Recruitment Privacy Policy

Thank you for your interest in working for smartpatient! We would like to inform you about the purpose, scope, andmethod of processing your personal data.

Smartpatient GmbH Neumarkter Strasse 87, 81673 Munich, Germany (hereinafter referred to as “smartpatient” or “We”) is the Data Controller ("Controller") for the processing of your personal data.

Our Polish Entity Smartpatient Business Services Sp. z o.o. Dominikańska 25A, 02-738 Warsaw, Poland, KRS 000799295, NIP: 5213873878, REGON: 384130179 may process your data on behalf of the Controller.

A Data Processing Agreement between the entities exists and the same security measures are implemented in both companies.

Recruitment privacy policy

Recruitment Process

In order to screen your application and take you into account for a position at smartpatient we need to process the data included in your application.

After processing your application your data will be stored for a maximum of 6 months.

Personal data processed for this is: Name, email address, current employer, phone number, link to public LinkedIn Profile, Github Account or Website if provided, and application details included in your CV.

The legal basis for processing your data is taking steps at the request of the data subject prior to entering into a contract (Article 6 para. 1b) GDPR).

Storage for Further Consideration

If we do not have a suitable position for you at the moment and we would like to keep your application for further consideration, we will ask you for explicit consent (e.g. via Email) to keep your data in our systems. You can withdraw this consent at any time.

Your data will not be stored for longer than 2 years. The legal basis for processing your data is consent (Article 6 para. 1a) GDPR).

Storage for Keeping Track of Previous Application Process

We may decide to store a truncated set of your application data. We will do so for example to keep track of candidates that have been through the application process recently and to refrain from contacting those who have explicitly stated that they do not want to be in contact. 

Personal data processed: First name, 3 first letters of the surname, Company name, Link to public LinkedIn profile, most recent contact date.

The legal basis is legitimate interest (Article 6 para. 1f GDPR).

Data Storage

a) Duration of data storage

Your personal data will only be stored for the purpose and period stated above. It will be deleted when you withdraw consent, or when the period stated above is ending. We may store personal data longer to defend ourselves in the case of legal claims arising from the Recruitment Process (Art 9 para 2f )GDPR).

We adhere to the GDPR principle of data minimization, which means that we generally do not store personal data that does not serve a purpose anymore. Unnecessary data is either automatically anonymized or manually deleted at regular intervals.

b) Location of data storage

After you have applied via our website, your application is processed by Recruitee B.V.

Data Subject Rights

You have the right to request access to your personal data, rectification or erasure of personal data, and restriction of processing of personal data. You can exercise your right to object to the processing as well as the right to data portability. You are free to withdraw any consent you have given at any time.

If you have any questions or wish to exercise your rights drop us a message at

The data protection officer responsible for SmartPatient is Dr. Sebastian Kraska, IITR Datenschutz GmbH, Marienplatz 2, 80331 München, Germany,

You have the right to lodge a complaint with a supervisory authority.


We reserve the right to amend this Privacy Policy. You can find the latest version on this website.