Recruitment Privacy Notice

This Recruitment Privacy Notice provides you with an overview on how Lilium GmbH, together with all of its affiliates (referred to collectively herein as “Lilium”, the “Company”, “Our” or “We”) treat and use your Personal Data (as defined below) as a job applicant and, if applicable, through the hiring process, including (i) the information included in your individual application, (ii) as someone who has referred a job applicant to us, (iii) and/or as a third person who is mentioned in another person’s job application.

This Recruitment Privacy Notice applies to all job applicants to Lilium including: (i) those active job seekers who register via our Careers-section on lilium.com or lilium-jobs.com (collectively, our “Website”), via the Lilium internal job board, and/or apply to a role that we have advertised, including via a business social network; (ii) individuals referred to us via a third party (such as a head-hunter or internal referral); and/or (iii) individuals we identify as a potential job seeker through external resources that are publicly available (e.g., a business social network).

Protecting the confidentiality, integrity and availability of Personal Data is a critical responsibility that Lilium takes seriously. We will ensure that Personal Data is processed in accordance with applicable data protection regulations.       

Unless otherwise expressly stated, terms in this Recruitment Privacy Notice have the same meaning as defined in our Website Privacy Notice.

I.Personal Data, Processing of Personal Data definitions and applicable legal provisions

 

Personal Data is any information relating to an identified or identifiable natural person, including e.g., name, email address or telephone number, work experience, and/or information about hobbies.

Special Categories of Personal Data mean Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data processing means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Applicable legal provisions. This Recruitment Privacy Notice applies globally. As data protection laws may differ, some sections of this Recruitment Privacy Notice may or not be applicable to you, depending on the country you are located and/or you are applying for. This Recruitment Privacy Notice is applicable, amongst local regulations (e.g., the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG")), according to the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regards to the processing of Personal Data, on the free movement of such data (“General Data Protection Regulation”, "GDPR"). To the extent that the processing of Personal Data is (also) subject to UK, Swiss, Chinese and/or U.S. data protection laws, the country-specific Addendums respectively set out in Annex 2 will (also) apply.

II. Who is the Data Controller/s of my Personal Data?

Lilium GmbH centrally manages the application process and the related processing of Personal Data at the Company.

Lilium GmbH,
Galileostrasse 335, 82131 Gauting, Germany, registered with the commercial register of the local court (Amtsgericht) Munich under HRB 216921, represented by its managing director.
email: privacy@lilium.com
phone number front desk: +49 1757539269

There are instances where Lilium GmbH may share your Personal Data with other (relevant) Lilium affiliates. This is especially the case if your application relates to a job position at one of these affiliates or for a team whose supervisor(s) or team members are located at one or several of the affiliates.

Lilium GmbH and its respectively relevant affiliates have: (i) jointly determined the purposes and means of processing in relation to such sharing of Personal Data including subsequent processing in these instances (excluding processing of Personal Data which is exclusively performed by one affiliate and where the purposes and means have not been jointly determined with other affiliates); and (ii) are jointly performing such processing.

The affiliates have agreed that the relevant obligations under the GDPR in relation to the joint processing will generally be performed by Lilium GmbH. Therefore, Lilium GmbH will inter alia provide you with this Recruitment Privacy Notice and primarily handle your requests to exercise your rights as set out under “Your Rights” below.

Relevant affiliates of Lilium GmbH are located in the Netherlands, Germany, Switzerland, the UK, Spain, France, People’s Republic of China, and the United States of America.

In relation to the affiliates located outside of the EU, the following applies:

Whenever your Personal Data is shared with Lilium’s affiliates in the United States, Switzerland, or the UK, we rely on the respective adequacy decisions of the European Commission regarding the United States (commercial organisations participating in the EU-US Data Privacy Framework), Switzerland and the UK, through which these territories are deemed to provide an adequate level of data protection. The decisions may be found respectively here, here and here.

Whenever your Personal Data is shared with Lilium’s affiliate in the United States (for commercial organisations not participating in the EU-US Data Privacy Framework) or in the People’s Republic of China, we rely on Standard Contractual Clauses issued by the European Commission, as published here, as appropriate safeguards to protect your Personal Data when it is processed outside of the European Union (“EU”).

Please kindly note that whenever this Recruitment Privacy Notice refers to the EU or its Member States, the respective reference shall also incorporate the European Economic Area (“EEA”) or its respective Member States.

Lilium may also share your Personal Data with other independent data controllers, i.e. companies that are independently responsible for data protection obligations in relation to the processing of your Personal Data (e.g. recruitment agencies). In this case, for privacy and data protection topics, Lilium will take reasonable steps to redirect your inquiry or request, and you should contact that independent data controller directly. Nevertheless, Lilium ensures that confidentiality and security measures are included in contract(s) between Lilium and independent data controller(s).

III. Data Protection Officer

Lilium GmbH and Lilium eAircraft GmbH have appointed a data protection officer. Our data protection officer can be reached via:

Data Protection Officer

Galileostrasse 335, 82131 Gauting, Germany email:privacy@lilium.com.

IV. What kind of Personal Data will Lilium process in connection with the recruitment process?

When you apply for a job at Lilium via our career page on the Website, we request your full name, email address, and resume to process your job application. Additionally, we ask you to shortly inform the reason why you would like to work at Lilium and to confirm that your resume has been submitted in English. You can provide other information, including, your phone number, additional documents, such as certificates, and business social network link.

Depending on the information you include in your job application other categories of Personal Data may be processed, including your career history, qualifications, country of residence, language skills and any other Personal Data (e.g., citizenship, education certificates). We may also ask for additional information to assist with our recruitment process and in the event that you are offered a job (e.g., passport, date of birth and work documents).

You may also share details of other people with us, e.g., if someone referred the job to you (someone you know at Lilium or otherwise). In that case, please confirm they agree for you to share their Personal Data with us, and for us to use it in accordance with this Recruitment Privacy Notice.

For certain job application (such as for security, clearance, transport and entering general security areas, specially to work in or at the airport) we may be required to request additional information, in accordance and to the extent permitted by applicable law or regulation.

After receiving a job offer from Lilium and accepting it, you will be required to present a valid identification document (‘ID’), which must contain your full legal name, date of birth and nationality (for the EU this may be your national identity document; for non-EU countries, please upload your passport page/s that hold/s the required information, including work permit to work in the applicable jurisdiction). This information is necessary for the purposes of verifying your data, preparing your employment contract with the correct information, checking whether you need support with securing a work permit, and for Lilium to comply with its legal obligations (e.g. insurance and pension contributions). Your ID upload will be deleted automatically after 4 weeks, unless your ID must be kept in accordance with applicable law (e.g. if you are being hired by the US Lilium entity).

Please note that in the event that your application is rejected for the position you applied to, we may, based on Art. 6 (1) lit. f GDPR (our legitimate interest), process your Personal Data only for the purpose of contacting you to ask whether you are interested in participating in the recruitment process for another open job position that may be a good match with your profile. Only if you consent to the processing of your Personal Data for that other position will we process your Personal Data in accordance with this Privacy Notice. If you do not respond or do not consent to such processing, your Personal Data will not be processed for the recruitment process of the other position and will be deleted in accordance with this Recruitment Privacy Notice.

Special Categories of Personal Data (as defined above) are not required to be submitted as part of your application, and we strongly recommend that you do not submit them in your application. If any Special Categories of Personal Data are submitted with your application as part of your CV, they will not be processed for recruiting purposes. Additionally, we will try to redact any Special Categories of Personal Data that are identified in your application. Please note that, after the application phase, for the purpose of concluding an employment contract, some Special Categories of Personal Data may be required, such as information about religion for tax purposes, in accordance with applicable law.

V. For which purposes do we use your Personal Data, and which is the legal basis?

We process your Personal Data:

 

  • to contact you, communicate with you, update you, and to assist with your job application; to make decisions related to the recruitment process; to offer an online-application system that is connected to our Website; to respond to your questions or concerns; and/or to verify your identity and get agreements signed with you. The legal basis for processing your Personal Data as described above is to fulfill our contractual or pre-contractual obligations (based on Art. 6 (1) 1 b. GDPR) or – as applicable – for the purpose of the commencement or performance of the employment relationship with you (Section 26 (1) 1 BDSG).
  • if you are someone other than the job applicant, for example, individuals mentioned in the job application or someone who refers a job applicant to us – to and for our legitimate interest to perform the job application process (based on Art. 6 (1) 1 f. GDPR).
  • for the establishment, exercise, or defense of legal claims (based on Art. 6 (1) 1 f. GDPR and, in case of Special Categories of Personal Data, based on Art. 9 (2) f. GDPR).
  • to comply with our legal obligations (based on Art. 6 (1) 1 c. GDPR), such as, but not limited to, applicable export control and economic sanctions regulations, by checking whether you are listed on any applicable government promulgated economic sanctions and/or trade restriction lists.
  • for employment-related purposes and in relation to Special Categories of Personal Data – if it is necessary to exercise rights or comply with legal obligations based on labor law, social security, and social protection law and if there is no reason to assume that you do not have an overriding legitimate interest for the data not to be processed (based on Section 26 (3) 1 BDSG).
  • to comply with our legal obligations (based on Art. 6 (1) 1 c. GDPR and Art. 6 (1) 1 f. GDPR and our legitimate interest to achieve compliance with legal obligations) where the basis for the processing is not laid down by EU or Member State law that may especially apply to non-EU laws to which our affiliates are subject to (for example, if we are required to provide Personal Data of a U.S. job applicant to a U.S. governmental entity).
  • with your explicit consent (based on Art. 6 (1) 1 a. GDPR, Art. 9 (2) a. GDPR or Section 26 (2) and (3) 2 BDSG, as applicable), for example, to store your information to keep you informed about other opportunities if you wish us to do so (such as Lilium’s Talent Pool via our career portal, i.e., your Personal Data is kept so you can be considered for future suitable opportunities at Lilium). You may withdraw such consent with effect for the future at any time via email to privacy@lilium.com.
  • to understand the usage of our services on our Website and social media as described in the Website Privacy Notice, Cookie Notice and Social Media Privacy Notice. The Personal Data we collect for this purpose, including your feedback on the recruitment process and to improve the quality of our service is based on our legitimate interest according to Art. 6 (1) 1 f. GDPR – (if and to the extent such data is considered Personal Data).

VI. Am I required to provide my Personal Data?

In general, you are not legally or contractually required to provide your Personal Data to us as an applicant. However, if you do not provide your Personal Data, we will not be able to consider your application and you will likely face certain disadvantages in securing a job at Lilium.

VII. Third Parties processing your Personal Data

We use third-party providers and hosting partners to provide the necessary administration, accounting, software, storage, outsourced IT services and related technology required to run our recruiting processes. Please see the list of third-party providers we utilize to run our recruiting processes in Annex 1 and the reasons we may share your Personal Data with them.

We will never share your Personal Data with a third party without a legal basis (e.g., your prior consent). For further information you may contact us any time via email to privacy@lilium.com.

VII. Is my Personal Data processed outside the EU?

From time to time, Personal Data is transferred outside the EU in some cases due to the integration of cloud/hosting, mailing and career management services who work on our behalf and assist us in carrying out our business activities. Such providers that process data outside the EU are identified in Annex 1.

If your Personal Data is transferred to countries outside the EU for which the European Commission has not (yet) adopted a decision constituting an adequate level of data protection, in cooperation with the service provider, we rely on appropriate safeguards by concluding the Standard Contractual Clauses issued by the European Commission, as published here. For transfer of Personal Data for the U.S. we may rely in the EU-U.S. Data Privacy Framework, if applicable. For more information, please access adequacy decision for safe EU-US data flows (europa.eu) and https://www.dataprivacyframework.gov/s/.

You can find further information about the transfer of Personal Data to countries outside the EU in our Website Privacy Notice and Cookie Notice. If not publicly available, we grant you a copy of the respective appropriate safeguards or provide further information where they have been made available.

Your Personal Data will also be processed by us as well as the respective social media provider (such as Facebook, LinkedIn, Twitter, YouTube, TikTok, Instagram) in and outside the EU when you visit and use our social media pages. For more information on data processing on our social media pages please also refer to our Social Media Privacy Notice.

VIII. Information we collect from other sources

We may collect some Personal Data about you from public sources to verify the details that you provide to us. Such public sources may include Google, LinkedIn, Twitter, or other social media websites. The data collected from public sources is not used to create a personality profile.

In cases where you, as a job applicant, are referred to us via a third party (such as a head-hunter), the third-party may provide us with some of the Personal Data that is described above, such as the Personal Data included in your CV.

In cases where we identify you as a potential job seeker through external resources (e.g., a business social network), which could be publicly available, we obtain your Personal Data from such sources.

In cases where you refer a job applicant to us or you are mentioned in the job application of someone else (e.g., as referral), we may obtain your Personal Data from the job applicant or the third party (such as a head-hunter) who has shared a job application with us.

The job posting management tool from the service provider VONQ uses anonymized data to understand which recruitment channels (e.g., business social network) the candidacy is coming from. To anonymize the IP, the IP address information is collected and anonymized by a sub processor of VONQ’s Job Marketing Platform. Lilium does not collect or process any Personal Data for this purpose and only receives anonymized data for the purposes of analytics and reporting. Raw data (non-anonymised IP addresses) is deleted after one week by the Job Marketing Platform service provider. For more information, please refer to Annex 1 below.

IX. Your Rights

According to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether Personal Data concerning you is being processed by us. Where that is the case, you have a right to access your Personal Data and obtain further information.

According to Art. 16 GDPR, you may have the right to obtain the rectification of inaccurate Personal Data concerning you without undue delay.

According to Art. 17 GDPR, you may have the right to obtain erasure of Personal Data concerning you if:

  • it is no longer necessary in relation to the purpose for which it is collected;
  • you have withdrawn your consent on which the processing is based;
  • you have objected to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
  • your Personal Data has been unlawfully processed;
  • your Personal Data must be erased for compliance with a legal obligation to which Lilium is subject; and/or
  • your Personal Data has been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

We will refrain from deleting your Personal Data, where we have a legal right or are under a legal obligation not to do so.

 

Note: Even after you request your Personal Data to be deleted by Lilium, Lilium will retain your Personal Data as follows:

(i) for 4 (four) months from the latter of communication of candidacy rejection or last action in your recruitment process (e.g., candidacy withdraw), based on Article 17 para. 3 lit. e) GDPR (for the establishment, exercise, or defense of legal claims).  If applicable, Personal Data can be kept longer than 4 (four) months if actually required for the establishment, exercise, or defense of legal claims; and

(ii) for 3 (three) years, the Personal Data provided by you in your deletion request and included in our reply to your deletion request, based on Article 6 para. 1 subpara. 1 lit. c) GDPR (compliance with legal obligations), for the sole purpose of demonstrating compliance with data privacy regulations (e.g., Recital 59 GDPR).

After the aforementioned retention periods, the respective Personal Data will be deleted. If you request the erasure of your Personal Data, we will consider that you no longer want to be considered for Lilium’s Talent Pool via our career portal, and have withdrawn your consent for this purpose, unless you inform us otherwise.

If you would like to have your Personal Data deleted, but keep one or more active candidacy(s), or to keep your application as part of the Talent Pool, Lilium must keep your Personal Data, as part of your candidate profile. In case you request the deletion of your Personal Data, but you are participating in a still on-going job position recruitment process, we may reach out to you to confirm whether you also want the Personal Data for this on-going recruitment process to be deleted or not; or if your Personal Data should be kept for the conclusion of the on-going recruitment process. If you would like to proceed with the deletion of Personal Data, note that Lilium will no longer be able to consider your application for active positions and/or Talent Pool purposes.

According to Art. 18 GDPR, you may have the right to obtain the restriction of processing. Such right shall exist if:

  • you contested the accuracy of the Personal Data;
  • the processing is unlawful, and you oppose the erasure of the Personal Data and request the restriction of its use instead;
  • the Personal Data is no longer needed for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims; and/or
  • you have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether our grounds legitimately override yours.

According to Art. 19 GDPR, you have the right to obtain information about the recipients of data to whom the rectification, erasure, or restriction of processing has been communicated, upon your request.

According to Art. 20 GDPR, you have the right to obtain Personal Data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit the data to another Controller. Insofar as this is technically feasible, you can request that we transfer the data directly to another Data Controller.

ACCORDING TO ARTICLE 21 (1) GDPR, YOU HAVE THE RIGHT TO OBJECT, ON GROUNDS RELATING TO YOUR PARTICULAR SITUATION AT ANY TIME; TO PROCESSING OF PERSONAL DATA CONCERNING YOU, WHICH IS BASED ON YOUR LEGITIMATE INTERESTS, INCLUDING PROFILING (E.G., CREDIT RATING). WE SHALL NO LONGER PROCESS THE PERSONAL DATA UNLESS WE DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE THE INTERESTS, RIGHTS, AND FREEDOMS OF YOU, OR FOR THE ESTABLISHMENT, EXERCISE, OR DEFENSE OF LEGAL CLAIMS.

ACCORDING TO ARTICLE 21 (2) GDPR, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO PROCESSING OF PERSONAL DATA CONCERNING YOU FOR THE PURPOSES OF DIRECT MARKETING, WHICH INCLUDES PROFILING TO THE EXTENT THAT IT IS RELATED TO SUCH DIRECT MARKETING. IF YOU OBJECT TO THE PROCESSING FOR DIRECT MARKETING PURPOSES, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR SUCH PURPOSES.

You also have the right, without prejudice to any other administrative or judicial remedy and to complain to a supervisory authority in the EU Member State of your usual residence, place of work or place of the alleged infringement. An overview of the supervisory authorities in Germany and the EU may be found here or here.

To exercise your rights under this paragraph, you can contact us by sending an email to privacy@lilium.com.

X. How long do we keep your information?

We only keep your Personal Data for as long as we need to, to be able to use it for the reasons given in this Recruitment Privacy Notice, and for as long as we are required to keep it by law (for example due to legal retention periods, such as set forth in the German Commercial Code (Handelsgesetzbuch, HGB) or German Fiscal Code (Abgabenordnung, AO). We have defined specific retention times for the Personal Data processed that we can share upon request. Unless otherwise required by law, based on your consent and/or if you do not obtain an employment with us, Lilium deletes the application data it stores after 4 months following the end of the application process.

Consent for Storing your Data

With your explicit consent, we will keep your information on our career portal for up to 548 days from your consent in case any other job opportunities become available that you might be interested in, or we may consider to be a good fit considering your job profile (Lilium’s Talent Pool). Assuming you do not obtain employment with us, we will automatically delete your account on our Career Portal and the Personal Data associated with it after 548 days of inactivity on your account. You may withdraw such consent with effect for the future at any time via email to privacy@lilium.com.

XI. How to reach out?

If you have any questions, comments, or concerns about any aspect of this Recruitment Privacy Notice or how Lilium handles your Personal Data please email our team by sending an email to privacy@lilium.com.

Annex 1: Third Parties Processing Personal Data

 

3rd party provider

Service category

Potential processing outside EEA

Additional information

Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA

Receiving and Managing Job Applications via our Website

Yes

In the “Careers” section of our Website interested individuals are forwarded to the Greenhouse Software website www.greenhouse.io and may apply for job openings and submit and upload related Personal Data, such as name, email address, LinkedIn-profile, information on why you would like to join, your CV and other documents.

Such data may be processed on servers outside the EU and provided to us or the Greenhouse Software after you clicked the respective ‘submit application’ button on the Greenhouse website www.greenhouse.io

 

For more information: Privacy policy | Greenhouse

 

“MS Teams” by Microsoft, 1 Microsoft Way, Redmond, WA 98052, USA

Video Interviews

Yes

Any Personal Data you share in a video or related chat will be processed by the engaged third-party platform (MS Teams) for using their service and will be shared with Lilium for the purpose of and as part of the recruitment process. If you do not want to share your data via video call with us, please let us know and we will arrange a meeting in person or a phone call instead.

 

For more information: Microsoft Privacy Statement – Microsoft privacy

“Calendly LLC”, 88 N Avondale Rd #603, Avondale Estates, GA 30002,

Scheduling of Interviews

Yes

For more information: Calendly Privacy Notice

TravelPerk S.L”, Avinguda Catedral 6-8 1ª Planta, 08002 Barcelona, Spain

Management of travel (if required for interview process)

No

For more information: The TravelPerk Privacy Policy - TravelPerk

“Workday Inc.” 6110 Stoneridge Mall Rd · 94588 Pleasanton, CA, USA

HR Platform

Yes

For more information: Privacy Statement | Workday

Amazon Web Services, Inc., 410 Terry Avenue North Seattle, WA 98109, USA (“AWS”)

Hosting your Personal Data provided on the Website

Yes

For more information: AWS Privacy (amazon.com)

“DocuSign” by DocuSign Inc., 221 Main St., Suite 1000, San Francisco, CA 94105, USA

E-Signing Agreements

Yes

For more information: Privacy Notice | DocuSign

“Talentspring (Suhm Recruiting & HR Services GmbH)”, Salzachstr. 60B 14129 Berlin, Germany (Get Your Talent)

Support Recruitment Activities

No

For more information: Get Your Talent Privacy

“Pontoon Solutions GmbH”, Fritz-Vomfeld-Str. 26, 40547, Düsseldorf, Germany

Support Recruitment Activities

No

For more information: https://www.pontoonsolutions.com/en/privacy/

“VONQ B.V.“, Beursplein 37, (3011 AA) Rotterdam, Netherlands

Job Posting Management Tool (Job Marketing Platform)

Yes

For more information: VONQ Privacy Policy

Annex 2: Country-specific Addendums

UK Addendum

Background

The Lilium UK Addendum (the “UK Addendum”) supplements the Lilium Recruitment Privacy Notice and applies to any processing of Personal Data subject to UK Data Protection Laws. We adopt this notice to comply with UK Data Protection Laws.

Interpretation of this Addendum

Where this Addendum uses terms that are defined in the Recruitment Privacy Notice those terms shall have the same meaning as in the Recruitment Privacy Notice. In addition, the following terms have the following meanings:

This Addendum shall mean the UK Addendum.

UK Data Protection Laws shall mean all laws relating to data protection, the processing of Personal Data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.

UK GDPR shall mean the UK GDPR, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

UK ICO shall mean the UK Information Commissioner’s Office.

UK shall mean the United Kingdom.

UK Specific Provisions

In relation to any processing of Personal Data subject to UK Data Protection Laws, this Addendum amends the Recruitment Privacy Notice as follows:

  1. The reference to “Applicable legal provisions” shall refer to the “UK Data Protection Laws and such other laws as may be applicable from time to time”.
  2. References to the “GDPR” in the Recruitment Privacy Notice shall be replaced by references to the “UK GDPR”.
  3. References to the “European Union”, “EU”, "European Economic Area", “EEA”, “EU Member State” and "Member State/s" are all replaced with the “UK”.
  4. References to the "European Commission" shall be replaced with the "UK ICO".
  5. In relation to transfers of Personal Data to Lilium Aviation Inc., the relevant paragraph shall be amended as follows:

“Wherever your Personal Data is shared with Lilium Aviation Inc., we rely on the UK Extension to the EU-US Data Privacy Framework (here), for US organisations that have been certified and are publicly placed onto the Data Privacy Framework List; or (ii) EU Standard Contractual Clauses issued by the European Commission, as published here, as amended by a UK Addendum or (iii) UK Standard Contractual Clauses respectively issued by the UK ICO as appropriate safeguards to protect your Personal Data when processed outside of the UK or such other appropriate safeguards as may be required from time to time. If not publicly available, we grant you a copy of the respective appropriate safeguards or provide further information where they have been made available.

  1. In relation to the section "Is my Personal Data processed outside the EU?" of the Recruitment Privacy Notice, the following half sentence “Standard Contractual Clauses issued by the European Commission, as published here” shall be replaced with the words "(i) EU Standard Contractual Clauses issued by the European Commission, as published here, as amended by a UK Addendum or (ii) UK Standard Contractual Clauses respectively issued by the UK ICO".
  2. In relation to your right to lodge a complaint to a supervisory authority, the following wording shall be incorporated: “If you are in the UK, you may contact the UK ICO to lodge a complaint.”


Swiss Addendum

These country-specific amendments shall apply to job applications and other recruitment-related contacts and communications with our Swiss-based affiliate, Lilium Schweiz GmbH (our “Swiss Affiliate”), by job applicants and other third parties involved in a particular job application (e.g., referral, previous employer), regardless of their nationality.

In such cases, the above Recruitment Privacy Notice shall apply with the following additions:

  • References to the GDPR shall include references to the Swiss Federal Act on Data Protection (“Swiss DPA”), as amended from time to time;
  • References to transfers outside the EU shall include transfers outside of Switzerland;
  • References to the adequacy decisions of the European Commission shall include references to the equivalent adequacy assessment by the Swiss Federal Data Protection and Information Commissioner or the Swiss Federal Council, as applicable;
  • Job applicants' Personal Data may be processed in Europe and Switzerland as well as in any country in the world (please see the list of our third-party providers and their locations in Annex 1 above); and
  • Where a recipient of Personal Data is located in a country that does not provide an adequate level of data protection, the Swiss Affiliate will rely on appropriate safeguards, unless it can rely on an exception (e.g., legal proceedings abroad or consent of the job applicants).


United States Addendum

The following information may apply to you if you are located in the United States.

Note this Recruitment Privacy Notice is not a contract and does not create any legal rights or obligations. This Recruitment Privacy Notice also is not intended to replace other notices or disclosures we may provide to you in connection with your application for a job or eventual role in our organization, which will supersede any conflicting disclosures contained in this Recruitment Privacy Notice.

Definition of Personal Information. Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you within the context of you acting as a job applicant. It does not include aggregated or deidentified information that is maintained in a form that is not capable of being associated with or reasonably linked to you.

Applicable legal provisions. In relation to the processing of Personal Information set out in this Recruitment Privacy Notice, the applicable regulation includes all applicable laws, rules, regulations, and governmental requirements currently in effect, or as they become effective, relating in any way to the privacy, confidentiality, or security of Personal Data, including but not limited to the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq., and the California Privacy Rights Act of 2020, including any amendments and implementing regulations thereto that are effective on or become effective after the effective date of this Recruitment Privacy Notice, (respectively the “CCPA” and the “CPRA”), the Virginia Consumer Data Protection Act, Va. Code Ann. §§ 59.1-571 et seq., (the “VCDPA”), and the Colorado Privacy Act, Colo. Rev. Stat. §§ 6-1-1301 et seq. (the “CPA”),  in each case as amended, replaced or superseded from time to time.

Collection of Personal Information. In addition to the information outlined in the What kind of Personal Data will Lilium process in connection with the recruitment process? section of this Recruitment Privacy Notice, we also collect the following information:

  • Background Check Information: when permitted by applicable law, we may choose to conduct a background check in connection with your application such as to verify professional and educational history and qualifications or identify criminal history that may be relevant for a position with us. The results of the background check may include personal information we do not already have about you.
  • Equal Opportunity Information: with your consent, we may also process information such as age, race, ethnicity, national origin, citizenship, sex, gender identity, sexual orientation, religion, disability, or accommodation request, or marital or veteran status when you choose to provide it, but it will not be used in the hiring decision (unless specifically permitted by law). This data will be whenever permissible by applicable law processed on an aggregate basis.

Note that video backgrounds may inadvertently provide sensitive Personal Information such as your political affiliation, medical condition, religious belief, gender identity and sexual identification, biometric information, and genetic information to the extent there are posters, art, photos, or other background material. As such, please be mindful of your surroundings when selecting your interview location.

Although we often collect the Personal Information described above directly from you, we may also collect certain information from references, recruiters, job-related social media sites (such as LinkedIn), and publicly available sources. In addition, we may also collect this information through service providers and other third parties that collect it on our behalf, such as communications providers, scheduling providers and application providers. Publicly available information alone will not be considered to determine the hiring decision.

Chinese Addendum

These country-specific amendments shall apply to our Chinese-based affiliate, Lilium (Shenzhen) Aviation Limited (our “Chinese Affiliate”) in relation to the processing of any Personal Data in and of individuals located in the People’s Republic of China for the purposes of your job applications and other recruitment-related contacts and communications with you, including processing of any Personal Data of other third parties involved in a particular job application (e.g., referral, previous employer).

In such case, the above Recruitment Privacy Notice shall apply with the following additions:

In the event of any conflict or inconsistency between the Recruitment Privacy Notice and this Chinese Addendum, the provisions of this Chinese Addendum shall prevail, and the relevant provisions of the Recruitment Privacy Notice will be deemed to be amended to conform with, and to make the relevant provision of Recruitment Privacy Notice consistent with, the relevant provision of the Chinese Addendum.

  • Applicable legal provisions include provisions of the Personal Information Protection Law 2021 of the People’s Republic of China (“PIPL”), the Cybersecurity Law 2016 of the People’s Republic of China, the Data Security Law 2021 the People’s Republic of China, Provisions on Facilitating and Regulating Cross-border Data Flow 2024 and other relevant regulations, as amended from time to time;
  • Special Categories of Personal Data include any sensitive personal data which is defined in the PIPL as “personal information that, once leaked or illegally used, will easily lead to infringement of the human dignity or harm to the personal or property safety of a natural person, including biometric recognition, religious belief, specific identity, medical and health, financial account, personal location tracking and other information of a natural person, as well as any personal information of a minor under the age of 14”;
  • We will process your Personal Data based on (i) your explicit consent in accordance with the PIPL and other applicable legal provisions; (ii) it is necessary for (a) entry into or performance of a contract to which you are a party, or (b) human resources management in accordance with lawfully established employment policy or a lawfully executed collective employment contract.
  • Job applicants' Personal Data may be further processed in Europe by Lilium GmbH and Lilium eAircraft GmbH as joint controller of the data (as specified in the Privacy Notice), as well as our designated service providers as set out in Annex 1 above, to the extent permitted under the applicable legal provisions;
  • If any Personal Data is required to be transferred by the Chinese Affiliate outside of the People’s Republic of China, for the purposes of human resources management in accordance with lawfully established employment rules and regulations or a lawfully executed collective contract, we will provide you with necessary details in relation to the data transfer, obtain your separate consent in advance and comply with the applicable legal provisions.
  • The Chinese Affiliate shall (a) procure the overseas recipient to have adequate security measures in place to protect the Personal Data transferred; and (b) conduct a personal information protection impact assessment to consider any risks involved in transferring the Personal Data, if applicable, in accordance with the applicable legal provisions.
  • Notwithstanding Section X (How long do we keep your information?), we will retain your Personal Data for such period limited to the extent necessary for the purposes set out in Section V (For which purposes do we use your Personal Data, and which is the legal basis?) of this Recruitment Privacy Notice (“Purpose”). Your Personal Data will be deleted from our Career Portal or any other forms of electronic media if the relevant Purpose is no longer applicable, unless your separate consent is given for another Purpose in accordance with Section X (How long do we keep your information?).
  • Without prejudice to any rights that you may have under Section IX (Your Rights), you also have all rights under the PIPL and other applicable legal provisions, including the following:
  • Right to be informed and right to decide in relation to processing of your Personal Data, as well as the right to restrict any other person from processing your Personal Data or reject any request for processing of your Personal Data, unless otherwise provided by law or administrative regulations (Article 44 of the PIPL);
  • Right to access or make copies of your Personal Data, except the circumstances stated in Articles 18 or 35 of PIPL (Article 45 of the PIPL);
  • Right to request to correct or complete their personal information (Article 46 of the PIPL);
  • Right to withdraw your consent for processing of your Personal Data and request to delete your Personal Data (Article 47 of the PIPL); and
  • Right to request explanation of rules for processing of Personal Data (Article 48 of the PIPL).
  • You may exercise your rights by sending us an email as set out in Section XI (How to reach out?)

 

Last Modified: October 2024