Data protection in the application process

DCSO Deutsche Cyber-Sicherheitsorganisation GmbH („DCSO“) takes the protection of your personal data very seriously. Your personal data will be treated confidentially and in accordance with the statutory data protection regulations and this declaration on data protection in the application process.

1. Declaration of consent for the processing of personal data

As part of the application process, DCSO will process your personal data and requires your consent to do so (Article 6 (1) lit. a GDPR). This consent to the processing of your personal data relates to all personal data provided to the company as part of the application process (e.g. in cover letters, CVs, certificates, applicant questionnaires, etc.). If you yourself provide “special categories of personal data” pursuant to Article 9 of the GDPR in your letter of application or other documents submitted by you in the application process (e.g. a photo that reveals so-called racial or ethnic origin, information about severely disabled status, etc.), the processing of data also relates to this data. However, we will evaluate all applicants only on the basis of their qualifications and therefore ask that you refrain from making such information in your application if possible.

Your consent is voluntary and you will maintain the right at any time to revoke the granted consent and to request deletion of your personal data pursuant to Article 17 GDPR.

 

By clicking on “Submit application” in DCSO’s online application form you declare to DCSO:

I have been informed about the use of my personal data and hereby consent to the processing for the above purpose.

I have noted that I have the right to revoke the granted consent at any time and to request the deletion of my data. In this case, my application can no longer be considered by DCSO.

 

2. Information on data processing in accordance with Art. 13 and Art. 14 GDPR for applicants

This information tells you about the processing of applicants’ personal data by the company and any affiliate.

Responsible body

Company:
DCSO Deutsche Cyber-Sicherheitsorganisation GmbH
Legal representative:
Dr. Andreas Rohr, Dominic Coxinho
Address:
EUREF-Campus 22, 10829 Berlin
Contact details for data protection officer:
Datenschutz@dcso.de

 

General data processing information

Affected data

Personal data are only collected if you share it with us. Apart from that, no personal data are collected. Any processing of your personal data that goes beyond the scope of what is permitted by law is only possible on the basis of your express consent.

Specific information about the application process

Affected data:
Personal data that you give us during the application process.
Processing purpose:
To process an application.
Categories of recipients: Public agencies where priority legal provisions exist.
External service providers or other contractors, e.g., for data processing.  The company uses „HRworks“, a product offered by HRworks GmbH, Waldkircher Str. 28, 79106 Freiburg, Germany, as a personnel management tool. Other external bodies in so far as you, as data subject, have given your consent or transmission is permitted due to a prevailing interest, e.g., customers and interested parties in conjunction with order acquisition.
Third country transfers:
As part of contractual execution, processors could also be used outside the European Union, e.g., email providers.
Duration of data storage:
Application data will generally be deleted within four to six months at the latest after the decision has been issued, unless consent has been given to store the data for a longer period of time in an applicant pool (“talent pool”) or another legal basis.

 

Automated decision-making

There is currently no automated decision-making.

 

Your rights

You may invoke your rights to access, rectification or erasure at any time, to restrict processing, to object to processing, and to data portability. You may contact our HR department personally by email via bewerbung@dcso.de or letter. You also have the right to contact the data protection supervisory authority for complaints.