Privacy Policy

This Privacy Notice outlines how Cybersteps GmbH and its affiliates (referred to as “we,” “us,” or “our”) collect and process your personal data as a candidate (“you” or “your”). We engage data processors including recruitment and applicant tracking platforms, to assist in the collection, storage, and processing of your data to manage your recruitment process. This Notice also details your rights and options regarding your personal data.

For inquiries, please contact us at [email protected].

1. How Your Personal Data Is Processed
   As part of the recruitment process, we may collect and process the following categories of Personal Data about you as a candidate:
   • Contact Details: Name, email address, telephone number, address.
   • Financial Data: Billing address, bank account details, payment information.
   • Household and Relationships: Emergency contact, marital status, next of kin.
   • Identifiers and Legal Documents: Passport, national insurance number, proof of residence, national ID.
   • Activity and Behavioural Data: Interests, tagged media, or public friend lists.
   • Personal Characteristics: Sex, gender, nationality, date of birth, CV data, academic qualifications.
   • Location Data: GPS location, tracking data.
   • Communications Data: Emails, instant messaging data, social media posts, postal content.
   • Images and Recordings: Photos, videos, CCTV footage.
   • Views and Opinions: Testimonials, survey responses, and other non-political, religious, or philosophical opinions.
   • Work-related Data: Grievances, completed tasks, disciplinary records.
   • Technical Identifiers: IP address, MAC address, username, and passwords.
   • Special Category Data: Data revealing racial or ethnic origin or other sensitive information when legally required.
   • Aggregated Data: Statistical or demographic data, such as website usage patterns. Aggregated Data, which does not directly identify you, is not treated as personal data unless combined with other identifying information.
   • Additionally, we may process materials submitted by you or third parties (e.g., background check providers) related to your application. Your Personal Data primarily originates from you (through email or online submissions) but may also come from sources such as LinkedIn profiles, recruitment agencies, headhunters, or referrals.
2. How Your Personal Data is Used and Legal Basis
   Your personal data may be accessed for various purposes, relying on lawful bases of legitimate interest, contractual obligations, consent, or compliance with a legal obligation, as applicable:
   • Recruitment and Candidacy Management: Evaluating and considering you for roles or a student position, scheduling interviews, and maintaining communication.
   • Operations and Compliance: Fraud prevention, invoicing, tax reporting, and digitally signing documents.
   • Marketing and Engagement: Sending B2B/B2C marketing emails, organizing events, conducting product surveys, and targeted advertising.
   • Product Improvement and Support: Gathering insights, error management, customer support, and CRM activities.
   • Technical and Security: Website tracking, user authentication, and infrastructure management.
3. Who Processes Your Data
   • Service Providers: We may share your Personal Data with service providers and vendors who assist us in collecting, processing, and storing your data for recruitment purposes. These third parties are authorized to use your data only as necessary to provide their services or as directed by us.
   • Third-Party Referrals: If a third party (e.g., a recruiting agency or employee) submits your candidacy, we may share your general recruitment status, including your name and photo, with them. If you applied via an employee referral link, we may share your general recruitment status (without identifying you by name) with the referrer. Sharing data allows us to operate programs such as customer or employee referral bonuses and provide feedback to referrers regarding submitted candidates.
   • Affiliates: Personal Data may be shared with our affiliated entities under common ownership or control.
   • Business Transactions: In the event of a merger, acquisition, sale, transfer of assets, restructuring, bankruptcy, or similar events, your Personal Data may be transferred or disclosed to third parties during negotiations or execution of such transactions.
   • Legal Requirements: We may disclose Personal Data to comply with legal obligations, court orders, or requests from law enforcement, regulatory, or governmental agencies.
4. Your Rights as a Data Subject
   Depending on applicable law, you may have the following rights regarding your Personal Data:
   • Access: Request a copy of your Personal Data stored on our systems (Art. 15 GDPR).
   • Correction: Rectify inaccurate or incomplete Personal Data (Art. 16 GDPR).
   • Deletion: Request the erasure of your data, subject to legal obligations (Art. 17 GDPR).
   • Restriction: Restrict the processing of your data (Art. 18 GDPR).
   • Objection: Object to data processing (Art. 21 GDPR).
   • Portability: Receive your data in a structured, commonly used, and machine-readable format (Art. 20 GDPR).
   • Withdraw Consent: If we rely on consent, you may revoke it at any time with future effect.
   • Complaints: You may lodge a complaint with a supervisory authority, such as your local authority or the authority responsible for us. A list of supervisory authorities is available at: bfdi.bund.de.
5. International Data Storage and Transfers
   Your Personal Data may be hosted or processed in Germany, the United States, or in other jurisdictions that are recognized as providing an adequate level of data protection under applicable laws. In cases where data is transferred to countries without an adequacy decision, we implement appropriate safeguards to ensure your data is protected.
6. Data Retention (Storage Period)
   We will retain your Personal Data for as long as necessary to evaluate you as a candidate or as long as we have a valid legal basis for processing it. In line with our internal data retention policies, we may retain, delete, or pseudonymize/anonymize your Personal Data as appropriate. If there is a contractual relationship, we are subject to the statutory retention periods according to the German Commercial Code and delete your data after these periods have expired.
7. Data Security
   We implement industry-standard measures to safeguard your Personal Data against damage, loss, unauthorized access, or misuse including using acceptable third-party vendors and partners, SSL encryption, and established hosting providers. However, no system is completely secure, and we cannot guarantee absolute security.
8. Children’s Personal Data
   We do not intend to collect personal data from children under the age of 16. If you believe that we have inadvertently collected such data, please contact us immediately. If you have any questions or concerns regarding the collection of children’s personal data, please reach out to us.
9. Marketing Communications
   If you provide your email address via a contact or lead form, we may send you information about our products and services. This will only be done with your consent, which you may withdraw at any time by clicking the “unsubscribe” link in any email or by contacting us directly at the email address [email protected].
10. Updates to This Notice
    We may update or modify this Privacy Notice from time to time. If we make significant changes, we will take reasonable steps to notify you, such as posting the updated Notice on our website or contacting you directly, as appropriate. We encourage you to review this Notice periodically to stay informed about how we are protecting your information.
11. Contact Us
    You may send requests, responses, questions, or complaints by contacting us using the following contact information:
    Cybersteps GmbH
    Address: Schloßstraße 50, 12165 Berlin, Germany
    Email: [email protected]