Data Protection Information for Applicants
Hello and thank you for your interest in a career with us! Protecting your personal data is important to us – after all, it is about your privacy. That is why we would like to explain to you here, transparently and comprehensibly, what data we collect during the application process, why we do it and how we handle it.
In short, we only process your data in order to check your application and to carry out the selection process – fairly, securely and in accordance with the applicable data protection laws.
You can find all the details on the following pages. If you have any questions or if anything is unclear, please feel free to contact us at any time!
Notes
This data protection declaration is addressed to all applicants who apply to us, whether it be on their own initiative or for a specific position. You can find the data protection declaration for our websites and social media profiles here: https://www.hurra.com/en/data-protection/
Who is responsible for your data?
We – that is, hurra.com – are responsible for the processing of your data. This means that we decide which of your data we need, how we use them and how we store them securely. Of course, we comply with the applicable data protection laws.
Our headquarters address in Germany is:
Hurra Communications GmbH
Lautenschlagerstraße 23a
70173 Stuttgart
Germany
CEO: René Schweier
E-Mail: info@hurra.com
Your point of contact for data protection issues – our data protection officer
We take data protection seriously – that’s why we have an internal Data Protection Officer. If you have any questions about this or wish to exercise your data protection rights, you can contact us at any time.
Michael Bätge
Data Protection Officer
E-Mail: privacy@hurra.com
Legal Basis for Processing Your Data
In order to process your data, we rely on legal bases established under applicable data protection laws. The primary regulations governing our data processing activities include the General Data Protection Regulation (GDPR) and, where applicable, national data protection laws such as the Federal Data Protection Act (BDSG) in Germany.
Key Legal Bases for Processing:
- Consent (Article 6(1)(a) GDPR) – If you have explicitly permitted us to process certain data, such as for inclusion in our talent pool.
- Contractual Necessity (Article 6(1)(b) GDPR) – To assess your application and communicate with you during the recruitment process.
- Legal Obligations (Article 6(1)(c) GDPR) – When we are required by law to retain specific data.
- Legitimate Interests (Article 6(1)(f) GDPR) – If we use your data to ensure an efficient recruitment process or for legal protection.
Additionally, national data protection laws such as the BDSG provide further guidance on specific rights, including access to data, erasure, and automated decision-making.
Purpose of Processing Your Data
We use your data exclusively for the recruitment process, which includes:
- Reviewing your application and contacting you
- Conducting the selection process
- Fulfilling legal requirements (e.g., retention obligations)
- Using applicant management software for efficient processing
Types of Data We Process
Depending on the application process and the nature of the position, we may collect the following personal data:
- Personal Information: Name, residential address, date of birth
- Contact Information: Phone number, email address
- Application Documents: Cover letter, CV, certificates, qualifications
- Content Data: Information in emails or messages you send us
- Video Data: If you submit a video application
If you voluntarily provide additional information, we will process it only with your consent.
Processing of Special Categories of Personal Data
If you share sensitive data with us (e.g., health data or disability status), we process it in accordance with Article 9 GDPR, for example:
- Article 9(2)(b) GDPR – If processing is necessary to fulfil employment or social security obligations.
- Article 9(2)(c) GDPR – If processing is required to protect vital interests.
- Article 9(2)(h) GDPR – If processing is related to health or occupational medicine.
If you voluntarily provide such data, we process it only with your explicit consent (Article 9(2)(a) GDPR).
Sharing of Your Data
We share your data only when necessary, for example:
- With external service providers offering IT or applicant management services
- Within our corporate group if the application process involves another entity
- With authorities where required by law
We have data processing agreements in place with service providers to ensure the security of your data.
International Data Transfers
If a transfer of data outside the EU/EEA is required, it will only occur under:
- An adequacy decision by the European Commission
- Standard Contractual Clauses (SCCs) or other appropriate safeguards
- Your explicit consent
Data Retention Periods
- Successful application → Your data will be included in your employee file.
- Unsuccessful application → Your data will be deleted after six months, unless you opt to be included in our talent pool.
- Talent pool inclusion → If you consent, we retain your data for potential future job opportunities.
- Withdrawal of application → Your data will be deleted immediately.
Application Methods
You can apply through different channels:
- JOIN platform – We use JOIN for job postings and applications.
- LinkedIn platform – You can apply directly via our job listings on LinkedIn.
- Email – You can email your application to jobs@hurra.com. Please note that emails may not always be encrypted. If you wish to send sensitive data securely, please contact us first.
Video Applications
If you submit a video application, it will be processed under the same privacy standards as written applications.
- Submission methods: Direct upload or links to platforms (e.g., YouTube, Vimeo)
- Data protection: Processed according to the same security measures as other application data
Data Processing on the JOIN Platform
As we advertise vacancies via JOIN, we want to clarify how your data is processed:
- JOIN Registration: You must create a personal account on JOIN, accepting their Terms & Privacy Policy. JOIN is responsible for data processing at this stage.
- Application Submission: When you apply via JOIN, your data is transferred to us, and we become responsible for processing it. JOIN acts as a data processor on our behalf.
- Independent Data Use by JOIN: JOIN may use your data for additional services, such as job suggestions, independently of us. This falls under JOIN’s own privacy policy.
For JOIN’s privacy policy, visit: JOIN Privacy Policy.
Further information about the JOIN Platform:
- Service provider: JOIN Solutions GmbH, Schönhauser Allee 36, 10435 Berlin, Germany
- Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), performance of a contract and prior requests (Art. 6 para. 1 lit. b) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR)
- Data Processing Agreement: https://join.com/de/dpa
- Website: https://join.com
- Privacy Policy: https://join.com/privacy-policy
- Data processing location: EU, Switzerland
- Basis for third country transfers: EU-US Data Privacy Framework (DPF), Swiss-U.S. Data Privacy Framework, Standard Contractual Clauses.
Data Processing on LinkedIn
We use LinkedIn Recruiter to identify suitable candidates. This means we may access publicly available information on your LinkedIn profile, such as:
- Name and current job title
- Qualifications and work experience
- Location (if provided)
- Other voluntarily published details
Why Are We Allowed to Process Your Data?
Processing is based on legitimate interest (Article 6(1)(f) GDPR), as we have a business interest in identifying and reaching out to qualified candidates.
Your LinkedIn Privacy Settings
If you do not want recruiters (including us) to view your profile, you can modify your privacy settings on LinkedIn: LinkedIn Privacy Settings.
Objection to Contact
If you do not wish to be contacted via LinkedIn, you can either send us a brief message or block us on LinkedIn. For further data processing concerns, feel free to contact us.
Further information about LinkedIn:
- Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland
- Legal basis: Consent (Art. 6 para. 1 lit. a) GDPR), legitimate interests (Art. 6 para. 1 lit. f) GDPR)
- Website: https://www.linkedin.com
- Data Processing Agreement: https://legal.linkedin.com/dpa
- Privacy Policy: https://www.linkedin.com/legal/privacy-policy
- Data processing location: USA
- Basis for third country transfers: EU-US Data Privacy Framework (DPF), Standard Contractual Clauses.
Your Rights as an Applicant
As a data subject, you have various rights under the General Data Protection Regulation (GDPR). These help you to retain control over your data. Here you can find out what rights you have and how you can exercise them.
If you would like to use one of these rights, please contact our Data Protection Officer at privacy@hurra.com.
Under the GDPR, you have the following rights:
- Right to Object (Article 21 GDPR) – Object to processing based on legitimate interest.
- Right to Withdraw Consent (Article 7(3) GDPR) – Withdraw your consent at any time.
- Right to Access (Article 15 GDPR) – Request a copy of your personal data.
- Right to Rectification (Article 16 GDPR) – Request corrections to inaccurate data.
- Right to Erasure (Article 17 GDPR) – Request deletion of your data in certain cases.
- Right to Restriction of Processing (Article 18 GDPR) – Limit how we process your data.
- Right to Data Portability (Article 20 GDPR) – Request your data in a portable format.
- Right to Lodge a Complaint (Article 77 GDPR) – File a complaint with the relevant data protection authority.
For complaints, you may contact:
Supervisory authority competent for us:
Baden-Württemberg Data Protection Authority
- Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Lautenschlagerstraße 20, 70173 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de/kontakt-aufnehmen/
Changes to This Privacy Policy
We may update this privacy policy to reflect changes in our data processing practices or legal requirements. We will inform you of any significant changes requiring action from you.
Last Update: 2025-02-25