Data protection information in the application process

(1) We process applicant data only for the purpose and within the scope of the application process in accordance with the legal requirements. The data is processed to fulfil our (pre-) contractual obligations within the scope of the application process in accordance with Art. 6 Para. 1 lit. b. GDPR Art. 6 Para. 1 lit. f. GDPR if the data processing becomes necessary for us, e.g. in the context of legal proceedings (in Germany, Section 26 BDSG also applies).

(2) The application process requires that applicants provide us with their applicant data. Necessary personal information from applicants, postal and contact addresses and the documents belonging to the application, such as cover letters, CVs and certificates. Applicants can also voluntarily provide us with additional information.

(3) By submitting the application to Inwerken AG, applicants agree to the processing of their data for the purposes of the application process in accordance with the type and scope set out in this data protection declaration.

(4) If special categories of personal data in accordance with 9 (1) GDPR are voluntarily communicated as part of the application process, they will also be processed in accordance with Art. 9 (2) lit. b GDPR (e.g. health data, such as severe disability status or ethnic origin). If special categories of personal data in accordance with Art. 9 (1) GDPR are requested from applicants as part of the application process, they will also be processed in line with Art. 9 (2) lit. a GDPR (e.g. health data if this is necessary for the exercise of the profession).

(5) Applicants can send us their applications by post or by email. However, please note that emails are generally not sent encrypted, and the applicants must ensure that they are encrypted themselves. We cannot therefore accept any responsibility for the transmission path of the application between the sender and the receipt on our server. If applicants have concerns about the security of sending application documents by email, we recommend sending the application documents by post.

(6) The data provided by applicants may be further processed by us for the purposes of the employment relationship in the event of a successful application. Otherwise, if the application for a job offer is unsuccessful, the applicants’ data will be deleted. The applicants’ data will also be deleted if an application is withdrawn, which the applicants are entitled to do at any time.

(7) Subject to a justified revocation by the applicants, deletion will take place after the end of the application process of six months so that we can answer any follow-up questions about the application and meet our proof obligations under the Equal Treatment Act.

In the event that you have agreed to further store your personal data, we will add your data to our applicant pool. The data will be deleted there after two years.

If you have been awarded a position as part of the application process, the data from the applicant data system will be transferred to our personnel information system and deleted 10 years after the end of the employment relationship.

Invoices for any reimbursement of travel expenses will be archived in accordance with tax law requirements.

Rights of those affected

You have the right,

  1. a) to request information about your personal data processed by us in accordance with Article 15 of the GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction, processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, as well as the existence of automated decision-making and, if applicable, meaningful information on its details;
  2. b) to request the immediate rectification of incorrect or the completion of your personal data stored by us in accordance with Article 16 of the GDPR;
  3. c) to request the deletion of personal data stored by us in accordance with Article 17 of the GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation for reasons of public interest or to assert, exercise or defend legal claims.
  4. d) to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR if you dispute the accuracy of the data, the processing is unlawful but you refuse to delete it and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have objected to the processing in accordance with Art. 21 GDPR;
  5. e) to receive your personal data that you have provided to us in a structured, common and machine-readable format in accordance with Art. 20 GDPR or to request that it be transmitted to another responsible party;
  6. f) to revoke your consent to us at any time in accordance with Art. 7 Para. 3 GDPR. This means that we may no longer continue the data processing based on this consent in the future and
  7. g) to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can contact the supervisory authority at your usual place of residence or work or at the headquarters of our company.

The responsible supervisory authority for data protection at INWERKEN AG is:

Lower Saxony supervisory authority

The State Commissioner for Data Protection Lower Saxony

Address: PO Box 221, 30002 Hanover

Brühlstraße 9, 30169 Hanover

Telephone: + 49 511 120 – 4500

Fax: + 49 511 120 – 4599



To assert the aforementioned rights and for questions regarding data protection, you can contact the person responsible in accordance with section 1 above or write an e-mail to dsb(at)

Right of objection

If your personal data is processed on the basis of legitimate interests in accordance with Art. 6 Paragraph 1 Clause 1 Letter f) of GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, provided there are reasons for doing so that arise from your particular situation or the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without specifying a particular situation. If you would like to exercise your right of revocation or objection, simply send an email to dsb(at)

Data security

  1. a) We use the common SSL (Secure Sockets Layer) process in conjunction with the highest level of encryption supported by your browser when visiting the website. This is usually 256-bit encryption. If your browser does not support 256-bit encryption, we use 128-bit v3 technology instead. You can tell whether a single page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the lower status bar of your browser.
  2. b) We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

Changes to this Data Protection Declaration

Due to current circumstances, such as a change in the relevant data protection regulations, we will update this data protection declaration if deemed necessary.

Status: 01.06.2019