Applicant's Data Privacy

In the following, we would like to inform you about the processing of the personal data you have provided as part of the application process and which we process, and your rights in this regard. To ensure that you are fully informed about the processing of your personal data in the application process, please read the information below.

Personal data is data that is related to your person or that can be traced back to your person (e.g. your name, date of birth, mobile phone number or application documents). In the following, we will use the abbreviated term "data". This always refers to personal data. In the following, "processing of data" means any collection, storage or other use of data.

Contents

1. Contact details of the Controller and Data Protection Officer

2. Data processing during the application procedure

3. Recipients of your personal data

4. Data sources

5. Transfer to third countries

6. Duration of data storage

7. Your rights

8. Necessity of the provision of personal data

9. Automated decision-making

10. Data Security

11. Changes to the data protection notice

1. Contact details of the Controller and Data Protection Officer

Responsible for the collection of your personal data during the application process is:

Tilta Fintech GmbH
Linienstraße 222
10119 Berlin
E-Mail: privacy[at]tilta.io

Please direct any questions regarding data protection to our data protection team using the contact details above.

We expressly point out that if you use this e-mail address, the contents will not be exclusively taken note of by our data protection officer. If you wish to share confidential information, please therefore first contact us directly via this e-mail address.

2.     Data processing during the application procedure 

We process your personal data in accordance with the provisions of the European General Data Protection Regulation (GDPR) and the German Data Protection Act (BDSG), insofar as this is necessary for the decision to establish an employment relationship with us.

We will therefore use your applicant data (usually name, date of birth, gender, location/address, telephone number, email address, information on your qualifications (CV, Cover letter etc.), professional experience and training and, if applicable, matriculation documents, visa/pass/residence documents and a photograph and internal records from job interviews conducted with you) only for the purpose of processing your application. The legal basis for this data processing is Art. 6(1)(b) GDPR, Art. 88 GDPR and Sec. 26(1) BDSG.

If you also give us your explicit consent to process personal data for specific purposes, the legal basis for this processing is your consent in accordance with Art. 6 (1)(a) GDPR. Consent given can be withdrawn at any time with effect for the future (see section 6 of this data protection information). The lawfulness of the processing up to the time of the withdrawal is not affected by this. If an employment relationship is established between you and us, we may, in accordance with Article 88 of the GDPR in conjunction with Sec. 26 (1) BDSG, further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the performance or termination of the employment relationship.

Insofar as the data is so-called special categories of personal data, such as data on your health that you yourself provide to us (for example, information on a severely disabled status), the legal basis for the processing is Art. 88 GDPR, Sec. 26 (3) BDSG.

Furthermore, we may process your personal data if this is necessary for the fulfilment of legal obligations (Art. 6 (1)(c) GDPR) to which we are subject. Processing is also possible for the assertion, exercise or defence of legal claims on the basis of our legitimate interests according to Art. 6 (1)(f) GDPR. The legitimate interest lies, for example, in the provision of evidence in legal proceedings (e.g. under the General Equal Treatment Act). 

3.     Recipients of your personal data

In general, only those employees of our company have access to your personal data who need to view it as part of the application process, i.e. in particular the HR department and the relevant departments, who also help decide on your recruitment and therefore need to view your data.

In certain cases, we may need to share some of your data that we process as part of the application process with parties and persons outside our company. A transfer may take place to the following groups of recipients, for example:

• Service providers who process personal data (so-called processors)

• If applicable, lawyers who work for us

If we are legally obliged to pass on your data or if your data is required for the work of lawyers, personnel consultants and recruiters working for us, we will pass on your data to them to the extent necessary.

If service providers acting on our behalf process data for us, we conclude so-called data processing agreements with them, by which we oblige the service providers to process the data carefully and only in accordance with our instructions. These service providers are carefully selected and monitored by us.

We use the software Personio (Personio GmbH, Rundfunkplatz 4, 80335 Munich) for personnel management. Personio processes personal data of employees and applicants as a processor in order to provide the service used by us. We have concluded a data processing agreement with Personio. Your data is stored and transmitted by Personio in encrypted form in Germany or the European Union.

4. Data sources

If we do not receive your application data directly from you, it may also be provided by recruiters. Such disclosure of data will only take place if you have expressed your interest in the working relationship and the processing is necessary for the decision to hire you in accordance with Art. 88 GDPR, Section 26 (1) of the German Federal Data Protection Act (BDSG).

5. Transfer to third countries

For the processing of data, services may be used whose providers are partly located in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not equal that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include, among others, the standard contractual clauses of the European Union or binding internal data protection regulations.

6. Duration of data storage

We store your personal data as long as this is necessary for the decision on your application. We store your personal data as long as this is necessary for the decision on your application. In the event of a rejection, your personal data or application documents will be deleted a maximum of 90 days after notification of the rejection decision, unless longer storage is legally required or permitted.

We store your personal data beyond this only to the extent that this is required by law or in the specific case for the assertion, exercise or defence of legal claims for the duration of a legal dispute.

If an employment relationship, apprenticeship or trainee relationship is established following the application process, your data will initially continue to be stored insofar as this is necessary and permissible and will then be transferred to the personnel file.

7. Your rights

You can exercise your rights as a data subject regarding your processed personal data at any time by contacting us using the contact details provided above (section 1). As a data subject, you have the right to

• to request information about your data processed by us in accordance with Art. 15 GDPR;

• in accordance with Art. 16 GDPR, to request without delay the rectification of inaccurate or the completion of your data stored by us; 

• in accordance with Art. 17 GDPR, to request the deletion of your data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims;

• in accordance with Art. 18 GDPR, to request the restriction of the processing of your data, insofar as the accuracy of the data is disputed by you or the processing is unlawful;

• pursuant to Art. 20 GDPR, to receive your data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller ("data portability");

• complain to a data protection supervisory authority about the processing of your personal data in our company in accordance with Art. 77 GDPR, such as the data protection supervisory authority responsible for us: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Alt-Moabit 59-61, 10555 Berlin.

• you can withdraw your consent given to us at any time with effect for the future.

You have the right to object to the processing of your personal data under the requirements of Article 21 GDPR. To exercise these rights, you can contact us using the contact details provided in section 1.

8. Necessity of the provision of personal data

The provision of personal data within the scope of application processes is neither legally nor contractually required. You are therefore not obliged to provide us with your personal data. However, please note that this is necessary for the decision on an application or the conclusion of a contract in relation to an employment relationship with us. If you do not provide us with personal data, we will not be able to make a decision on the establishment of an employment relationship. We recommend that you only provide personal data in your application that is required to complete the application.

9. Automated decision-making

We do not process personal data collected as part of the application process as part of automated decision-making (including profiling). 

10. Data Security

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining access to it. These are adapted to the current state of the art.

11. Changes to the data protection notice

In the context of the further development of data protection law as well as technological or organisational changes, we sometimes change our data protection information.