purposes of the application if this is necessary for the decision to establish an employment relationship with us
The necessity and scope of the data collection are judged, among other things, by the position to be filled. If your desired position involves the performance of particularly confidential tasks, increased personnel and/or financial responsibility, or is linked to certain physical and health conditions, more extensive data collection may be necessary. In order to protect data, such data processing takes place only after the selection of applicants has been completed and immediately before you are hired.

By applying for a job at Helsing, you have given us your voluntary consent to the collection, processing or transfer of certain personal data. This consent forms the legal basis for the processing of this data.
In the following cases we process your personal data on the basis of your consent:

Admission to the applicant pool (this means we store the application documents beyond the current application procedure for consideration in later application procedures)
Share the application with Group companies

In certain cases, we process your data to protect our legitimate interests or that of third parties:

To defend legal claims in proceedings under equal treatment laws, such as the German General Equal Treatment Act (AGG). In the event of a dispute, we have a legitimate interest in processing the data for evidence purposes.
Data comparison with EU anti-terrorist lists in accordance with Regulations (EC) No. 2580/2001 and 881/2002:

4 To whom will your data be passed on?

Your data will be processed mainly by our human resources department and the department manager of the position to be filled. In some cases, however, other internal and external bodies are also involved in the processing of your data.

Internal departments:

Legal and Compliance, if required

Companies in the Group:

Helsing GmbH
Helsing Germany GmbH
Helsing SAS
Helsing Ltd
Helsing LLC

External Services Providers:

Service provider of candidate management systems, such as Greenhouse
IT service providers (e.g. maintenance service providers, hosting service providers
Service Provider for data and file destruction

5 Will your data be transferred to countries outside the European Union (so-called third countries)?

Countries outside the European Union (and the European Economic Area “EEA”) handle the protection of personal data differently from countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.
We have therefore taken special measures to ensure that your data are processed in third countries as securely as within the European Union. We conclude the standard data protection clauses provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.
If you wish to review the existing warranties, you may contact Helsing’s DPO.

6 For how long do we store your data?

We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us is not concluded, we may also further store data, insofar as this is necessary to defend against possible legal claims. Your data will be regularly deleted within one year after the end of the application process.

If an employment relationship is not established, but you have given us your consent for the further storage of your data, we will store your data until your consent is revoked, but for a maximum of a further three years. On specific occasions, we may also store your data for longer periods for the purpose of defending us against possible legal claims.

7 What rights do you have in connection with the processing of your data?

Every data subject has the right of access under Article 15 GDPR, the right to rectification under Article 16 GDPR, the right to erasure under Article 17 GDPR, the right to restriction of processing under Article 18 GDPR, the right to object under Article 21 GDPR and the right to data portability under Article 20 GDPR. Certain other restrictions may apply in a country of your residence, such as restrictions according to §§ 34 and 35 BDSG that apply to the right of access and the right of erasure in Germany.

7.1 Right to object

Pursuant to Art. 21 para. 1 GDPR, you have the right to object at any time for reasons arising from your particular situation to the processing of your personal data on the basis of Art. 6 para.1 lit. e GDPR (data processing in the public interest) or Article 6 para. 1 lit. f GDPR (data processing to protect a legitimate interest). This also applies to profiling based on this provision.

In the event of your objection, we will no longer process your personal data unless we can prove compelling grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

You can revoke your consent to the processing of your personal data at any time. Please note that the revocation is only valid for data processing occurring in the future, i.e. it does not apply to data processing that has already occurred.

7.3 Right to information

You may request information as to whether we have stored personal data about you. If you wish, we will inform you of the data concerned, the purposes for which the data is processed, to whom this data is disclosed, how long the data is stored and what further rights you are entitled to with regard to this data.

7.4 Further rights

In addition, you have the right to have your data corrected or deleted. If there is no reason for further storage, we will delete your data, otherwise we will restrict processing. You may also request that we provide all personal information that you have provided to us in a structured, current and machine-readable format either to you or to a person or company of your choice.
In addition, there is a right to lodge a complaint to the responsible data protection supervisory authority.

7.5 Assertion of your rights

To exercise your rights, you can contact the controller or the data protection officer using the contact details above. We will process your enquiries immediately and in accordance with legal requirements and inform you of the measures we have taken.

8 Is there an obligation to provide your personal data?

There is no legal or contractual obligation to provide your personal data. However, providing your personal data is required to carry out the application process. This means, that if you do not provide this data, we will not be able to carry out the application process.

9 Changes to this information

If the purpose or manner of processing your personal data changes significantly, we will update this information and inform you about the changes.

10 Confidentiality regime

During our conversations, we may disclose, or may share with you in the future, information that may be highly confidential and of considerable value. The transfer of some or all of such information and/or disclosure thereof to any third party is liable to cause severe and irrevocable damage to Helsing. By agreeing to this policy you are undertaking to maintain the Confidential Information (as defined below) in strict confidentiality, all as detailed hereunder.

The term “Confidential Information” shall mean all information of confidential nature in any and all media disclosed by us to you. This shall include all information, analyses, compilations, studies, documents, books, papers, drawings, ideas, concepts, systems, processes, procedures, methods, models, sketches and all embodiments of any of the foregoing (whether communicated orally, in written form or stored in any other media) regarding Helsing or its shareholders, backers, affiliates. It also includes any information concerning our business activities and strategies, financial information, customer and supplier lists, intellectual property, technology, research, marketing information or plans and information regarding the Disclosing Party’s products and services. For the avoidance of doubt, Confidential Information shall include (i) any such information disclosed by the Disclosing Party to the Receiving Party during the preliminary meetings, and (ii) unless otherwise agreed in writing, the existence of the relationship, or the considerations thereof, between the parties hereto.

You undertake to maintain all Confidential Information in strict and absolute confidence and to refrain from any disclosure and/or publication and/or description and/or communication of the Confidential Information, in whole or in part, to any third party whatsoever. Furthermore, you shall at all times take the necessary precautions to keep the Confidential Information confidential, and such precautions shall in no event be less than those you utilise to protect your own confidential information.