Thank you for your interest in working for smartpatient! We would like to inform you about the purpose, scope and method of processing your personal data.
Smartpatient GmbH Neumarkter Strasse 87, 81673 Munich, Germany (hereinafter referred to as “smartpatient” or “We”) is the Data Controller ("Controller") for the processing of your personal data.
Our Polish Entity Smartpatient Business Services Sp. z o.o. Dominikańska 25A, 02-738 Warsaw, Poland, KRS 000799295, NIP: 5213873878, REGON: 384130179 may process your data on behalf of the Controller.
A Data Processing Agreement between the entities exists and the same security measures are implemented in both companies.
In order to screen your application and take you into account for a position at smartpatient we need to process the data included in your application.
After processing your application your data will be stored for a maximum of 6 months from the end of the Recruitment Process.
Personal data processed for this is: Name, email address, current employer, phone number, link to public LinkedIn Profile, Github or Website, if provided, general application details from your CV and anything else you may have included in your application.
The legal basis for processing your data is taking steps at the request of the data subject prior to entering into a contract (Article 6 para. 1b) GDPR).
If we do not have a suitable position for you at the moment and we would like to keep your application for further consideration, we will ask you for explicit consent (e.g. via Email) to keep your data in our systems. You can withdraw this consent at any time.
Your data will not be stored for longer than 2 years.
The legal basis for processing your data is consent (Article 6 para. 1a) GDPR).
We may decide to store a truncated set of your application data. We will do so for example to keep track of candidates that have been through the application process recently and to refrain from contacting those who have explicitly stated that they do not want to be in contact.
Personal data processed: First name, 3 first letters of the surname, Company name, Link to public LinkedIn profile, most recent contact date.
The legal basis is legitimate interest (Article 6 para. 1f GDPR).
a) Duration of data storage
Your personal data will only be stored for the purpose and period stated above. It will be deleted when you withdraw consent, or when the period stated above is ending. We may store personal data longer to defend ourselves in the case of legal claims arising from the Recruitment Process (Art 9 para 2f )GDPR).
We adhere to the GDPR principle of data minimization, which means that we generally do not store personal data that does not serve a purpose anymore. Unnecessary data is either automatically anonymized or manually deleted at regular intervals.
b) Location of data storage
After you have applied via our website, your application is transferred to and stored by the service provider Lever Inc. with datacenters in the US. A data processing agreement including EU Standard Contractual Clauses is in place with Lever Inc. and the data is encrypted at rest.
If we decide to keep a truncated set of your data for purposes as stated above, we store it on our own servers in Munich or Warsaw.
We may rely on third-party service providers from outside the European Union, but we take all steps to ensure that your data is adequately protected according to GDPR requirements. Standard Contractual Clauses and Technical and Organizational Measures are included in the Data Processing Agreements with those providers.
Currently the following service providers are used: Lever, Inc.
You have the right to request access to your personal data, rectification or erasure of personal data, restriction of processing of personal data. You can exercise your right to object to processing as well as the right to data portability. You are free to withdraw any consent you have given at any time.
If you have any questions or wish to exercise your rights, please contact us e.g. at email@example.com.
The data protection officer responsible for SmartPatient is Dr. Sebastian Kraska, IITR Datenschutz GmbH, Marienplatz 2, 80331 München, Germany, firstname.lastname@example.org.
You have the right to lodge a complaint with a supervisory authority.
Should you have any questions about this policy or our Recruiting Process, drop us a message at email@example.com.