Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Data protection information for applicants

Information on data protection regarding our processing of applicants' data under Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR)

 
1. Office responsible for data processing and contact data

responsible office in the meaning of data protection law

GESIS – Leibniz Institute for the Social Sciences

Team Human Resources

Unter Sachsenhausen 6-8

50667 Cologne

Telephone: 0221 476940

Email address: personal-koeln@gesis.org

Team Human Resources

B6, 4-5

68199 Mannheim

Telephone: 0621 12460

Email Address: personal-mannheim@gesis.org


Contact data of our data protection officer:

HEC Harald Eul Consulting GmbH

Data Protection Officer GESIS

Auf der Höhe 34

D-50321 Brühl

Email address: Datenschutz-GESIS@he-c.de
2. Purposes and legal foundations upon which we process your data 
We process personal data in accordance with the stipulations of the General Data Protection Regulation (GDPR), the German Federal Data Protection Act (Bundesdatenschutzgesetz - BDSG) and other applicable data protection provisions. Details are provided in the following. You will find further or additional details regarding the purposes of data processing in the respective contractual documents, forms, a declaration of consent, and other information made available to you.


 2.1 Purposes pursuant to fulfilment of an agreement or pre-contractual measures (point (b) of Article 6(1) GDPR)

Personal data is processed in order to establish your application for a specific job advertisement or as an unsolicited application, in particular, for the following purposes. Checking and assessing your suitability for the position to be filled, performance and behavioural evaluation to the extent allowed by law if necessary for registration and authentication for application via our website, if necessary for drawing up the employment contract, traceability of transactions, orders and other covenants and agreements as well as for quality control through appropriate documentation, measures to fulfil general diligence obligations, statistical assessments pursuant to company steering; travel and event management, travel reservation and travel cost settlement, authorisation and identification administration, cost recording and controlling, reporting system, internal and external communication, accounting and tax assessment of company benefits (e.g. canteen meals), settlement of company credit card, occupational health and safety, contract-related communication (including appointments) with you, assertion of legal claims and defence in the event of legal disputes; ensuring IT security (inter alia system and plausibility tests) and general security, inter alia building and plant security, ensuring respect for company rules by means of appropriate measures, including if applicable video monitoring to protect third parties and our staff or to prevent criminal acts and to secure evidence in the event of criminal acts being committed; ensuring integrity, preventing and uncovering criminal acts; authenticity and availability of data, controls by supervisory bodies and control instances (e.g. auditing).



 2.2 Purposes within the framework of a legitimate interest on our part or of third parties (point (f) of Article 6(1) GDPR)

Above and beyond the actual fulfilment of the (pre-)agreement, we process your data whenever this is necessary to protect legitimate interests of our own or of third parties. Your data shall only be processed to the extent that you do not have any overriding interests against such processing such as in particular for the following purposes: implementation of equality standards (GESIS – Leibniz Institute for the Social Sciences is an internationally active research institute, funded by federal and state governments and member of the Leibniz Association. The implementation of equality standards is a prerequisite for funding. GESIS is obligated to implement the AV-Glei and observe with the Horizon Europe Guidance on Gender Equality Plans. For this purpose, GESIS also collects the applications received according to gender and reports them anonymously in the equality plan. The equal opportunities officer requires the gender information in order to be able to monitor application and recruitment procedures with regard to equality aspects in a legally compliant manner.); statistical assessments pursuant to company steering; measures intended to further develop existing systems, processes and services; possibly training and (further) development of AI applications; comparisons with European and international anti-terrorism lists and other fraud or misuse prevention measures to the extent such go above and beyond statutory obligations; enrichment of our data, inter alia through usage or research of publicly available data to the extent such is required; benchmarking and other comparison and selection methods, possibly using artificial intelligence (AI); development of scoring systems or automated decision-making processes; building and plant security (e.g. through access controls and video monitoring) to the extent such go above general diligence obligations; internal and external investigations, safety tests.


 2.3 Purposes within the framework of your consent (point (a) of Article 6(1) GDPR)                                        

Your personal data can also be processed for certain purposes (e.g. obtaining references from previous employers or using your data for subsequent vacancies/maintaining a talent pool) including as a result of your consent. As a rule, you can revoke this consent at any time. You shall be separately informed about the consequences of revocation or refusal to provide consent in the respective text of the consent. 
Generally speaking, revocation of consent only applies to the future. Processing that takes place prior to consent being issued is not affected by such and remains lawful.
 

 2.4 Purposes relating to adherence to statutory requirements (point (c) of Article 6(1) GDPR) or in the public interest (point (e) of Article 6(1) GDPR)

Just like any actor which takes part in business life, we are also subject to a large number of legal obligations. These are primarily statutory requirements (e.g. the German Works Constitution Act (Betriebsverfassungsgesetz), the German Social Code, commercial and tax laws), but also if applicable supervisory law or other requirements set out by government authorities (e.g. employer's liability insurance association). The purposes of processing may also include identity and age checks, prevention of fraud and money laundering (e.g. comparisons with European and international anti-terrorism lists), company health management, ensuring occupational health and safety, compliance with control and notification obligations under tax law as well as the archiving of data for the purposes of data protection and data security as well as for purposes of audits by tax advisors/auditors, fiscal and other government authorities. In addition, it may be necessary to disclose personal data within the framework of official government/court measures for the purposes of collecting evidence, law enforcement and criminal prosecution or the satisfaction of civil law claims.



3. The categories of data that we process as long as we do not receive data directly from you, and its origin
If necessary for the contractual relationship with you and your pronounced application, we may process data which we lawfully receive from other offices or other third parties. In addition, we process personal data that we have lawfully collected, received or acquired from publicly accessible sources (such as, for example, commercial registers and association registers, civil registers, the press, Internet and other media) if such is necessary and we are allowed to process this data in accordance with statutory provisions.


Relevant personal data categories may in particular be:

  • Address and contact data (notification and comparable data such as, for example, email address and telephone number)

  •  Information about you on the Internet or social medias

  • Video data



4. Recipients or categories of recipients of your data
At our company, your data is received by those internal offices or organisational units that need such to fulfil our contractual and statutory obligations (such as, executives and line managers who are looking for a new employee or who are involved in the decision on filling a vacancy, accounting, the company doctor, occupational health and safety, if applicable employee representatives, etc.) or that require such data within the framework of processing and implementing our legitimate interests. Your data is disclosed/passed on to external offices and persons solely

 


  • to process your application in response to a specific job advertisement or as an unsolicited application to employees of institutions (e.g., universities), insofar as they participate in or support the decision on filling the position (see No. 2.1);

  • for purposes where we are obligated or entitled to give information, notification or forward data (e.g. employer's liability insurance association, health insurance schemes, fiscal authorities) in order to meet statutory requirements or where the forwarding of data is in the public interest (see No. 2.4);

  • to the extent that external service provider companies commissioned by us process data as contract processors or parties that assume certain functions (e.g. credit institutes, external research centres, travel agencies/travel management, printers or companies that perform data disposal, courier services, postal service, logistics);

  • as a result of our legitimate interest or the legitimate interest of the third party within the framework of the purposes cited under No. 2.2 (e.g. to government authorities, credit agencies, attorneys, courts of law, appraisers, companies belonging to company groups and bodies and control instances)

  • if you have given us consent to transmit data to third parties.


    We shall moreover refrain from transmitting your data to third parties if we have not informed you of such separately. If we commission service providers within the framework of processing an order, your data will be subject there to the security standards stipulated by us in order to adequately protect your data. In all other cases, recipients may only use the data for purposes for which the data has been sent to them.


5. Length of time your data is stored 
In principle, we process and store your data for the period of your application. This also includes the initiation of a contractual agreement (pre-contractual legal relationship).

Above and beyond this, we are subject to various retention and documentation obligations that emanate inter alia from the German Commercial Code (HGB) and the German Tax Code (AO). The periods and deadlines for retention and/or documentation stipulated therein are up to ten years beyond the end of the contractual relationship or the pre-contractual legal relationship. If you are not hired, your original application documents will be destroyed after 180 days. Electronic data will be anonymized after 180 days accordingly. If we want to store your data longer for later vacancies or if you have entered your data in an applicant tool, the data will be deleted at a later date; Details will be provided in connection with the respective process.

If the data is no longer required to meet contractual or statutory obligations and rights, it is regularly deleted unless its further processing - for a limited period - is necessary to fulfil the purposes listed under No. 2.2 due to an overriding legitimate interest on the part of our company. Such an overriding legitimate interest is deemed to be the case, for example, if it is not possible to delete the data as a result of the special type of storage or such is only possible at an unreasonably great expense. In these cases, we can also store your data and if applicable use it on a limited scale once the contractual relationship is over for a period of time that is compatible with the purposes. Generally speaking, deletion shall in such cases be replaced by a limitation on the processing. In other words, the data shall be blocked against the otherwise usual use by appropriate measures.



6. Processing of your data in a third country or through an international organisation 
Data is transmitted to offices in countries outside the European Economic Area EU/EEA (so-called third states) whenever such is necessary to meet a contractual obligation towards you (e.g. application for a job in another country), such is in the legitimate interest of us or a third party or you have issued us your consent to such.
At the same time, your data may be processed in a third country including in connection with the involvement of service providers within the framework of the processing of the order. If no decision has been issued by the EU Commission regarding the ensurance of an adequate level of data protection for the respective country or for one or more specific sectors within a third country, appropriate contracts (such as EU standard contracts) and additional measures may be used as a basis for the transfer. Information on the appropriate or adequate safeguards and on the possibility of obtaining a copy from you can be requested from the company data protection officer.



7. Your data protection rights 
If certain conditions are met, you can assert your data protection rights against us

  • Everybody has the right to receive information on his data stored in accordance with the rules of Article 15 GDPR, the right of correction with the rules of Article 16 GDPR, the right of deletion with the rules of Article 17 GDPR, the right of restriction with the rules of Article 18 GDPR, the right of data portability with the rules of Article 20 GDPR. According to the right of deletion and the right of information the restrictions laid down in Sections 34 and 35 of the German Federal Data Protection Act (BDSG) come into force.

  • You furthermore are entitled to file a complaint with a data protection supervisory authority (Article 77 GDPR together with Section 19 BDSG)

Whenever possible, your applications for the exercise of your rights should be sent in writing to the address stated above or addressed directly to our data-protection officer.


8. Scope of your obligations to provide us your data
You only need to provide data that is necessary for processing your application or for a pre-contractual relationship with us or the collection of which we are required by law. Without this data, we are generally not able to continue the job application process or the selection procedure. If we request data from you above and beyond this, you shall be informed about the voluntary nature of the information separately.

9. Presence of an automated decision made in individual cases (including profiling)
We do not use any purely automated decision-making procedure as set out in Article 22 GDPR. If we do institute such a procedure in individual cases in the future, we shall inform you pursuant hereto separately if this is required by law.



Information on your right of objection under Article 21 GDPR
1. You have the right to file an objection at any time against processing of your data which is performed on the basis of point (f) of Article 6(1) GDPR (data processing on the basis of a weighing out of interests) or point (e) of Article 6(1) GDPR (data processing in the public interest). The precondition for this, however, is that there are grounds for your objection emanating from your special personal situation. This also applies to profiling that is based on this purpose in the meaning of Article 4 No. 4 GDPR.

If you file an objection, we shall no longer process your personal data unless we can demonstrate compelling reasons warranting protection for the processing that outweigh your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.

You can, of course, withdraw your application at any time.


2. We will not use your personal data in order to perform direct advertising. Beside this we have to inform you that you have the right to file an objection to such at any time. This also applies to the profiling to the extent that it is connected with such direct advertising. We shall respect this objection with effect into the future.


The objection can be filed without adhering to any form requirements and should if possible be sent to


GESIS – Leibniz Institute for the Social Sciences

Team Human Resources

B6, 4-5

68159 Mannheim

Email address: personal-mannheim@gesis.org


Our data protection information on our data processing in accordance with Articles 13, 14 and 21 GDPR may change from time to time.


Data protection information for applicants dated 05.05.2026, Version Nr. 2.0

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.