Privacy Notice for Candidates

[1] Controller

Krusche & Company GmbH
St.-Pauls-Platz 9, 80336 Munich, Germany
[email protected]
Phone: +49 89 41617569 01

This notice applies to all recruitment activities of Krusche & Company GmbH and its subsidiaries.

[2] Purpose and Legal Basis of Processing

We process your personal data exclusively for the purpose of evaluating your application and managing the recruitment process.
Processing is based on the EU General Data Protection Regulation (GDPR):

• Art. 6(1)(b) GDPR – processing necessary to take steps prior to entering into a contract, and
• Art. 6(1)(f) GDPR – our legitimate interest in conducting a fair and efficient recruitment process and defending potential legal claims.

We do not rely on consent for these purposes.

[3] What Data we process

Depending on your application, we may process:

• Contact information (name, email, phone, LinkedIn profile, country)
• Application materials (CV, cover letter, certificates)
• Communication history during the recruitment process
• Contractual documents such as NDAs or Letters of Intent (if applicable)

We do not collect or require special categories of data (health, religion, political opinions, etc.) during recruitment.

[4] Data Retention

All recruitment-related data (CVs, emails, interview notes, NDAs) are kept for up to 12 months after the end of the recruitment process.

The legal basis for this retention is our legitimate interest in defending potential legal claims.

After 12 months, all personal data are automatically deleted from our systems (Salesforce, email, emlen, Pandadoc).

We may retain minimal metadata (name, email, country, LinkedIn profile) for networking and sourcing purposes under legitimate interest.

Contracts such as NDAs or Letters of Intent are kept separately for 10 years in accordance with statutory commercial and tax retention obligations.

[5] Data Sharing and Transfers

• Candidate data may be shared within Krusche & Company subsidiaries strictly for recruitment purposes.
• If data is transferred outside the EU (e.g., to Egypt or Armenia), appropriate safeguards such as EU Standard Contractual Clauses (SCCs) are applied.
• We use GDPR-compliant service providers, including Salesforce (ATS), emlen (digital data room), and Pandadoc (contract management).

[6] Your Rights

You have the following rights under the EU General Data Protection Regulation:

• Access to your personal data (Art. 15)
• Rectification of inaccurate data (Art. 16)
• Erasure (“right to be forgotten”) (Art. 17)
• Restriction of processing (Art. 18)
• Data portability (Art. 20)
• Objection to processing based on legitimate interest (Art. 21)

To exercise your rights, contact us at [email protected].
You also have the right to lodge a complaint with your local data protection authority.

[7] Automated Decisions

We do not use automated decision-making or profiling in our recruitment process.

[8] Updates

This privacy notice may be updated periodically. The current version is always available on our website.