Picus Capital GmbH and its affiliates (“Picus Group”, “we” or “us”) are committed to protecting the personal data of applicants and candidates (“you” or “your”).
We process personal data only in accordance with the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR) and local data protection laws such as the German Federal Data Protection Act (BDSG).
WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?
- Picus Capital GmbH (Karlstraße 12, 80333 Munich, Germany)
- Picus Capital Americas Corporation (350 Fifth Avenue, Suite 4730, Empire State Building, New York, NY 10118, United States)
- Picus Capital (Beijing) Advisory Co. Ltd. (Gongxiao International Building, Floor 3, Chaoyang District, Beijing City, P.R. China)
- Picus Northern Europe AB (Box 191 85, 104 32 Stockholm, Sweden)
- Any other Picus entity that is involved in the recruiting process and has access to your application.
For this purpose, the entities above have concluded a joint controllership agreement in accordance with Article 26 GDPR. You may exercise your rights pursuant to Articles 15 to 22 GDPR against any of the entities above. However, you will generally receive the information from Picus Capital GmbH. The notification and reporting obligations resulting from Articles 33 and 34 GDPR are incumbent on each entity above. We will gladly provide you with further information on the joint controllership agreement at any time upon request to firstname.lastname@example.org.
HOW TO CONTACT US?
To make it easier for you to contact us with regard to any data protection-related inquiry, you may always use our parent entity, Picus Capital GmbH, as your point of contact:
Picus Capital GmbH
You can contact our data protection officer as follows:
Picus Capital GmbH
WHAT INFORMATION DO WE COLLECT?
We process personal data that you provide to us in connection with your application as part of the application process.
We process the following categories of personal data regarding your application: Master data (name, date of birth, nationality, place of birth, country of birth, marital status), contact data (private address, email address, telephone number), application data (contents of application documents, in particular photo, curriculum vitae and certificates, contents of written (including electronic) correspondence regarding the application), contents of examination notes, perceptions from job interviews, feedback and evaluations.
In addition to personal data you submit directly to us, we may also collect information from third-party sources, such as professional recruiting firms, resume books, student organizations, and career and job related social media sites (such as LinkedIn), in order to populate your profile.
We do not seek to process special categories of personal data about a candidate (including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health or data concerning a natural person’s sex life or sexual orientation) unless (i) it is necessary to exercise rights or comply with legal obligations derived from labour law, social security and social protection law, and there is no reason to believe that the data subject has an overriding legitimate interest in not processing the data (Section 26 (3) sentence 1 BDSG), or (ii) you have given explicit consent (Section 26 (3) sentence 2 BDSG).
Please note that the types of personal data that we may request from you and the ways that we process it are determined by the requirements of the jurisdiction in which the position is located. If you apply to a position with a location outside of the European Economic Area (“EEA”), we may transfer your data outside the EEA
You are not legally obliged (neither by law nor by contract) to provide any of the requested personal data to us. However, if you do not provide such personal data, we may not be able to carry out any application procedure (including possible recruitment).
We do not use automated decision-making for the hiring process.
FOR WHAT PURPOSES DO WE USE YOUR PERSONAL DATA?
We use your personal data for:
- recruiting and business management reasons including identifying, contacting and evaluating candidates for potential employment, as well as for future roles that may become available;
- inviting you to recruiting events;
- keeping you informed about open positions within the Picus Group and our portfolio companies if you are part of our talent program (our talent program offers you the opportunity to get contacted directly by us, our affiliates or our portfolio companies for a specific open position);
- record keeping in relation to recruiting and hiring;
- ensuring compliance with legal requirements, including diversity requirements and practices; and
- protecting our legal rights to the extent authorized or permitted by law.
We may also aggregate your personal data to analyze and improve our recruitment and hiring process and augment our ability to attract successful candidates.
WHAT ARE THE LEGAL BASES OF THE PROCESSING OF YOUR PERSONAL DATA?
Legal bases for processing your personal data are (i) Article 88 (1) GDPR and Section 26 (1) BDSG (hiring decisions), (ii) Article 6 (1) (a) GDPR and Section 26 (2) BDSG (talent program, consideration for future job offers), (iii) Article 6 (1) (b) GDPR (implementation of pre-contractual measures), (iv) Article 6 (1) (f) GDPR (evidentiary purposes: assertion, exercise or defense of legal claims), and (v) Article 6 (1) (f) GDPR (transfer of personal data to group companies, analysis).
WHEN AND WITH WHOM WILL WE SHARE YOUR INFORMATION?
Picus Group uses carefully selected third-party service providers and business partners who:
- provide a recruiting software system (e.g. Recruiterflow, Inc., 2035 Sunset Lake RoadSuite B-2, Newark, Delaware. 19702, USA);
- process information on our behalf to help run some of our internal business operations including email distribution and IT services;
- assist us in recruiting talent, administering and evaluating pre-employment screening and testing, and improving our recruiting practices;
- organize events;
- are part of our talent program (as described above); or
- law enforcement bodies in order to comply with any legal obligation or court order.
Picus Group will ensure that legal and contractual mechanisms are in place with such third parties to protect your personal data.
DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EEA?
Because Picus Group is a global organization we need to transfer personal data across geographical borders to our affiliates, our service providers or business partners in other countries working on our behalf in accordance with applicable law. Our affiliates and third parties may be based in different countries around the world, including outside of the EEA. Examples of countries we transfer personal data to include, but are not limited to, Germany, the United States of America, the United Kingdom, Sweden, China, and India.
Picus Group will only share your personal data with recipients in a third country if the requirements set out in Chapter V of the GDPR are met, in particular if the European Commission has adopted an adequacy decision (Article 45 GDPR) or the transfer is subject to appropriate safeguards (Article 46 GDPR).
HOW DO WE PROTECT YOUR INFORMATION?
Picus Group has in place appropriate technological and operational security processes designed to protect your personal data from loss, misuse, alteration or destruction. Only authorized employees and providers will have access to any data provided by you, and that access is limited by need. All our employees and any service providers who work for us are obliged to comply with all applicable data protection requirements. Our security measures are subject to a continuous improvement process and our privacy policies are constantly revised.
HOW LONG WILL WE RETAIN YOUR INFORMATION?
If an entity within the Picus Group, such as Picus Capital GmbH, employs you, we will include your personal data in your personnel file.
If we do not employ you and you give us your consent, we may continue to retain and use your personal data for a period of 36 months (or until you withdraw your priorly given consent) for system administration purposes, for consideration for future employment opportunities, as part of our optional recruiting programs, and to perform research. In If you join a recruiting program, but subsequently wish to withdraw, please contact us at email@example.com.
Otherwise, we will retain your personal data for evidentiary purposes for any assertion, exercise or defense of legal claims for a period of 6 months after completion of the application process.
You have the right:
- in accordance with Article 15 GDPR to obtain information about the personal data processed by us;
- in accordance with Article 16 GDPR DSGVO to obtain without undue delay the rectification or completion of your personal data stored by us;
- in accordance with Article 17 GDPR to obtain the erasure of the personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression or information, for compliance with a legal obligation, for reasons of public interest or for the establishment exercise or defense of legal claims. If we have made your personal data public, we are obliged, taking account of available technology and the technical possibilities, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data;
- in accordance with Article 18 GDPR to obtain the restriction of the processing of your personal data if you contest the accuracy of the personal data, the processing is unlawful, but you oppose their erasure and we no longer require the data, but you require these for the establishment, exercise or defense of legal claims or you have objected to their processing in accordance with Article 21 GDPR;
- in accordance with Article 20 GDPR to receive your personal data in a structure, commonly used and machine-readable format or have such transmitted to another controller;
- in accordance with Article 7 (3) GDPR to withdraw your consent given to us at any time. This means that we may no longer continue the data processing based on this consent in future, and
- in accordance with Article 77 GDPR to complain to a supervisory authority. You can usually contact the supervisory authority at your normal place of residence or your workplace or where we are headquartered for this.
RIGHT TO OBJECT
If your personal data are processed on the basis of legitimate interests in accordance with Article 6 (1) (f) GDPR, you have the right in accordance with Article 21 GDPR to object to the processing of your personal data on grounds relating to your particular situation at any time.
If you wish to exercise your right of objection or withdraw given consent, simply send an e-mail to firstname.lastname@example.org.
Last modified: 28 March 2022