Controller and Data Protection Officer
Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling, registered with the commercial register of the local court (Amtsgericht) Munich under HRB 216921, represented by the managing director Daniel Wiegand.
We have appointed a data protection officer who may be reached via email@example.com.
- an active job seeker who registers via our Careers-section on our website, or applies to a role that we have advertised;
- a candidate that has been placed via a third party on a temporary, permanent or contract basis; and/or
- someone we identify as a potential job seeker through external resources and has agreed for the individual’s personal data to be stored and used for possible employment and recruiting purposes.
Personal data is any information relating to an identified or identifiable natural person. Personal data includes e.g. name, email address or telephone number.
Data processing is any activity that involves the use of personal data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organizing, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring personal data to third parties. We will transfer your Personal Data to a third party only within the scope of legal provisions, i.e. if we are obliged to transfer the data due to a government or court order, or if applicable legal provisions authorize the transfer.
Applicable legal provisions are, in particular, those of the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016, repealing the directive 95/46/EC, on the protection of individuals with regard to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, GDPR) as well as in the Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG) and the German Telemedia Act (Telemediengesetz, TMG).
What kind of data will you share with us?
Your Contact Details including name, email, address and telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal information you include in your interactions with Lilium. We may also ask for additional information to assist us with our recruitment process and in the event you are offered a job, an example would be date of birth and work documents.
We may carry out video interviews using a third party platform, namely the service “Zoom” by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA (https://zoom.us/privacy) and “Starleaf” by StarLeaf Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom (https://support.starleaf.com/legal-information/starleaf-privacy-notice/). Any personal information you share in a video will be processed by the engaged third-party platform (Zoom or Starleaf) for using their service and will be shared with Lilium for the purpose of and as part of the application process. If you do not want to share your data via video call with us, please let us know and we will arrange a meeting in person or a phone call instead.
Third Parties processing your Data
We use third-party providers and hosting partners to provide the necessary accounting, software, storage, outsourced IT services and related technology required to run our recruiting processes.
We will never share your personal data with a third party without a legal basis or your prior authorization. For further information you may contact us any time via email to firstname.lastname@example.org.
How is my Data processed when using the Lilium "Careers” section on lilium.com?
For the purpose of receiving and managing job applications via our website lilium.com, we use the services of Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA (“Greenhouse Software”). In the “Careers” section of our Website interested individuals are forwarded to the Greenhouse Software website greenhouse.io and may apply for job openings and submit and/or upload related personal information, such as name, email address, LinkedIn-profile, information on why you would like to join, CV and personal documents.
Is my data processed outside the EU?
Data is transferred outside the EU due to the integration of cloud/hosting, mailing and career management services who work on our behalf and assist us in carrying out our business activities.
Providers that process data outside the EU and references to applicable safeguards may be found here:
We use the service by Amazon Web Services, Inc., 410 Terry Avenue North Seattle WA 98109, USA (“AWS”) for the purpose of hosting your data provided through the Website or Service, whereas data might be processed in the USA. For further information please refer to https://aws.amazon.com/compliance/eu-data-protection/ and https://aws.amazon.com/compliance/germany-data-protection/
The US companies providing the services of AWS, Gmail and Google Calendar, Mailchimp, MonkeySurvey, Greenhouse Software and Zoom are certified under EU-US-Privacy-Shield and comply with data protection standards applicable in the EU. The “Privacy Shield” is an agreement between the European Union (EU) and the USA to ensure compliance with European data protection standards in the USA (see: https://www.privacyshield.gov/)
We also use the service “Starleaf” by by StarLeaf Limited, 6th Floor, One London Wall, London, EC2Y 5EB, United Kingdom for video calls and interviews. Further information and applicable safeguards for compliance with EU data protection standards by Starleaf may be found here: https://support.starleaf.com/legal-information/starleaf-privacy-notice/; https://318jud367y2743qanus941sz-wpengine.netdna-ssl.com/wp-content/uploads/guides/starleaf_dpa_v5.1.pdf
For the purpose of e-signing agreements we use the service “DocuSign” by DocuSign Inc., 221 Main St., Suite 1000, San Francisco, CA 94105, USA. More information about data processing by DocuSign and the applicable safeguards may be found here: https://www.docusign.com/company/privacy-policy; https://www.docusign.com/trust/privacy/gdpr
Information we collect from other sources and analysis of Data
We may collect some personal information about you from public sources to verify the details that you provide to us. You can also register for an account on our website as set forth above.
We also process aggregated, pseudonymized or anonymous user data regarding the usage of our services.
The data we collect as described above are used to improve the quality of our service. If such data are considered personal data, the legal basis for such data processing is Art. 6 (1) f. GDPR based on our legitimate interests of quality assurance.
How do we use your personal data?
We process your personal data for fulfilling our contractual or pre-contractual obligations (based on Art. 6 (1) b. GDPR) or – as applicable – for the purpose of the employment relationship with you (Section 26 BDSG), in particular, we use your data:
- To get in touch with you, communicate with you, update you and to facilitate your application,
- To offer an online-application system that is connected to our website,
- To respond to your questions or concerns,
- To carry out vetting of staff members (where required); this may involve our collection and use of sensitive personal information including information obtained from criminal background checks about offences or alleged offences and information relating to any proceedings for offences committed or allegedly committed,
- To verify your identity and get agreements signed with you, this may involve our collection and use of sensitive personal information such as your biometric data,
- When necessary and for the purposes of our legitimate interests to maintain adequate records, we may collect and handle information related to medical information, ethnic origin or criminal records,
- To assist in any disputes, claims or investigations relating to your application, or
- To comply with our legal, regulatory and professional obligations.
If you do not provide your personal data, you may face certain disadvantages, for example we will not be able to provide you with information and answers in our recruiting process.
You have the right to:
- withdraw your consent relating to the use of data any time with effect for the future when such data processing is based in your consent;
- object to the processing of your personal data, for example, if your personal data is processed on the basis of legitimate interests pursuant to Art. 6 (1) f. GDPR insofar as there are reasons for this arising from your particular situation;
- access the data stored by us and are also entitled to amend or rectify your data if such data are incorrect;
- to request the erasure of your data;
- receive information about the stored data (in a structured, current and machine-readable format) at any time and
- to request the correction or deletion of the data in case of incorrect data storage.
If you wish to act according to your rights, please contact email@example.com.
You have also the right to lodge a complaint with a supervisory authority at your choice (for example the postal address of the responsible data protection authority for Bavaria/Germany is as follows: Bayerisches Landesamt für Datenschutzaufsicht, Postfach 606, 91511 Ansbach/Germany). An overview of the European National Data Protection Authorities may be found here: http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
How long do we keep your information?
Consent for Storing your Data
With your explicit consent (as set forth in the form below), we will keep your information in case any other opportunities become available which you might be interested in; we will only keep your information for a limited period and your details will be deleted on a general basis after 24 months. You may withdraw such consent with effect for the future at any time via email to firstname.lastname@example.org.
We have put in place procedures to deal with any data security breach and will notify applicants and any applicable regulator of a suspected breach where legally required to do so. Details of these measures are available upon request.
If you have any questions, comments or concerns about any aspect of this policy or how Lilium handles your personal information please email our team in the first instance on email@example.com.
Declaration of Consent to the 24-Month
Storage of Applicant Data by Lilium GmbH
I agree to Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling storing my personal data that I have provided during the entire application process (for example in letters, CVs, certificates, applicant questionnaires, applicant interviews) beyond the end of the specific application process and for a period of 24 months. I agree that Lilium GmbH may use this information to contact me later and continue the application process if I am eligible for another job.
This consent is voluntary and has no effect on my chances in the current application procedure. I can refuse it without giving reasons and without fear of disadvantages. I can also withdraw my consent at any time, for example via email to firstname.lastname@example.org - in this case my data will be deleted immediately after completion of the application procedure.
Special categories of data: Lilium GmbH would like to evaluate all applicants only according to their qualifications and therefore asks to refrain from including such special categories of personal data in the application if possible. Supplementary declaration if my application contains special categories of data: My application to Lilium GmbH contains special categories of personal information (e.g. marital status information that may provide information about my sex life or sexual orientation; information about my health; a photograph that allows you to identify my ethnic origin and, if applicable, my sight and/or religion; similarly sensitive data as defined in Article 9 of the General Data Protection Regulation). My application may therefore only be processed in the present form with my consent. I agree that Lilium GmbH may process the specific categories of personal information contained in my letter of application and accompanying documents for the purpose of conducting the application process. This consent serves exclusively to be able to consider the application in its present form at all. The information will not be taken into account in the application process unless there is a legal obligation - especially for severely handicapped persons. My data will not be passed on to third parties. I am not obliged to give this consent and can instead submit an application adjusted for the special categories of personal data without this affecting my chances in the application process. I can refuse my consent without giving reasons and withdraw my consent at any time, for example via email to email@example.com. In the event of withdrawal, my data covered by the consent will be deleted immediately.
However, in the event of non-issuance or withdrawal of this consent, the application I have already submitted cannot be taken into account in the present form.