This data protection notice informs you about the processing of your personal data (hereinafter: data) in the application process.
The controller for data processing within the meaning of the GDPR and other data protection regulations is:
CISPA - Helmholtz Centre for Information Security gGmbH
Tel.:+ 49681 87083 1001
Fax: + 49 681 87083 8801
CISPA is represented by the managing directors Prof. Dr. Dr. h. c. Michael Backes and Dr. Kevin Streit.
Data Protection Officer:
You can reach our data protection officer at: firstname.lastname@example.org
If you have any questions about data protection, you can also contact our data protection department at : email@example.com
The following categories of data may be subject to processing: contact data, application documents, master data, qualifications, health data.
We process the data you have provided only for the purpose of and within the scope of the application process. We process the data you have sent us in connection with your application in order to assess your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application process. This may include, among other things, arranging appointments for job interviews, pre-contractual measures as well as the decision on the establishment of an employment relationship.
The processing of your data is carried out for the fulfillment of necessary pre-contractual measures in the context of the application procedure within the meaning of Art. 6 (1) lit. b. GDPR, to fulfill a legal obligation of the controller according to Art. 6 (1) lit. c GDPR, to achieve the data processing necessary for the legitimate interest of the controller/ a third party, unless interests, fundamental rights and freedoms of you, which require the protection of personal data, prevail according to Art. 6 (1) lit. f GDPR.
The legitimate interest in this case is the data backup and data archiving as technical-organizational measures for the purpose of ensuring data availability, resilience and recoverability pursuant to Art. 32 (1) lit. b, c GDPR.
Processing for the purpose of deciding on the establishment of an employment relationship takes place within the meaning of Section 26 (1) sentence 1 BDSG. The provision of data is necessary for the course of the application procedure of the controller.
Insofar as special categories of personal data within the meaning of Art. 9 (1) GDPR are voluntarily communicated within the scope of the application procedure, their processing shall additionally be carried out in accordance with Art. 9 (2) lit. a GDPR (e.g., health data, such as severely disabled status.
With the help of our online application portal, you can apply directly for advertised positions. For this purpose, a corresponding registration is required.
You can submit your application using an online form on our website or our online application portal. The data is transmitted to us in encrypted form in accordance with a state-of-the-art encryption method.
In the event of a successful application, the data you provide will be further processed by us for the purposes of forming the employment relationship. Otherwise, if the application for a job offer is not successful, your data will be deleted. Your data will also be deleted if an application is withdrawn.
Subject to a justified revocation or objection, the data will be deleted after a period of six months after the position has been filled (completion of the application process) so that we can answer any follow-up questions about the application and meet our obligations to provide evidence under the General Equal Treatment Act (AGG). Invoices for any travel expense reimbursements are archived in accordance with tax law requirements.
After receiving your application, your data will be reviewed by our onboarding department. Suitable applications are forwarded internally to the department managers for the respective open position.
Recipients outside CISPA:
If you apply for a so-called preparatory or dissertation phase, your data will be forwarded to the Saarland University (UdS) within the framework of the cooperation between CISPA and UdS, insofar as this is necessary for recruitment via the so-called Graduate School of the UdS, or insofar as professors of the UdS participate in committees for recruitment. In this context, the Graduate School of the UdS acts as a distinct controller in the sense of data protection law. In principle, only those persons have access to your data who require the access for the proper course of our application procedure.
External reviewers and evaluators
E.g., in the Stanford program and faculty hiring process.
Our online application portal is operated by OpenCampus GmbH as a cloud service. A contract for order processing in accordance with Art. 28 GDPR has been concluded with this service provider.
As a rule, no data processing takes place outside the European Union.
If we transfer your data outside the EU/EEA (e.g., to external reviewers as part of the Stanford Program), the processing will only take place to the extent that the third country has been confirmed by the EU Commission to have an adequate level of data protection, consent has been obtained, or other appropriate data protection safeguards are in place.
You have the following rights with respect to the processing of your data by CISPA:
Unabhängiges Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Telefon: (0681) 94781-0
Telefax: (0681) 94781-29
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation.
If you wish to exercise your data protection rights, you can also contact our data protection staff unit by e-mail at datenschutz@cispa. de or our data protection officer at firstname.lastname@example.org.
Due to the further development of our website and offers on it or due to changed legal or official requirements, it may become necessary to change this data protection notice.