Job Applicant Privacy Notice

AMBOSS GmbH is a young company providing high quality services for physicians and medical students as well as learning materials. We want you, as a user of our services, to understand how we use information and what options you have to protect your data. We are aware of the importance and sensitivity of your personal data and thank you for your trust. Handling it responsibly is a major concern for us. If you have any questions about this, please do not hesitate to contact us.


This data protection declaration informs applicants about the nature, scope and purpose of the processing of personal data by AMBOSS. It applies to applications that you send to us via our application portal. In addition, you can find information about data processing on the website operated by us in our general data protection information. You can find them here.



Data Controller:

AMBOSS SE
Torstrasse 19
10119 Berlin, Germany
E-mail: hello@amboss.com
Phone: +49 (0) 30 – 5770221- 0


Managing Directors: Dr. med. Madjid Salimi, Dr. med. Nawid Salimi, Benedikt Hochkirchen


Local Court Berlin (Charlottenburg), HRB 270315



Subsidiary:

Our representative and wholly-owned subsidiary in the US:

AMBOSS MD Inc.
234 5th Avenue, 2nd Floor
New York, NY, 10001
Phone: 347-835-5441



Contact details data protection officer:

AMBOSS SE
Data Protection Officer
Torstrasse 19
10119 Berlin, Germany
privacy@amboss.com


Last Update Date:
August 2023



1. General Information

1.1 With regard to the terms used, such as “personal data”, “user” or “processing”, we refer to Art. 4 of the EU General Data Protection Regulation (GDPR).


1.2 We process users’ personal data exclusively in compliance with the relevant provisions of data protection law. In accordance with Art. 13 GDPR, we inform you of the legal basis of our data processing. If the legal basis is not stated in this privacy policy, the following applies: Legal basis for the processing of personal data with separate consent is Art. 6 para. 1 lit. a GDPR, legal basis for the processing of data for the performance of a contract and for the implementation of pre-contractual measures is Art. 6 para. 1 lit. b GDPR, legal basis for the processing of personal data to comply with our legal obligations is Art. 6 para. 1 lit. c GDPR and legal basis for the processing of personal data to protect our legitimate interests is Art. 6 para. 1 lit. f GDPR.


2. Applications

2.1 You have the option of applying directly for a vacant position with us via our application portal. To process your online application and to carry out the application process, we collect, process and use the personal data that you have provided to us via our application portal. The data is used for the purpose of the application process. This also includes contacting you.


2.2 For our application portal, we use the services of Workable Software Limited, 5 Golden Square, 5th Floor, London, W1F 9BS, United Kingdom (“Workable”). For this purpose, the data you provide to us as part of the application process is stored and processed on Workable’s servers in the United States. This is done under an existing data processing agreement with Workable.


2.3 The processing of your data is based on your consent according to Art. 6 para. 1 lit a GDPR, if you have given it, and on pre-contractual measures according to Art. 6 para. 1 lit b GDPR and Section 26 para. 1 of the German Federal Data Protection Act (BDSG).


3. Disclosure of Data

3.1 First of all, only our employees who are involved in the application process receive knowledge of your personal data. In addition, we use external service providers within the framework of the data processing explained in this data protection declaration or, if necessary, commission them with certain services. In addition to the aforementioned providers of the applicant management programs, data may in individual cases be passed on to legal advisors when asserting our claims.


3.2 Personal data is only passed on to third parties on the basis of legal permits and within the framework of legal requirements. If we commission service providers with the processing of data within the framework of a so-called “data processing agreement”, this is done on the basis of Art. 28 GDPR.


3.3 Personal data may also be transferred to servers outside the EU or to trusted third parties based outside the EU. If you apply for employment with our subsidiary AMBOSS MD Inc. 234 5th Avenue, 2nd Floor, New York, NY, 10001, your data will be transferred to them. If there is no EU Commission decision on an adequate level of data protection in the country in question, the transfer will take place on the basis of so-called EU standard contractual clauses, which aim to ensure that your rights and freedoms are adequately protected. You should be aware that many countries do not offer the same legal protection for personal data as in the EU. While your personal data is located in another country, it may be accessed by courts, law enforcement and national security authorities of that country in accordance with its laws.


4. Required Data / Automated Decision Making

You only need to provide the personal data that is required for the application process or whose provision is required by law or contract. Without this data, we will not consider you for the application process or be able to fulfill individual contractual obligations.


We do not use fully automated decision-making including profiling in accordance with Art. 22 GDPR as part of the application process.


5. Data Subject Rights

5.1 To the extent applicable under the GDPR, you have the right:

  • in accordance with Art. 7 (3) GDPR to revoke your consent once given to us with effect for the future;
  • pursuant to Art. 15 GDPR to request information free of charge about your personal data processed by us;
  • in accordance with Art. 16 GDPR to immediately demand the correction of incorrect or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR to request the erasure of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims;
  • to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR;
  • pursuant to Art. 20 GDPR to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request the transfer to another controller;
  • complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority of your usual place of residence or workplace in an EU member state or our registered office.


6. Right of Objection

6.1 If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are grounds for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right to object, which will be implemented by us without specifying a particular situation.


6.2 If you wish to exercise your right of revocation or objection, it is sufficient to send an e-mail to our above-mentioned e-mail address. You may also call us at the above-mentioned phone number.


7. California Notice at Collection

7.1 We collect the following categories of personal data:

  • Identifiers, such as name, alias, postal address, email address, Social Security number, government-issued identification numbers (e.g., driver’s license, state identification, or passport number), date of birth, telephone number, signature, assigned employee number, or other similar identifiers.
  • Demographic Information, which may include information about protected classifications, such as your age, gender, gender identity, race, ethnicity, citizenship, sexual orientation, marital status, languages, or veteran or military status.
  • Financial Information, such as payroll information, bank account and routing number, and tax-related information.
  • Professional Information, such as resumes, employment history, employment verification information, promotions, service dates, training information, length of service, compensation, current department/position, employment status, job performance, attendance records, disciplinary actions, relocation information, employee development information, or other employment-related information. We may also collect information concerning the organizations you are affiliated with (e.g., volunteer information), and your professional memberships, qualifications, and certifications.
  • Educational Information, such as the institutions attended, graduation dates, degrees, field of study, education verification information, level of education, degrees received, and certifications.
  • Medical or Health Information, such as benefits-related information (e.g., wellness information, COBRA information, healthcare plan information, insurance information); disability claims records (e.g., workers’ compensation records and disability claims records); medical reports or records (e.g., pre-employment drug tests and medical/benefits-related documentation); and information relating to pregnancy or childbirth.
  • Audio or Visual Information, such as the content of video interviews and conferences, security cameras, call recordings, and similar types of information.
  • Device Information, such as information pertaining to the device through which you interact with us or use (e.g., the type of device and IP address).
  • Internet or Other Electronic Network Activity Information, such as browsing history, search history, online applications used, IP address, and information regarding your interactions only within Internet websites or applications used.
  • Geolocation Information, such as the region or general location where your computer or device is accessing the internet.
  • Inferences Drawn from the Above Categories of Personal Information, such as inferences about your characteristics, job performance, disciplinary determinations, preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, aptitudes, or professional development.


We collect the above categories of personal data from you, our service providers, and other third parties.


7.2 We use this personal data for a variety of business purposes, including to conduct our business and to manage our relationship with you. This may include to manage our relationship with you; helping to ensure security and integrity to the extent the use of the personal data is reasonably necessary and proportionate for these purposes; debugging to identify and repair errors that impair existing intended functionality; perform services, including maintaining or servicing accounts, verifying your information, or providing any other services; undertaking internal research for technological development and demonstration; undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by us, and to improve, upgrade, or enhance the service or device that is owned, manufactured for, or controlled by us; and for any other business purpose permitted by law.


We do not sell or share your personal data, and we have not knowingly sold or shared the personal data of anyone under 16 years of age.


We limit the use and disclosure of your sensitive personal data to those business purposes permitted under applicable law, and we do not use it to infer characteristics about you.


We will not use personal data collected for additional purposes that are incompatible with the disclosed purpose in this Job Applicant Privacy Notice without providing you with notice.


8. Data Deletion

Your data will be stored by us for as long as is necessary to process your application. In the event that the application process is terminated, your data will be deleted after 6 months at the latest. If you have agreed to further storage of your data in our talent pool, your data will be stored in our talent pool for a further 12 months and then automatically deleted. In the event that your application leads to an employment relationship with us, your data will be forwarded from our application software Workable to our HR management software BambooHR and then deleted from Workable.

9. Changes to the Privacy Notice

We reserve the right to change this Job Applicant Privacy Notice from time to time to reflect changes in the law or expansion of the functionality of our services. You should therefore read the Job Applicant Privacy Notice regularly to be informed about the protection of your data.


In addition, you can inform yourself about data processing on the website operated by us in our general data protection information. You can find them here.