Skip to main content

Processing of (personal) data by the entity in charge of the online application process

General

We provide you with this privacy policy, which relates exclusively to the data collected in the course of the online application process, in order to inform you about how we handle your personal data collected during the application process.

Controller

The controller within the meaning of data protection law is:
The Jodel Venture GmbH
Wilhelmstraße 118
10963 Berlin

Entry in the commercial register
Registration number: 157037 B
Registration court: Berlin

Data Protection Officer:
Proliance GmbH
www.proliance.ai
Leopoldstr. 21
80802 Munich
datenschutzbeauftragter@proliance.ai

A. Data Processing in the Application Process

1. Description of Data Processing and Purpose

We process your personal data to the extent necessary to decide whether to enter into an employment relationship with us.

If you apply to us by email or via the online form, we process your personal data solely for the purpose of conducting the application process and carrying out pre-contractual measures. By submitting your application, you indicate your interest in a possible employment relationship.

We only process data that is related to your application. This includes in particular your basic personal data (e.g. name, contact details), information on education and professional qualifications, information on further training, and other data that you voluntarily provide us with as part of your application.

You also have the option of uploading meaningful documents such as a cover letter, your CV, and certificates. These may contain further personal data such as date of birth, address, etc.

Only authorised employees from the HR department or employees involved in the application process have access to your data.

The storage of personal data is generally carried out exclusively for the purpose of filling the vacant position for which you have applied.

If an employment relationship is established between you and us, we may continue to process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation under a law, collective agreement, or works or service agreement (collective agreement).

2. Legal Basis for Data Processing

The legal basis for data processing is Art. 88 GDPR in conjunction with § 26 para. 1 BDSG, or Art. 6 para. 1 sentence 1 lit. b GDPR for the purposes of the employment relationship, if this is necessary for the decision to establish an employment relationship.

If you give us your explicit consent to the processing of personal data for specific purposes, the lawfulness of this processing is based on your consent pursuant to § 26 para. 2 BDSG, insofar as German law applies, or pursuant to Art. 6 para. 1 lit. a GDPR. Consent that has been given may be revoked at any time with effect for the future.

The legal basis for further processing for the purpose of establishing or terminating the employment relationship is Art. 88 GDPR in conjunction with § 26 para. 1 BDSG, insofar as German law applies, or Art. 6 para. 1 lit. b GDPR.

3. Recipients

In the context of data processing, your data is transmitted to the following categories of recipients that we use in connection with data processing to achieve the purposes mentioned above:

Service providers that provide us with personnel or applicant management systems and software.

Service providers that support us with data processing in the area of Human Resources.

Software service providers that provide us with solutions for internal and external communication, for the creation and processing of documents, and for the management of databases.

IT support and administration service providers.

These are in particular the following recipients:
Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany,
Docusign Germany GmbH, Mies-van-der-Rohe-Straße 6, 80807 Munich, Germany,
Slack Technologies Limited, Salesforce Tower 60 R801, North Dock, Dublin, Ireland,
Slack Technologies LLC, a Salesforce company, 415 Mission St, 3rd Floor, San Francisco, CA 94105, USA,
Notion Labs Inc., 548 Market Street Suite, 74567 San Francisco, CA 94104, USA,
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

4. Storage Period

We store your personal data only for as long as is necessary to reach a decision on your application. After the conclusion of the application process – for example in the event of a rejection – your personal data and application documents will be deleted no later than 6 months after that point, unless longer statutory retention periods apply or further storage is necessary for the assertion, exercise, or defence of legal claims.

If the application process results in an employment, training, or internship relationship, the data collected in the course of the application process will – to the extent necessary and permissible – continue to be stored and transferred to the personnel file.

B. Storage of Applicant Data in the Talent Pool

1. Description of Data Processing and Purpose

If you give us your explicit consent to the processing of your data, we store your application beyond a specific ongoing or completed application process in order to consider you for future application processes for other open positions in the so-called talent pool.

The purpose of the data processing is to be able to consider applicants for other potentially suitable positions for which they have not directly applied.

2. Legal Basis for Data Processing

The data processing is carried out pursuant to § 26 para. 2 BDSG, Art. 6 para. 1 lit. a GDPR on the basis of your consent. If you specify special categories of personal data within the meaning of Art. 9 GDPR in your cover letter or other documents provided by you (e.g. a photograph that reveals your ethnic origin, information about a severe disability, etc.), the consent pursuant to Art. 9 para. 2 GDPR expressly also applies to this data.

Your consent is voluntary and may be revoked at any time with effect for the future. To exercise your right of revocation, please contact us using the contact details provided above under "Controller".

3. Recipients

In the context of data processing, your data is transmitted to the following categories of recipients or recipients that we use in the context of data processing to achieve the purposes mentioned above:

Service providers that provide us with personnel or applicant management systems and software

Service providers that support us with data processing in the area of Human Resources

Software service providers that provide us with solutions for internal and external communication, for the creation and processing of documents, and for the management of databases

IT support and administration service providers.

These are in particular the following recipients:Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany,
Docusign Germany GmbH, Mies-van-der-Rohe-Straße 6, 80807 Munich, Germany,
Slack Technologies Limited, Salesforce Tower 60 R801, North Dock, Dublin, Ireland,
Slack Technologies LLC, a Salesforce company, 415 Mission St, 3rd Floor, San Francisco, CA 94105, USA,
Notion Labs Inc., 548 Market Street Suite, 74567 San Francisco, CA 94104, USA,
Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland,
Google LLC, 1600 Amphitheatre Parkway, Mountain View, California 94043, USA.

4. Storage Period

We process the collected data for a period of 12 months. After that, we delete your data from our operational systems, unless the data processing is still permissible for another purpose mentioned in this statement and on a corresponding legal basis.

C. Processing of Applicant Data on Our Careers Website

Our careers website is provided by the provider of our HR software. For further information on the independent data processing by the operator of our recruiting page, please refer to the section below "Processing of (personal) data by the operator of the recruiting page".

D. Data Processing in Third Countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission pursuant to Art. 45 para. 1 GDPR may exist. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be found at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or subject to the existence of further conditions.

For example, the adequacy decision for data transfers to the USA only applies to companies that are certified under the EU-US Data Privacy Framework. The certification status of a participating company can be viewed at the following link: Participant search (dataprivacyframework.gov).

If your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to take legal action.

In order to ensure an adequate level of data protection when transferring your data to recipients in such third countries, we therefore ensure that appropriate safeguards within the meaning of Art. 46 GDPR are in place.

Standard contractual clauses of the European Commission pursuant to Art. 46 para. 2 lit. c GDPR are therefore regularly concluded either by us or by the service providers we use. They oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on Standard Contractual Clauses (SCCs) – European Commission. Should you require further information on the modules of the standard contractual clauses or on supplementary measures that we have concluded in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

For certain recipients, the data transfer may also be based on binding corporate rules (BCR) approved by the supervisory authorities pursuant to Art. 46 para. 2 lit. b GDPR. These can be viewed at the following link: Approved binding corporate rules | European Data Protection Board.

If the standard contractual clauses or the binding corporate rules are not sufficient to ensure the level of protection, additional technical, contractual, or organisational measures are taken to secure the data transfer. In addition, regular reviews and assessments are carried out to determine whether these additional measures continue to ensure an adequate level of data protection or whether further supplementary measures are required.

For data transfers to the USA, an adequacy decision of the EU Commission exists with regard to companies that are certified under the EU-US Data Privacy Framework. Slack Technologies LLC (via Salesforce), Notion Labs, Inc. and Google LLC are certified under the EU-US Data Privacy Framework.

E. Assertion or Defence of Legal Claims

Furthermore, we process your data in individual cases for the purpose and in the interest of asserting legal claims, for example to enforce our claims arising from unpaid invoices, insofar as your data is relevant to a legal dispute.

Furthermore, we process your data in individual cases for the purpose and in the interest of defending against legal claims asserted against us, for example in the case of claims arising from liability for defects, insofar as your data is relevant to a legal dispute.

1. Legal Basis for Data Processing

The legal basis for the processing of your data is Art. 6 para. 1 lit. f GDPR.

2. Recipients

In the context of data processing, your data is transmitted to the following categories of recipients or recipients that we use in the context of data processing to achieve the aforementioned purposes:
Tax advisors,
Auditors,
Financial or investigative authorities,
Lawyers,
Experts,
Courts.

3. Storage Period

We store your data in individual cases for as long as is necessary to achieve the above-mentioned purpose. Thereafter, we delete your data, unless the data processing, possibly also in other systems, is still permissible on another legal basis or is mandatory for us (e.g. in the case of statutory retention obligations).

F. Your Rights

Below you will find information on the rights that applicable data protection law grants you against the controller with regard to the processing of your personal data:

a) Right of Access

You have the right to request information about your personal data processed by us pursuant to Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and, where applicable, meaningful information about its details.

b) Right to Rectification

You have the right to request the immediate rectification of inaccurate or incomplete personal data stored by us pursuant to Art. 16 GDPR.

c) Right to Erasure

You have the right to request the erasure of your personal data stored by us pursuant to Art. 17 GDPR, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the assertion, exercise, or defence of legal claims.

d) Right to Restriction of Processing

You have the right to request the restriction of the processing of your personal data pursuant to Art. 18 GDPR, unless the accuracy of the data is contested by you, the processing is unlawful, you refuse its erasure and we no longer need the data, but you require it for the assertion, exercise, or defence of legal claims, or you have lodged an objection to the processing pursuant to Art. 21 GDPR.

e) Right to Data Portability

Pursuant to Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transfer to another controller.

f) Right of Revocation

You have the right to revoke your consent pursuant to Art. 7 para. 3 GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will immediately delete the data concerned, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the lawfulness of processing based on consent before its revocation.

g) Right to Object to Data Processing Based on Legitimate Interests

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR, you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data, insofar as this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right to object without having to specify a particular situation.

If you wish to exercise your right of revocation or objection, please contact us using the contact details provided above under "Controller".

h) Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which our registered office is located, as mentioned above, or, where applicable, the supervisory authority of your habitual place of residence or place of work. The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Alt-Moabit 59-61, 10555 Berlin.

i) Right to Judicial Review

If you assert your rights under the GDPR against us and we cannot or do not implement one of these rights, you have the right to request judicial review pursuant to Art. 79 GDPR.

G. Final Provisions

We reserve the right to adapt this privacy policy at any time so that it always complies with current legal requirements or in order to reflect changes to the application process or similar matters. For a renewed visit to this recruiting page or a new application, the new privacy policy will then apply.

In addition to this privacy policy, you can view our general privacy policy at https://jodel.com/privacy/.

Status of the Privacy Policy
This privacy policy was last updated on 30.04.2026.

Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.