Data Protection Policy

(Greenhouse Software Inc. Services)

Definiens AG collects, processes and uses personal data of its job candidates for the purpose of the job application procedure, if this is necessary for deciding about the establishment of an employment or, after such establishment of an employment, for its implementation or termination. Such data include your surname, birth name, first name(s) and titles, your curriculum vitae (as we received it from you), the personal information provided by you, references and testimonials provided by you, certificates, testimonies and reports provided by you and evaluations of your performance.

Subject to the job candidate’s explicit consent, Definiens AG will transfer the job candidate’s personal data, which Definiens AG has collected in accordance with the paragraph above, to the company Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA for the purpose that such data will be stored in a recruiting process system as made available by Greenhouse Software, Inc. to Definiens AG on a server of Greenhouse Software, Inc. located in Northern Virginia and be processed and used by Definiens AG through access to such server for the purpose of the recruitment process. Such storage, processing and use of data shall only take place if necessary for the recruitment process, and the data shall be stored, processed and used for no longer than 6 months as of Definiens’ receipt of such data.

Definiens AG points out that Greenhouse Software, Inc. does not ensure an adequate level of data protection within the meaning of EU data protection laws. In particular, Greenhouse Software, Inc. is neither bound by EU approved standard contractual clauses for the transfer of personal data to processors in non-EU countries or Binding Corporate Rules, nor listed on the Safe Harbor list. Moreover, please note that US authorities such as the Federal Bureau of Investigation (FBI), the National Security Agency (NSA) or the Central Intelligence Agency (CIA) are entitled, on the basis of US laws, to access personal data. Such legal basis may include the Patriot Act, the Foreign Intelligence Surveillance Act, the Electronic Privacy Act, the Stored Communications Act, the jurisdiction of US courts on „Bank of Nova Scotia Subpoena“ and Compelled Consent Order. In the view and based on current knowledge of the conference of the German federal and state data protection officers, it is particularly the NSA, which accesses, without reason and in violation of the data protection laws principles of necessity, proportionality and appropriation, personal data, which are transferred by companies based in Germany to parties in the USA.

Upon the job candidate’s request Definiens AG will inform the job applicant at any time about the processing and use of his / her personal data in accordance with Section 34 of the German Federal Data Protection Act (§ 34 BDSG). The job candidate’s consent shall be without prejudice to the rights of the job candidate in accordance with the BDSG, particularly his / her rights to correction, deletion and blocking of personal data.

The job candidate is not under the obligation to declare the following consent, and may at any time revoke such consent. Non-declaration of the consent or a revocation has no impact on the establishment and existence of the job applicant’s employment. However, a lacking consent or a consent being revoked shall be without prejudice to the rights of Definiens AG regarding the collection, processing and use of personal data in accordance with the German Federal Data Protection Act (BDSG) or any other legal provision within the meaning of § 4 Section 1 BDSG.