Information on processing personal data of applicants

 1. General Information

Thank you for your interest in our company and your current or past application for employment with us. You will find below information on how your personal data is processed in connection with your application.

1.1.   Controller

Controller for data processing is the respective Salescode entity in which you are applying for. Salescode GmbH and affiliated enterprises are hereinafter referred to as “Salescode Group”.

Overall responsible for Data Protection at Salescode is:

Salescode GmbH 
Sulzbacher Straße 9
90489 Nürnberg

1.2.  Data Protection Officer

Our Data Protection Officer may be contacted at:

Salescode GmbH
Svenja Lehn
Sulzbacher Straße 9
90489 Nürnberg


2. Data processing framework

2.1.  Source and categories of personal data

We process the data that you have sent us associated with your application to check your suitability for the position (or other positions in our company that may be suitable) and conduct the application process. Moreover, we may be processing the data which you have published and are available on the internet as far as it is permitted under data protection law. This includes CVs, career etc.

2.2.  Purposes and legal bases of the processed data

We process your personal data in compliance with the provisions of the EU General Data Protection Regulation (GDPR) and other applicable laws and regulations.

The legal basis for the processing of your personal data in this application procedure is primarily Art. 6 Para. 1 lit. b) GDPR. Accordingly, the processing of the necessary data in connection with the decision on the establishment of an employment relationship is legitimate.

Should the data be required once the application process has been concluded, the data may be processed on the basis of the requirements of Art. 6 GDPR, particularly for exercising legitimate interests in accordance with Art. 6 para. 1 f) GDPR. In such case, our interest is the assertion or defense of claims.

This also includes the processing of communication data (user details, content data, connection data as well as comparable data) in the context of the implementation of the application procedure through the use of internet-based communication tools.

We may process your personal communication data (user details, content data, connection data and comparable data) as part of the application process, in particular the digital implementation of job interviews, if the contract is initiated with the help of internet-based communication tools, in order to simplify the organisation of the application process and to be able to adapt it to the current needs of the applicant and employer.

Furthermore, your voluntarily given consent can be the legal basis for data processing according to Art. 6 para. 1 lit. a) GDPR (e. g. inclusion in the applicant pool, newsletter for new job offers). The consent given can be revoked at any time with effect for the future.

Special categories of personal data pursuant to Art. 9 Para. 1 GDPR are processed for the purpose of establishing an employment relationship, exercising rights or fulfilling our legal obligations. The processing is based on Art. 9 para. 2 b) GDPR. In addition, the processing of data concerning health may be necessary for the assessment of your ability to work in accordance with Sec. 9 Para. 2 h) GDPR.

Furthermore, due to the European anti-terror regulations 2580/2001 and 881/2002 as applicable, we are obliged to compare your data with the so-called "EU terror lists" in order to ensure that no funds or other economic resources are made accessible for terroristic purposes.

We will inform you in advance if we decide to process your personal data for any purpose not mentioned above.

2.3.  Consequences of failure to provide data

As part of your application, you have to provide the personal data necessary to establish the employment relationship or which we are legally obliged to collect.

2.4. Automated individual decision-making or Profiling (Art. 22 GDPR)

We do not use automated decision-making methods according to Article 22 GDPR. If we do use such a method in individual cases in the future, we will inform you separately if this is required by law.

3. Data recipients

3.1.  Within the EU/EEA

Within our company, only the persons necessarily involved in the application process (e. g. specialist departments, management, personnel department) will receive your data. Your application data is reviewed by the HR department once your application has been received. Suitable applications are forwarded internally to the persons in the respective departments responsible for the vacant position.

The further course of action is determined after that. Only persons who require your data for the proper processing of your application are given access to it within our Salescode Group.

3.2.  Outside of the EU/the EEA

If we transfer personal data to service providers or corporate enterprises outside the European Economic Area (EEA), the transfer will only take place if the third country has been approved by the EU Commission on the basis of an adequacy decision or if other appropriate data protection safeguards (e. g. binding corporate rules or standard data protection clauses) have been provided.

3.3.  Recipient overview

The following recipients receive your data within the scope of the data processing described here:

■        Hemmersbach GmbH & Co. KG, Sulzbacher Str. 9, 90489 Nürnberg, Germany

■        Salescode Greece MIKE, Vasilissis Sofias Avenue 97, 11521 Athens

■        Salescode Spain S.L., Calle Balmes, 173, piso 4, puerta 2, 08006 Barcelona, Cataluna

Further processing of your personal data depends on the country for which you are applying for.

4. Storage periods

In case of rejection, the applicants’ data will be blocked within six months after notice of rejection and erased after twelve months, unless you consented to keep your data longer or the applicable law(s) define otherwise.

In the case that your application for a position is successful, the data is transferred from the applicant data system to our HR information system.

5. Your rights

  • Under certain conditions, you can assert your data protection rights against us. Your requests to exercise your rights should be addressed, as far as possible, in writing or via e-mail to the above address or directly in writing or via e-mail to our Data Protection Officer.
  • You have the right to receive information from us about your data stored by us pursuant to the rules of Art. 15 GDPR.
  • If you so request, we will correct the data stored about you pursuant to Art. 16 GDPR if they are inaccurate or incorrect.
  • If you so desire, we will erase your data pursuant to the principles of Art. 17 GDPR, provided that other legal regulations (e.g. legal storage obligations) or an overriding interest on our part (e.g. to defend our rights and claims) do not oppose this.
  • You may ask us to restrict the processing of your data, taking into account the requirements of Art. 18 GDPR.
  • If your personal data are processed on the basis of legitimate interests pursuant to Art. 6 (1) sentence 1 lit. f) GDPR or if they are necessary for the performance of a task carried out in the public interest or in the exercise of public authority, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or if the objection is addressed to direct advertising. In the latter case, you have a general right of objection, which is implemented by us without specifying a particular situation.
  • You also have the right to receive your data in a structured, common and machine-readable format under the conditions of Art. 20 GDPR or to transmit them to a third party.
  • In addition, you have the right to withdraw the consent to the processing of personal data you granted at any time with future effect.
  • You also have a right to lodge a complaint with a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always address a complaint to our Data Protection Officer initially.
To top