Recruitment Privacy Policy

Lilium GmbH, together with all of its affiliates (referred to collectively herein as “Lilium”, the “Company”, “Our” or “We”) is committed to the protection of information relating to job applicants and their individual applications. Protecting the confidentiality and integrity of personal data is a critical responsibility that Lilium takes seriously. We will ensure that personal data is always processed in accordance with applicable data protection regulations.

This Recruitment Privacy Policy provides you with an overview on how we treat your personal data as a job applicant, including the information included in your individual application, or as someone who has referred a job applicant to us or as a third person who is mentioned in someone else’s job application. This Recruitment Privacy Policy applies to all job applicants including those that are (i) active job seeker who register via our Careers-section on lilium.com (our “Website”) or apply to a role that we have advertised; (ii) referred to us via a third party (such as a head-hunter); and/or individuals we identify as a potential job seeker through external resources (e.g., a business social network).

Unless otherwise expressly stated, terms in this Recruitment Privacy Policy have the same meaning as defined in Lilium’s Website Privacy Policy.              

Personal Data, Processing of Personal Data and Legal Basis

Personal data is any information relating to an identified or identifiable natural person. Personal data includes e.g., name, email address or telephone number information about hobbies, memberships or websites viewed. Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and also means genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or data concerning a natural person’s sex life or sexual orientation.

Data processing means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Applicable legal provisions. In relation to the processing of personal data set out in this Recruitment Privacy Policy, the applicable regulation is, amongst local regulations (e.g., the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG")), the regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of individuals with regards to the processing of personal data, on the free movement of such data (“General Data Protection Regulation”, "GDPR").

To the extent that the processing of personal data is (also) subject to UK, Swiss, and/or U.S. data protection laws, the country-specific Addendums respectively set out in Annex 2 will (also) apply.

Data Controller/s

Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling, Germany
Email: info@lilium.com
Phone: +49 (0)151 25388676

Lilium GmbH centrally manages the application process and the related processing of personal data at the Company. There are instances where Lilium GmbH may share your personal data with other (relevant) Lilium affiliates. This is especially the case if your application relates to a job position (i) at one of these affiliates or (ii) for a team whose supervisor(s) or team members are located at one or several of the affiliates.

Lilium GmbH and its respectively relevant affiliates have:

  • jointly determined the purposes and means of processing in relation to such sharing of personal data including subsequent processing (excluding processing of personal data which is exclusively performed by one affiliate and where the purposes and means have not been jointly determined with other affiliates) in these instances; and
  • are jointly performing such processing.

The affiliates have agreed that the relevant obligations under the GDPR will in relation to the joint processing generally be performed by Lilium GmbH. As a result, Lilium GmbH will inter alia provide you with this Recruitment Privacy Policy and primarily handle your requests to exercise your rights as set out under "Your Rights" below.

Relevant affiliates of Lilium GmbH are incorporated in the Netherlands, Germany, Switzerland, the UK, and the United States of America.

In relation to the affiliates located outside of the EU, the following applies:

Whenever your personal data is shared with Lilium’s affiliates in Switzerland or the UK, we rely on the respective adequacy decisions of the European Commission regarding Switzerland and the UK, through which these territories are deemed to provide an adequate level of data protection. The decisions may be found here and here.

Whenever your personal data is shared with Lilium’s affiliate in the United States, we rely on Standard Contractual Clauses issued by the European Commission, as published here, as appropriate safeguards to protect your personal data when it is processed outside of the European Union (“EU”).

Please kindly note that whenever this Recruitment Privacy Policy refers to the European Union or the EU or its Member States, the respective reference shall also incorporate the European Economic Area ("EEA") or its respective Member States.

Data Protection Officer

Lilium GmbH and Lilium eAircraft GmbH have appointed a Data Protection Officer who may be reached via privacy@lilium.com.

What kind of personal data will Lilium process in connection with the recruitment process?

We may process your contact details including name, email, address and telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal data (e.g., passport, citizenship, education certificates, as well as user data regarding your account on our Website) you include in your job application, your business social network profile and in interactions with Lilium. We may also ask for additional information to assist with our recruitment process and in the event that you are offered a job (e.g., date of birth and work documents).

You may also share details of other people with us; for example, if somebody else referred the job to you (someone you know at Lilium or otherwise). In that case, please confirm they agree for you to share their personal data with us, and for us to use it in accordance with this Recruitment Privacy Policy.

How do we use your personal data?

We process your personal data:

  • to fulfill our contractual or pre-contractual obligations (based on Art. 6 (1) 1 b. GDPR) or – as applicable – for the purpose of the commencement or performance of the employment relationship with you (Section 26 (1) 1 BDSG). We use your data:
    • To contact you, communicate with you, update you, and to facilitate your application;
    • To make decisions related to the recruitment process;
    • To offer an online-application system that is connected to our Website;
    • To respond to your questions or concerns; and/or
    • To verify your identity and get agreements signed with you.
  • to process
    • user data regarding the usage of our services in relation to your account on our Website that we usually aggregate, pseudonymize or anonymize; and
    • the personal data we collect as described above including your feedback on the recruitment process to and based on our legitimate interest to improve the quality of our service (based on Art. 6 (1) 1 f. GDPR - if and to the extent such data are considered personal data).
  • for the establishment, exercise, or defense of legal claims (based on Art. 6 (1) 1 f. GDPR and, in case of special categories of personal data, based on Art. 9 (2) f. GDPR).
  • to comply with our legal obligations (based on Art. 6 (1) 1 c. GDPR) where the basis for the processing is laid down by EU or Member State law.
  • for employment-related purposes and in relation to special categories of personal data - if it is necessary to exercise rights or comply with legal obligations based on labor law, social security and social protection law and if there is no reason to assume that you do not have an overriding legitimate interest for the data not to be processed (based on Section 26 (3) 1 BDSG).
  • to comply with our legal obligations (based on Art. 6 (1) 1 f. GDPR and our legitimate interest to achieve compliance with legal obligations) where the basis for the processing is not laid down by EU or Member State law that may especially apply to non-EU laws to which our affiliates are subject to (for example, if we are required to provide personal data of a U.S. job applicant to a U.S. authority).
  • with your explicit consent (based on Art. 6 (1) 1 a. GDPR, Art. 9 (2) a. GDPR or Section 26 (2) and (3) 2 BDSG), for example, to store your information to keep you informed about other opportunities if you wish us to do so. You may withdraw such consent with effect for the future at any time via email to privacy@lilium.com.

If you send us a job application of yours that includes special categories of data, we will not be able to process your application without your consent to the processing of your special categories of data.

  • if you are someone other than the job applicant, for example, individuals mentioned in the job application or someone who refers a job applicant to us – to and for our legitimate interest to perform the job application process (based on Art. 6 (1) 1 f. GDPR).

Am I required to provide my personal data?

In general, you are not legally or contractually required to provide your personal data to us as an applicant. However, if you do not provide your personal data, we may not be able to consider your application, or you may face certain disadvantages. For example, Lilium would not be able to provide you with information and answers in our recruiting process.

Third Parties processing your personal data

We use third-party providers and hosting partners to provide the necessary administration, accounting, software, storage, outsourced IT services and related technology required to run our recruiting processes. Please see the list of third-party providers we utilize to run our recruiting processes in Annex 1 and the reasons we may share your personal data with them.

We will never share your personal data with a third party without a legal basis (e.g., your prior consent). For further information you may contact us any time via email to privacy@lilium.com.

Is my personal data processed outside the EU?

Personal data is transferred outside the EU due to the integration of cloud/hosting, mailing and career management services who work on our behalf and assist us in carrying out our business activities. Such providers that process data outside the EU are identified in Annex 1.

If your personal data is transferred to countries outside the EU for which the European Commission has not (yet) adopted a decision constituting an adequate level of data protection, in cooperation with the service provider, we rely on appropriate safeguards by concluding the Standard Contractual Clauses issued by the European Commission, as published here. Please find further information about the transfer of personal data to countries outside the EU in our Website Privacy Policy. If not publicly available, we grant you a copy of the respective appropriate safeguards or provide further information where they have been made available.

Your personal data will also be processed by us as well as the respective social media provider (such as Facebook, Linkedin, Twitter, YouTube, Instagram) in and outside the EU when you visit and use our social media pages. For more information on data processing on our social media pages please also refer to our Social Media Privacy Policy.

Information we collect from other sources

We may collect some personal data about you from public sources to verify the details that you provide to us. Such public sources may include Google, LinkedIn, Twitter, or other social media websites. The data collected from public sources is not used to create a personality profile.

In cases where you, as a job applicant, are referred to us via a third party (such as a head-hunter), the third-party may provide us with some of the kind of personal data that is described above, such as the personal data included in your CV.

In cases where we identify you as a potential job seeker through external resources (e.g., a business social network), which could be publicly available, we obtain your personal data from such sources.

In cases where a job applicant is referred to us by you or you are mentioned in the job application of someone else, we may obtain your personal data from the job applicant or the third party (such as a head-hunter) who has shared a job application with us.

Your Rights

According to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed by us. Where that is the case, you have a right to access the personal data and obtain further information.

According to Art. 16 GDPR, you may have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.

According to Art. 17 GDPR, you may have the right to obtain erasure of personal data concerning you if:

  • it is no longer necessary in relation to the purpose for which it is collected;
  • you have withdrawn your consent on which the processing is based;
  • you have objected to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
  • your personal data has been unlawfully processed;
  • your personal data must be erased for compliance with a legal obligation to which Lilium is subject; and/or
  • your personal data has been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.

We will refrain from deleting your personal data, where we have a legal right or are under a legal obligation not to do so.

According to Art. 18 GDPR, you may have the right to obtain the restriction of processing. Such right shall exist if:

  • you contested the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
  • the personal data is no longer needed for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims; and/or
  • you have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether our grounds legitimately override yours.

According to Art. 19 GDPR, you have the right to obtain information about the recipients of data to whom the rectification, erasure, or restriction of processing has been communicated, upon your request.

According to Art. 20 GDPR, you have the right to obtain personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit the data to another controller. Insofar as this is technically feasible, you can request that we transfer the data directly to another data controller.

You also have the right, without prejudice to any other administrative or judicial remedy and to complain to a supervisory authority in the EU Member State of your usual residence, place of work or place of the alleged infringement. An overview of the supervisory authorities in Germany and the EU may be found here or here.

To exercise your rights under this paragraph, you can contact us without any formality by post or e-mail at the points of contact listed above.

How long do we keep your information?

We only keep your personal data for as long as we need to, to be able to use it for the reasons given in this Recruitment Privacy Policy, and for as long as we are required to keep it by law (for example due to legal retention periods, such as set forth in the German Commercial Code (Handelsgesetzbuch, HGB) or German Fiscal Code (Abgabenordnung, AO). We have defined specific retention times for the personal data processed that we can share upon request. Unless otherwise required by law, based on your consent and/or if you do not obtain an employment with us, Lilium deletes the application data it stores after 6 months following the end of the application process.

Consent for Storing your Data

With your explicit consent (which we collect on our Career Portal), we will keep your information on our Career Portal in case any other job opportunities become available that you might be interested in. Assuming you do not obtain employment with us, we will automatically delete your account on our Career Portal and the personal data associated with it after 24 months of inactivity on your account. You may withdraw such consent with effect for the future at any time via email to privacy@lilium.com.

How to reach out?

If you have any questions, comments or concerns about any aspect of this Policy or how Lilium handles your personal data please email our team in the first instance on privacy@lilium.com.

Annex 1: Third Parties processing your personal data

3rd party provider Service category Processing outside EEA Additional information
“MS Teams” by Microsoft, 1 Microsoft Way, Redmond, WA 98052, USA Video Interviews Yes

Any personal data you share in a video or related chat will be processed by the engaged third-party platform (MS Teams, or Zoom) for using their service and will be shared with Lilium for the purpose of and as part of the recruitment process. If you do not want to share your data via video call with us, please let us know and we will arrange a meeting in person or a phone call instead.

“Zoom” by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA Video Interviews Yes Any personal data you share in a video or related chat will be processed by the engaged third-party platform (MS Teams, or Zoom) for using their service and will be shared with Lilium for the purpose of and as part of the recruitment process. If you do not want to share your data via video call with us, please let us know and we will arrange a meeting in person or a phone call instead.
“Workday Inc.” 6110 Stoneridge Mall Rd · 94588 Pleasanton, CA, USA HR Platform Yes  
“CultureAmp” by Culture Amp Limited (CRN 10067991) 1st Floor, 35 Luke St, London EC2A 4LH, UK Surveys Yes  
Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA Receiving and Managing Job Applications via our Website Yes

In the “Careers” section of our Website interested individuals are forwarded to the Greenhouse Software website www.greenhouse.io and may apply for job openings and submit and upload related personal data, such as name, email address, LinkedIn-profile, information on why you would like to join, your CV and other personal documents.

Such data may be processed on servers outside the EU and provided to us or the Greenhouse Software after you clicked the respective ‘submit application’ button on the Greenhouse website www.greenhouse.io

Amazon Web Services, Inc., 410 Terry Avenue North Seattle, WA 98109, USA (“AWS”) Hosting your Data provided through the Website or Service Yes  
“DocuSign” by DocuSign Inc., 221 Main St., Suite 1000, San Francisco, CA 94105, USA E-Signing Agreements Yes  

Annex 2: Country-specific Addendums

UK Addendum

Background

The Lilium UK Addendum (the “UK Addendum”) supplements the Lilium Recruitment Privacy Policy (“Privacy Policy”) and applies to any processing of personal data subject to UK Data Protection Laws. We adopt this notice to comply with UK Data Protection Laws.

 Interpretation of this Addendum

Where this Addendum uses terms that are defined in the Privacy Policy those terms shall have the same meaning as in the Privacy Policy. In addition, the following terms have the following meanings:

This Addendum shall mean the UK Addendum.

UK Data Protection Laws shall mean all laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.

UK GDPR shall mean the UK GDPR, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.

UK ICO shall mean the UK Information Commissioner’s Office.

UK shall mean the United Kingdom.

UK Specific Provisions

In relation to any processing of personal data subject to UK Data Protection Laws, this Addendum amends the Privacy Policy as follows:

  1. The reference to “Applicable legal provisions” shall refer to the “UK Data Protection Laws and such other laws as may be applicable from time to time”.
  2. References to the “GDPR” in the Privacy Policy shall be replaced by references to the “UK GDPR”.
  3. References to the “European Union”, “EU”, "European Economic Area", “EEA”, “EU Member State” and "Member State/s" are all replaced with the “UK”.
  4. References to the "European Commission" shall be replaced with the "UK ICO".
  5. In relation to transfers of personal data to Lilium Aviation Inc., the relevant paragraph shall be amended as follows:

“Wherever your personal data is shared with Lilium Aviation Inc., we rely on (i) EU Standard Contractual Clauses issued by the European Commission, as published here, as amended by a UK Addendum or (ii) UK Standard Contractual Clauses respectively issued by the UK ICO as appropriate safeguards to protect your personal data when processed outside of the UK or such other appropriate safeguards as may be required from time to time. If not publicly available, we grant you a copy of the respective appropriate safeguards or provide further information where they have been made available.

  1. In relation to the section "Is my personal data processed outside the EU?" of the Privacy Policy, the following half sentence “Standard Contractual Clauses issued by the European Commission, as published here” shall be replaced with the words "(i) EU Standard Contractual Clauses issued by the European Commission, as published here, as amended by a UK Addendum or (ii) UK Standard Contractual Clauses respectively issued by the UK ICO".
  2. In relation to your right to lodge a complaint to a supervisory authority, the following wording shall be incorporated: “If you are in the UK, you may contact the UK ICO to lodge a complaint.”

Swiss Addendum

These country-specific amendments shall apply to job applications and other recruitment-related contacts and communications with our Swiss-based affiliate, Lilium Schweiz GmbH (our “Swiss Affiliate”), by job applicants and other third parties involved in a particular job application (e.g., referral, previous employer), regardless of their nationality.

In such cases, the above Recruitment Privacy Policy shall apply with the following additions:

  • References to the GDPR shall include references to the Swiss Federal Act on Data Protection (“Swiss DPA”), as amended from time to time;
  • References to transfers outside the EU shall include transfers outside of Switzerland;
  • References to the adequacy decisions of the European Commission shall include references to the equivalent adequacy assessment by the Swiss Federal Data Protection and Information Commissioner or the Swiss Federal Council, as applicable;
  • Job applicants' personal data may be processed in Europe and Switzerland as well as in any country in the world (please see the list of our third-party providers and their locations in Annex 1 above); and
  • Where a recipient of personal data is located in a country that does not provide an adequate level of data protection, the Swiss Affiliate will rely on appropriate safeguards, unless it can rely on an exception (e.g., legal proceedings abroad or consent of the job applicants).

U.S. Addendum

The following information may apply to you if you are located in the United States.

Note this Recruitment Privacy Policy is not a contract and does not create any legal rights or obligations. This Recruitment Privacy Policy also is not intended to replace other notices or disclosures we may provide to you in connection with your application for a job or eventual role in our organization, which will supersede any conflicting disclosures contained in this Recruitment Privacy Policy.

Definition of Personal Information. Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you within the context of you acting as a job applicant. It does not include aggregated or deidentified information that is maintained in a form that is not capable of being associated with or reasonably linked to you.

Applicable legal provisions. In relation to the processing of personal information set out in this Recruitment Privacy Policy, the applicable regulation includes all applicable laws, rules, regulations, and governmental requirements currently in effect, or as they become effective, relating in any way to the privacy, confidentiality, or security of personal data, including but not limited to the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et seq., including any amendments and implementing regulations thereto that are effective on or become effective after the effective date of this Policy, (the “CCPA”), the Virginia Consumer Data Protection Act, Va. Code Ann. §§ 59.1-571 et seq., (the “VCDPA”), and the Colorado Privacy Act, Colo. Rev. Stat. §§ 6-1-1301 et seq. (the “CPA”),  in each case as amended, replaced or superseded from time to time.

Collection of personal information. In addition to the information outlined in the What kind of personal data will Lilium process in connection with the recruitment process? section of this Recruitment Privacy Policy, we also collect the following information:

  • Background Check Information: when permitted by applicable law, we may choose to conduct a background check in connection with your application such as to verify professional and educational history and qualifications or identify criminal history that may be relevant for a position with us. The results of the background check may include personal information we do not already have about you.
  • Equal Opportunity Information: with your consent, we may also process information such as age, race, ethnicity, national origin, citizenship, sex, gender identity, sexual orientation, religion, disability or accommodation request, or marital or veteran status when you choose to provide it, but it will not be used in the hiring decision (unless specifically permitted by law).
  • Video Interviews and Video Submissions: You may also be asked to participate in or provide submissions via video interviews in which you respond to specific questions relevant to your application. For clarity, the video recording and the responses to questions that you provide in such recordings will be treated as part of your application and used in accordance with this Recruitment Privacy Policy.

Note that video backgrounds may inadvertently provide sensitive personal data such as your political affiliation, medical condition, religious belief, gender identity and sexual identification, biometric information, and genetic information to the extent there are posters, art, photos, or other background material. As such, please be mindful of your surroundings when selecting your interview location.

Although we often collect the personal information described above directly from you, we may also collect certain information from references, recruiters, job-related social media sites (such as LinkedIn), and publicly available sources. In addition, we may also collect this information through service providers and other third parties that collect it on our behalf, such as communications providers, scheduling providers and application providers.