Data privacy information for applicant

Information on data protection related to the processing of applicant data pursuant to articles 13, 14, and 21 of the General Data Protection Regulation (GDPR)


1. Controller of data processing and contact details

Controller in terms of the data privacy laws is:

Paian IT Solutions GmbH
Human Resources Department
August-Bebel-Str. 41
D-04275 Leipzig
Phone: +49 (0)341 918 777 33

2. Purpose and legal foundation of data processing

We process personal data in compliance with the provisions as specified in the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and all other applicable data privacy regulations, details as follow. The relevant contract documents, forms, the declaration of consent, and other provided documents contain further details and additional information.

2.1 Purposes to perform a contract or in order to take steps prior to entering into a contract (art. 6 sec. 1 b GDPR)

We process your personal data in order to handle your application for a specific job or your unsolicited application and in this connection specifically for the following purposes: check and assessment of your aptitude for the job to occupy, performance and behavioral evaluation to the extent permitted by law, if necessary to register and authenticate the application via our website, if applicable to prepare the employment contract, traceability of transactions, orders, and other agreements as well as for quality control by means of the corresponding documentation, measures to comply with the general obligation to exercise due care, statistical analyses for business control, travel and event management, booking of business trips and travel expense accounting, authorization and ID card administration, cost accounting and controlling, reporting, internal and external communication, invoicing and tax purpose of company benefits (e.g. canteen), business credit card statements, occupational health and safety, contract-related communication (including appointments), assertion of legal claims and defense in case of legal disputes; ensuring the IT security (system and plausibility checks and more) and the general safety, including building and premises security, ensuring and exercising property rights by taking the appropriate measures, e.g., if necessary, CCTV to protect third-parties and our employees and to prevent criminal acts and produce evidence in case of criminal acts; ensuring the integrity, prevention and solution of crimes; authenticity and availability of the data, inspection by supervisory bodies or authorities (e.g. audits).

2.2 Purposes of the legitimate interests pursued by the controller or by a third party (art. 6 sec. 1 f GDPR)

Beyond the actual performance of the (pre-) contract, we process your data, if necessary, to protect legitimate interests pursued by us or a third party. Your data will be processed only and to the extent as there are no overriding interests of yours available that prevent such processing in particular for purposes as follow: measures to develop existing systems, processes, and services; matching with European and international anti-terror lists if exceeding the legal obligations; accumulation of our data, e.g. by using or researching publicly accessible data to the necessary extent; benchmarking; development of scoring systems or automated decision processes; building and premises security (e.g. by access control and CCTV) to the extent exceeding the general obligation to exercise due care; internal and external inspections, security checks.

4.3 Purposes you gave your consent to (art. 6 sec. 1 a GDPR)

Processing of your data for specific purposes (e.g. obtaining references from previous employers) will be performed only if you have given consent to such processing. In general, you have the right to withdraw your consent at any time. You will be informed separately in the respective section of the declaration of consent on the purpose and the consequences of a withdrawal or refusal to give consent. The general rule is that the withdrawal of consent takes effect only for the future. Processing that has been done prior to the withdrawal shall not be affected by the withdrawal and remain lawful.

4.4 Purposes to comply with legal obligations (art. 6 sec. 1 c GDPR) or to perform a task carried out in the public interest (art. 6 sec. 1 e GDPR)

As any party involved in the economic process, we too are subject to a multitude of statutory duties. These are primarily legal requirements (e.g. German Works Constitution Act, German Code of Social Law, commercial and fiscal laws), but also, if applicable, supervisory or other official regulations (e.g. German Social Accident Insurance Institution). The purposes of data processing include, where applicable, identification and age control, the prevention of fraud and money laundering (e.g. matching with European and international anti-terror lists), company health management, ensuring the occupational safety, the compliance with obligations to inspect and report required by fiscal law as well as archiving data for data protection and data security purposes and for the purpose of assessment by tax accountants/auditors, tax and other authorities. Furthermore, the disclosure of personal data may become required in connection with official/court-ordered measures for the purpose of taking evidence, criminal prosecution, or enforcement of claims under civil law.

3. Processed data categories, as far as we do not receive data directly from you, and their origin

If required for the contractual relationship with you and the application you have submitted, we process data we received from other sources or other third parties where appropriate. Furthermore, we process personal data obtained, received, or acquired in a permissible manner from publicly accessible sources (e.g. register of companies and register of associations, register of residents, press, internet, and other media) to the extent necessary and permitted by law.

Relevant personal data categories may specifically be the following, if applicable:

  • Address and contact details (reporting data and similar, e.g. e-mail address and telephone number)

  • Information about you published on the internet and in social networks

4. Recipients or categories of recipients of personal data

Within our company, those in-house departments and organizational units will receive your data that need them to exercise our contractual and legal duties (e.g. executives and divisional managers looking for employees or involved in the decision on staffing, accounting, company medical officer, occupational safety, if applicable employee representatives, etc.) or within the bounds of handling and implementing our legitimate interests. Your personal data will be transferred to third parties exclusively

  • Under circumstances, which obligate or entitle us to disclose, report, or forward data in order to comply with legal requirements (e.g. fiscal authorities) or in which the transfer of personal data is for the public benefit (see section 2.4);

  • If external service providers process data by our order as data processors or parties that perform functions (e.g. credit institutions, external data processing centers, travel agencies/travel management, print shops, or data disposal companies, courier services, post office, logistics);

  • On the grounds of our legitimate interests or the legitimate interests of third parties for purposes as specified in section 2.2 (e.g. to authorities, credit agencies, attorneys-at-law, courts, consultants, affiliated companies and bodies as well as supervisory authorities);

  • When you gave us your consent to transfer the data to third parties.

We will not transfer your data to any third party unless we notify you in this regard. If we assign service providers as data processors, your data will be subject to the security standards specified by us in order to protect your data appropriately. In any other cases, recipients are permitted to use the data only for the purposes for which the data were provided to them.

5. Storage time of personal data

We process and store your data in general for the duration of the application process, including the preparation to conclude a contract (pre-contractual legal relationship).

Furthermore, we are subject to various storage and documentation duties as specified e.g. in the German Commercial Code (HGB) and the German Fiscal Code (AO) as well as other regulations. The specified periods of storage and documentation are up to ten years beyond the end of the contractual or pre-contractual relationship. When we do not employ you, we will return your original application documents after six months. Electronic data will be erased accordingly after six months.

If the data are not required anymore to perform contractual or legal duties or rights, they will be erased on a regular basis, unless their - temporary - further processing is required in the legitimate interests of our company to pursue the purposes defined in section 2.2. Such an overriding legitimate interest is available e.g., if the erasure is impossible or can be realized only with unreasonable effort due to the special kind of storage. In such cases, we are entitled to store and possibly make use of your data to a limited extent for a period agreed along with the purposes beyond the end of our contractual relationship. In general, in such cases, the erasure of the data is superseded by a restriction of the processing. In other words, the data will be disabled for the otherwise utilization as usual by means of appropriate measures.

6. Processing of personal data in a third-party country or by an international organization

Your data will be transferred to recipients in non-member states of the EU/EEA (so-called third countries, if required to comply with a contractual obligation owed to you (e.g. application for a job abroad) or within the scope of a legitimate interest of our company or a third party or if you gave us your consent.

The processing of your data in a third country may also take place in connection with the assignment of service providers as data processors. If there is no resolution available by the European Commission concerning an appropriate data privacy level in the respective country, we will ensure by corresponding agreements in compliance with the EU data privacy regulations that your rights and freedoms are adequately protected and guaranteed. Information on the suitable or adequate guarantees and if and where to obtain a copy of such guarantees are available on request from our company data protection officer or the competent human resources department.

7. Your data privacy rights

Under certain conditions, you are entitled to assert your data privacy rights against us.

Every data subject has the right to information pursuant to art. 15 GDPR, the right to rectification pursuant to art. 16 GDPR, the right to erasure pursuant to art. 17 GDPR, the right to restriction of the processing pursuant to art. 18 GDPR, and the right to data portability pursuant to art. 20 GDPR. For the right to information and the right to erasure, the restrictions pursuant to §§ 34 and 35 BDSG shall apply. Furthermore, you have the right to lodge a complaint with a supervisory authority (art. 77 GDPR in connection with § 19 BDSG).

You should file your request to exercise your rights in writing with the address as given above, if possible.

8. Scope of your obligation to provide us with your data

You are required to provide only data that are necessary to process your application or to handle a pre-contractual relationship, or that we are legally obligated to collect. Without such data we will generally not be able to continue the application and selection process. If we request further information from you, you will be notified separately that such information is voluntary.

9. Automated decision-making in individual cases (including profiling)

We do not apply any purely automated decision-making procedures pursuant to article 22 GDPR. If we do, however, apply such a procedure in individual cases in the future, we will notify you separately, if we are required by law to do so.

Information on your right to object pursuant to art. 21 GDPR


  1. You have the right to file an objection at any time against the processing of your data carried out on the basis of art. 6 sec. 1 f GDPR (data processing on the basis of assessment of interests) or art. 6 sec. 1 e GDPR (data processing in the public interest). The precondition for this, however, is that there are grounds available for your objection arising from your special personal situation. This shall apply also to profiling based on this provision in terms of art. 4 clause 4 GDPR.

    If you file an objection, we will discontinue the processing of your personal data unless we can demonstrate imperative reasons requiring protection for the processing that override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising, or defending legal claims.

    You may, of course, withdraw your application at any time.

  2. We do not intend to use your personal data for purposes of direct marketing. Nevertheless, we are required to inform you that you have the right to file an objection to advertising at any time; this applies also to profiling if connected with such direct advertising. We will allow for this objection with effect for the future.

The objection should be filed in writing with:

Paian IT Solutions GmbH
August-Bebel-Str. 41
D-04275 Leipzig

Our data privacy information related to our data processing pursuant to articles 13, 14, and 21 GDPR may be amended from time to time. We will publish the amendments on this site. Previous versions will be available on request from the controller as specified by the data protection regulations.