The entity responsible under the General Data Protection Regulation and other national data protection laws of the member states, as well as other data protection regulations, is:

benntec Systemtechnik GmbH
Karl-Ferdinand-Braun-Str. 7
28359 Bremen
Phone: +49 421 43849 0
info@benntec.de

For data protection concerns, feel free to contact us via:
 info@benntec.de

Otherwise, you can reach our Data Protection Officer at:

Rheinmetall AG
Corporate Data Protection Officer
Rheinmetall Platz 1
40476 Düsseldorf
datenschutzbeauftragter@benntec.de

As part of submitting your application documents, you are required to provide at least the following information: 

• First name
• Last name
• E-mail address
• Phone number
• Address
• Application cover letter
• Curriculum vitae
  

Throughout the application process, you may provide additional application-relevant details to supplement your application materials (such as by providing certificates, licenses, or additional information).

Special categories of personal data (information regarding racial and ethnic origin, political opinions, religious or philosophical beliefs, union membership, health or sexual orientation, genetic and biometric data) are not specifically requested or collected by benntec (with the exception of voluntary information on any severe disability). Accordingly, we ask you not to provide any information regarding the abovementioned topics as part of your application.

If special information is required due to the nature of the position/job, such as:

• Police clearance certificate
• SCHUFA report or other credit reports
• Aptitude tests (e.g. for top management)
• Medical suitability examination (suitable, not suitable, conditionally/restrictedly suitable)
• Security screening in accordance with the German Security Screening Act (SÜG)

we will inform you separately in the application or hiring process and collect this data.

Online assessments/Aptitude tests
For selected positions, we use online assessments conducted by external service providers (currently including ELIGO Psychologische Personalsoftware GmbH, Arndtstraße 34, 10965 Berlin). If you are shortlisted for such a position, you will be invited to participate in an online assessment via email. This usually requires prior transfer of some personal data (e.g., name, email address) to the service provider (e.g., ELIGO) to enable your participation. On the provider's platform, you will receive detailed information about the respective assessment and the associated processing of
your personal data. Participation in such online assessments generally requires your voluntary consent (Art. 6 para. 1 lit. a GDPR).

For applications for apprenticeships and dual study positions, an online aptitude test is usually required, and you will be informed about this separately during the application process.

Provision of data
The provision of personal data is neither legally nor contractually stipulated, nor are you otherwise obliged to provide the personal data. However, the provision of personal data is necessary for the execution of the application process. This means if you do not provide the necessary personal data when applying, we will not be able to conduct the application process.

In general, we receive the data directly from you during the application process.

If you proceed further in the application process, we will need to perform a comparison with official sanctions and terror lists (more information can be found in section 5). Additionally, for selected positions, we will verify your information and person. You will be informed separately about this during the application process. If necessary, we may verify your information by making inquiries with the employers you have listed, checking databases/credit agencies (e.g., Dun & Bradstreet, Thomson Reuters WorldCheck), or conducting searches on Google, XING, LinkedIn, and other
social media platforms. Further information on this is provided in section 10, Pre-Employment Screening (PES).

If you have participated in an external online assessment, aptitude test, or equivalent hiring test, we will receive the results/analyses of these assessments/tests from the respective service provider.

All personal data provided by you in the application portal or application process (including data from all documents you have attached) are processed by benntec exclusively for the execution of the application process and for the purposes stated in this data protection information.

benntec processes your personal data, in particular, in compliance with the General Data Protection Regulation (GDPR) and the Federal Data Protection Act (BDSG), as well as all other relevant laws.

Personal data from applicants may be processed for application process purposes when necessary for the decision on establishing an employment relationship with us. The legal foundations for this are § 26 para. 1 BDSG and Art. 6 para. 1 sentence 1 lit. b GDPR.

The necessity and scope of data collection are evaluated based on the position to be filled,
among other factors. If your intended position involves especially sensitive tasks or increased personal and/or financial responsibility, or is tied to certain physical and health conditions, more comprehensive data collections may be necessary. These special data collections or procedures (e.g., suitability examinations, police clearance certificates, Pre-Employment Screening) typically occur at the end of the application process or immediately prior to your hiring and are
accompanied by specific information.

In certain cases, we also process your data to protect a legitimate interest of ourselves or third parties, especially:

• For defense against legal claims (particularly pursuant to the General Equal Treatment Act, AGG). In this context, we have a legitimate interest in processing your data for evidence purposes.
• For selected positions, we are obliged by due diligence to verify applicants and their information. In these cases, Pre-Employment Screening is carried out (see section 10 for more details). Should this be necessary for your position, you will be informed separately in advance.
• Transfer of your data to other companies within the framework of employee leasing, insofar as this is necessary for the execution of the application process.
• Exclusion from the application process (possibly long-term also for future applications) to protect our employees and our company, for legitimate reasons. Such reasons can include, for example, inappropriate behavior towards our employees or circumstances that would justify immediate termination under § 626 BGB. The legal basis here is Art. 6 para. 1 sentence 1 lit. f GDPR.

We are also legally obliged to carry out certain data processing, particularly:

• Data comparison with official sanctions and anti-terror lists (e.g., according to EU regulations
  No. 2580/2001 and 881/2002): As a company, we are required by European and national regulations to perform certain data comparisons. Persons and organizations listed on sanctions and terror lists may not be provided with funds (provision ban). For this reason, we are obligated to perform a name check of our applicants against official sanctions and terror lists. The legal basis is Art. 6 para. 1 sentence 1 lit. c GDPR.

In certain cases, we also process your data based on a voluntarily given consent from you.
Here, your consent pursuant to Art. 6 para. 1 sentence 1 lit. a GDPR and possibly § 26 para. 2 BDSG serves as the legal basis for the respective data processing.

Data processing based on your consent is carried out particularly for:

• Voluntary inclusion in the applicant pool ("talent pool"), i.e., we store your application documents beyond the current application process to consider you for further or later positions (see section 9 for more details).

Should you have disclosed special categories of personal data to us contrary to our request, the collection and storage are based on Art. 9 para. 2 lit. e GDPR. Further processing by us does not occur.

Your application documents and personal data are accessible to the responsible recruiters and
HR personnel within benntec and, as necessary, will be made available to selected executives or decision-makers. This may include executives from other group companies within the context of specialized management. Specialized management means that certain topics are managed across the group under a unified leadership. Hence, it is possible that you may be employed through employee leasing to another company depending on the advertised position. For conducting the application process, your application documents and personal data will be shared with executives
of the leasing company.

As necessary, your application documents will also be provided to the relevant works council and,
if applicable, the representative for severely disabled employees.

The electronic applicant management system is operated as "Software as a Service" by an
IT service provider, meaning they may potentially gain access to the system and, consequently,
your data during maintenance and servicing activities. Corresponding data protection and confidentiality agreements have been concluded with the service provider.

If you participate in an external online assessment, aptitude test, or similar hiring test, the service providers employed for this purpose (currently ELIGO Psychologische Personalsoftware GmbH, Arndtstraße 34, 10965 Berlin) will receive your personal data necessary for preparation, execution, and evaluation.

Further (potential) data recipients may arise during the execution of a "Pre-Employment Screening." See section 10 for more details.

Your personal data is generally processed within the EU.

Insofar as the advertised position involves employment in a company outside the European Union or the European Economic Area ("EEA"), or if your specialized supervisor operates outside the EEA, your personal data will also be transferred to this company. To protect your data, we take special measures to ensure that your personal data is processed in third countries with the same security as it is within the European Union.

We store your personal data as long as necessary for the decision on your application. If no employment relationship is established between you and benntec, we retain your data for up
to eight additional months, in case we need to reconsider you for the advertised position and
because it is required, among other reasons, for the defense against possible legal claims.

The term begins with the conclusion of the individual application process (rejection, withdrawal of application, or hiring). This period applies to each of your applications. Should an employment relationship be established, your application documents will be wholly or partly transferred to your personnel records (you will be separately informed about these data processing activities upon employment).

In the case of voluntary inclusion in the talent pool (see number 9), with the associated storage of your personal data, data deletion occurs according to the principles mentioned above, but with
the provision that we will generally request an update of your consent to remain in the talent pool
30 days before the end of the eight months. If you do not respond to this request or do not update your consent, we will remove you from the talent pool and delete your personal data and applicant profile.

As part of the application process, we will evaluate whether we can offer you inclusion in our talent pool. This involves a database where your application data is stored to consider you for a suitable future vacancy. At the beginning of your application, you have the voluntary opportunity to consent to be included in the talent pool (Legal basis: Art. 6 para. 1 sentence 1 lit. a GDPR).

If your application documents are transferred to another company outside the EU in the context of temporary employment leasing for consideration for a potentially suitable position, your consent explicitly also applies to this third-country transfer (Art. 49 para. 1 lit. a GDPR). For detailed information about data retention, see section 8.

Due to our corporate due diligence obligations, we conduct a pre-employment screening (PES) for selected positions considered to be at risk. Currently, a PES is especially planned for the following positions:

• Boards of Directors
• Supervisory Boards
• Managing Directors
• Management staff from department head level in areas including sales, purchasing,
  research & development, and finance
• Positions in security-relevant areas such as corporate security, compliance, information
  security, and IT security
• Compliance officers (e.g., from areas of anti-discrimination/diversity, data protection
  officers, security officers, KWKG officers, and SÜG security officers)

The PES is aimed at the preventive avoidance of personnel selection associated with compliance, security, or other reputational risks, and fulfilling the management's responsibilities for careful personnel selection (cf. § 130 Administrative Offenses Act – OWiG).

The PES primarily addresses the following risks for the Rheinmetall Group:

• Reputational damage from employing "fraudsters"
• Terrorism and extremism
• Risk of industrial espionage
• Inadvertent data leaks

Should a PES be necessary for the position you are applying for, we will separately inform you before conducting the PES.

The PES typically includes:

• Comparison with state and so-called sanction/terror lists (e.g., EU Financial Sanctions
  List or OFAC list);
• Examination via external research sources/databases (e.g., Dun & Bradstreet or Thomson
  Reuters World Check) and online searches (e.g., Google or foreign search engines);
• Scrutiny of social media platforms (e.g., professional networks or Twitter);
• Inquiry with your previous employers (current employer only in consultation and with
  your release).

Typically, the following personal data about you is processed as part of the PES:

• Name
• Address (private and possibly business)
• Telephone and fax number (private and possibly business)
• Email address (private and possibly business)
• Information on the curriculum vitae
  
• Work references
• Education and qualification certificates
• Information about you from the used research sources/databases and social media platforms
• SCHUFA report or other credit reports (only for selected positions, e.g., functions with budget responsibility or in security-relevant areas)
• Police clearance certificate (only for selected positions, e.g., functions with budget responsibility or in security-relevant areas).

In addition to the recipients mentioned in section 6, your personal data within the PES is also transmitted to the Compliance Department of Rheinmetall AG. Additionally, other service providers involved (e.g., credit agencies, online databases) can be recipients, through which we conduct data comparisons, counter-rechecks, and/or research.

The PES and the associated data processing are based on our legitimate interests in fulfilling corporate due diligence obligations and risk prevention in personnel selection. The legal basis for this is Art. 6 para. 1 sentence 1 lit. f GDPR. If we exceptionally collect special categories of personal data (cf. Art. 9 GDPR) from you in this context, this usually only contains data that you have obviously made public yourself (e.g., on social media profiles). The legal basis for this is Art. 9
para. 2 lit. e GDPR.

You can refuse the conduct of a PES or object to it at a later time with future effect. However, we may then not be able to consider you for the affected position.

As a data subject under the GDPR, you have various rights, particularly arising from Articles 15 to 21 of the GDPR:

• Right to Access (Article 15 GDPR): In accordance with statutory provisions, you have the right to request information on whether and to what extent we process your personal data.
• Right to Rectification (Article 16 GDPR): According to statutory provisions, you have the right to request the completion or correction of your incomplete or inaccurate data.
• Right to Erasure (Article 17 GDPR): Under statutory provisions, you have the right to demand that your personal data be deleted without delay. Note: Immediate deletion of your data may be obstructed by statutory retention obligations or other legitimate retention reasons.
• Right to Restriction of Processing (Article 18 GDPR): You have the right to request a restriction on the processing of your personal data as per statutory provisions.
• Right to Data Portability (Article 20 GDPR): In line with statutory requirements, you have the right to receive your personal data provided to us in a structured, common, and machine-readable format, and to demand its transmission to another controller where technically feasible.
• Right to Object (Article 21 GDPR): You have the right to object at any time, based on reasons arising from your particular situation, to the processing of your personal data, especially if the data processing is to uphold legitimate interests (cf. Art. 6 para. 1 lit. e or lit. f GDPR). If your personal data is processed for direct marketing purposes, you have the right to object at any
  time to the processing for such marketing; this also applies to profiling to the extent that it is related to such direct marketing.
• Right to Withdraw Consent (Article 7 para. 3 GDPR): You have the right to withdraw any
  consent given at any time without reason and with effect for the future. The withdrawal of consent does not affect the legality of processing based on consent before its withdrawal.

You may contact the Data Protection Officer at the contact information provided above for any complaints. Furthermore, you have the right to lodge a complaint with a data protection supervisory authority (cf. Art. 77 GDPR in conjunction with § 19 BDSG).

To exercise your rights, you can reach out to the responsible party at the contact details provided in the job advertisement or contact:

bewerbung@benntec.de

We will process your requests promptly in accordance with legal requirements and inform you of the actions we have taken.