Privacy Policy – Recruiting

EnglishDeutsch

Data protection information for applicants

We are pleased that you are interested in us and that you have applied or are applying for a position in our company. In the following we would like to provide you with information on the processing of your personal data in connection with your application.

Who is responsible for data processing?

Responsible in the sense of the data protection law is Brainlab.

This Data Protection Notice applies to all of the following companies:

Data controller

The data controller within the meaning of the data protection law is:

Brainlab AG, Olof-Palme-Straße 9, 81829 Munich, Germany,

Brainlab Corporate Services GmbH, Olof-Palme-Straße 9, 81829 Munich, Germany,

Brainlab Sales GmbH, Olof-Palme-Straße 9, 81829 Munich, Germany,

Brainlab Ltd., Regus House, 1010 Cambourne Business Park, Cambourne, Cambridge, CB3 6DP, United Kingdom

Brainlab Italia s.r.l., Via Gabriele Rossetti 9, 20145 Milan, Italy,

SnkeOS, Olof-Palme-Str. 9, 81829 Munich, Germany,

Brainlab Robotics GmbH,  Olof-Palme-Straße 9, 81829 Munich, Germany,

Mint Medical GmbH, Burgstraße 61, 69121 Heidelberg, Germany,

medPhoton GmbH, Karolingerstraße 16, 5020 Salzburg, Austria,

Dr. Langer Medical GmbH, Am Bruckwald 26, 79183 Waldkirch, Germany

You will find further information about our company, details of the persons authorised to represent us and also further contact details in our imprint on our website: https://www.brainlab.com/corporate-information/

Which of your data are processed by us? And for what purposes?

We process the data that you have sent us in connection with your application in order to check your suitability for the position (or other open positions in our companies, if applicable) and to carry out the application procedure. There is no exclusively automated decision making process.

On what legal basis is this based?

The legal basis for processing your personal data in this application procedure is primarily the establishment of the employeement. The provisions of the GDPR and, where applicable, national data protection regulations apply to the processing of personal data for the purpose of establishing employment contracts. According to this, the processing of data required in connection with the decision to establish an employment relationship is permissible.

If your application relates to a position in the IT sector that involves handling security-critical systems and information, we process further data from you that is required as part of a security check on the basis of your consent pursuant to Art. 6 (1) a) GDPR.

Should the data be required after the application procedure has been completed, if necessary to defend against legal claims, data may be processed on the basis of the requirements of Art. 6 GDPR , in particular to safeguard legitimate interests in accordance with Art. 6 Para. 1 letter f) GDPR. Our interest then consists in the assertion or defence of claims.

There is no legal or contractual obligation to provide personal data. However, if you do not wish to provide personal data, you cannot be considered for the selection procedure.

How long is the data stored?

Data of applicants will be deleted after 6 months in case of a cancellation.

In the event that you have agreed to further storage of your personal data, we will transfer your data to our pool of applicants. There the data will be deleted after two years.

If you have been awarded a job during the application procedure, the data from the applicant data system will be transferred to our personnel information system.

If, due to your application in the IT sector (with access to security-critical systems and information), you submitted a copy of your ID card as part of the security check, this will be deleted immediately after the security check is completed.

To which recipients will the data be forwarded?

We use the specialized software provider SmartRecruiters for the application process. This company acts as a service provider for us and may also obtain knowledge of your personal data in connection with the maintenance and servicing of the systems. We have concluded a so-called data processing agreement according to Art. 28 GDPR  with this provider, which ensures that data processing is carried out in a permissible manner.

Your applicant data will be reviewed by the personnel department after receipt of your application. Suitable applications are then forwarded internally to the departmental managers responsible for the vacant position. The rest of the process is then coordinated. Within the company, only those persons who need access to your data for the proper processing of our application procedure have access to it.

If you apply for a job that requires the ability of programming, you might be asked to take a programming test. In this case, and only for this purpose, your name and e-mail address will be forwarded to the software provider HackerRank. Here too, we have concluded a data processing agreement according to Art. 28 GDPR with this provider.

In the case of positions in the IT area that represent a particular security risk for us, the service provider result Group carries out a security check for us. For this purpose, your data specified in the declaration of consent will be passed on to the service provider. In addition, we have concluded a data processing agreement with result Group, which ensures the permissibility of the data processing.

Will my data by transferred to countries outside the European Union?

Countries outside the European Union (and the European Economic Area “EEA”) handle the protection of personal data differently from countries within the European Union. We also use service providers located in third countries outside the European Union to process your data. There is currently no decision by the EU Commission that these third countries generally offer an adequate level of protection.

We have therefore taken special measures to ensure that your data are processed in third countries as securely as within the European Union. We concluded the EU Standard Contract Clauses  provided by the Commission of the European Union with service providers in third countries. These clauses provide appropriate guarantees for the protection of your data with service providers in third countries.

Your rights as a subject of data

You have the right to be informed about the personal data we process about you.

In the case of a request for information that is not made in writing, we ask for your understanding that we may then require you to provide evidence that proves that you are the person you claim to be.

Furthermore, you have the right to correction or deletion or to restriction of processing, as far as you are legally entitled to do so.

Furthermore, you have the right to object to the processing within the scope of the statutory provisions. The same applies to a right to data transferability.

In the case of data processing based on your consent, you have the right to revoke your consent at any time with effect for the future.

Our data protection officers

We have appointed the following data protection officers for our companies.

Mint Medical GmbH
Dr. Daniel Christlein
Burgstraße 61
69121 Heidelberg
Phone: +49 (0) 6221 – 321 80 0
E-Mail:

For all other companies please contact

Intersoft Consulting Services AG
Katharina Ruhenstroth
Beim Strohhause 17
200097 Hamburg
Phone: +49 (0) 40 790 235 0 
E-Mail:

If you have any questions or comments concerning data protection, you can contact us by email at the following address: legal@brainlab.com.

Right to appeal

You have the right to complain about the processing of personal data by us to a data protection supervisory authority.