Privacy policy

PERGOLUX GmbH (“PERGOLUX”, “we”, “us”) is committed to protecting your personal data during the recruitment process. This Recruiting Privacy Policy explains how we collect, process, store and protect the personal data of applicants and candidates, in compliance with the European General Data Protection Regulation (GDPR) and the German Bundesdatenschutzgesetz (BDSG), and in addition to our general privacy policy.

Please note: Our general PERGOLUX Privacy Policy — available at https://pergolux.de/policies/privacy-policy — applies in addition to this document. For recruitment-related data processing, this Recruiting Privacy Policy takes precedence.

1. Controller / Contact

PERGOLUX GmbH

Name: Johannes Lauchenauer 

Address: Goethestraße 9, 36043 Fulda, Germany
 Email (for privacy / data protection inquiries):Johannes.lauchenauer@pergolux.de
 Phone: +49 661 4108750 (Pergolux)

If you have any questions about how we handle your personal data or wish to exercise your data protection rights (see § 9), please contact us via the above address or email.
 If you believe your data is being processed unlawfully, you may also lodge a complaint with the competent data protection supervisory authority.

2. Purpose of Data Processing & Legal Basis

We process your personal data when you apply or have applied to a position with us, for one or more of the following purposes:

  • Evaluation of your application — to assess your candidacy, schedule interviews, request documentation, and make hiring decisions.
     Legal basis: Art. 6(1)(b) GDPR; § 26(1) BDSG.

  • Communication with you — to coordinate interviews, inform about status, request further information, provide feedback.
     Legal basis: Art. 6(1)(b) GDPR.

  • Legal compliance and documentation — to retain records in case of legal claims (e.g., under equal-treatment or labour law) for a limited period.
     Legal basis: Art. 6(1)(f) GDPR (legitimate interest); § 26(1) BDSG.

  • Talent pool / future roles (optional) — if you consent, we store your data to inform you about future vacancies.
     Legal basis: Art. 6(1)(a) GDPR (consent).

  • Internal statistics and process improvement — anonymised or pseudonymised analytics to help improve our recruitment process.
     Legal basis: Art. 6(1)(f) GDPR.

We only process personal data that is necessary and relevant for the recruitment purpose (data minimisation).

3. What Data We Process

3.1 Data you provide voluntarily

  • CV / résumé, cover letter, motivation letter

  • Contact data (name, email, phone, address)

  • Professional data (education, work history, skills, certificates)

  • Links to professional profiles (e.g., LinkedIn, GitHub, portfolio)

  • Salary expectations, availability, preferred start date

  • Other optional information relevant to your application

3.2 Data generated during the application process

  • Interview notes — including notes from our ATS and the Ashby AI Notetaker

  • Internal assessments and evaluations

  • Communications (emails, scheduling, correspondence)

  • Interview scheduling data

3.3 Data from third parties (only if applicable and with your permission)

  • References / recommendations

  • Referral data via employees or recruiters

  • Data obtained from job boards or recruitment platforms where you applied

3.4 Use of Third-Party Tools / Processors

We use the applicant-tracking system Ashby as processor under Art. 28 GDPR. This includes the use of the Ashby AI Notetaker for interview documentation. No decisions are made solely on automated processing — all hiring decisions remain human-led. All third-party processors are bound by contract to process data only on our instruction and to implement appropriate technical and organisational safeguards.

4. Sensitive Data / Special Categories

We do not require or request special categories of personal data (e.g., health data, ethnicity, religion) during application. If you voluntarily provide such data and we need to process it (e.g., for accommodations), we will only do so with your explicit consent, in accordance with Art. 9 GDPR.

5. Retention Periods

  • Active application process: until the recruitment process is completed.

  • After rejection or process end: data is kept for up to 6 months to allow for potential legal claims or documentation needs (legitimate interest).

  • With explicit consent (talent pool): data may be stored for up to 24 months, or longer if you renew consent.

  • Withdrawal of consent: You may withdraw your consent at any time; after withdrawal, we will delete or anonymise your data — unless legal retention obligations apply.

6. Data Sharing / Recipients

Your data is shared only where necessary:

Internal Recipients

  • PERGOLUX recruiting team, hiring managers, interviewers

  • Internal HR / People & Culture staff involved in decision-making

External Processors (with Data Processing Agreements)

  • Ashby (ATS) and Ashby AI Notetaker

  • Other third-party services (e.g., video interview tools, background-check providers) — only if you have explicitly consented and only to the extent necessary for the recruitment process.

We do not sell your data or share it with third parties for other purposes.

7. International Data Transfers

If any processor or sub-processor is located outside the EU/EEA, we ensure that appropriate safeguards are in place (e.g., EU Standard Contractual Clauses) to guarantee an adequate level of data protection, in compliance with Art. 46 GDPR.

8. Your Rights

Under the GDPR and BDSG, you have the right to:

  • Request access to your personal data (Art. 15 GDPR)

  • Request correction or update of inaccurate or incomplete data (Art. 16 GDPR)

  • Request erasure (“right to be forgotten”) (Art. 17 GDPR)

  • Request restriction of processing (Art. 18 GDPR)

  • Receive your data in a portable format (Art. 20 GDPR)

  • Object to processing based on legitimate interest (Art. 21 GDPR)

  • Withdraw your consent at any time (Art. 7 GDPR)

To exercise these rights, contact us at:

 Email: Johannes.lauchenauer@pergolux.de
 Address: PERGOLUX GmbH, Goethestraße 9, 36043 Fulda, Germany

You also have the right to lodge a complaint with the competent data protection supervisory authority.

9. Data Security

We implement technical and organisational measures to ensure the security, confidentiality and integrity of your data, including:

  • Access controls and role-based permissions

  • Encryption (in transit and at rest) where applicable

  • Regular backups and secure storage

  • Minimal data access — only authorized staff

  • Vendor due diligence and contractual safeguards with processors

  • Audit logging of processing activities

10. Changes to this Recruiting Privacy Policy

We may update this policy to reflect changes in legal requirements, business practices or recruitment tools. The latest version will always be available on our website alongside the general Privacy Policy.

11. Interaction with General Privacy Policy

This Recruiting Privacy Policy supplements the general PERGOLUX Privacy Policy (see https://pergolux.de/policies/privacy-policy). For data processing in contexts outside recruitment (e.g., website usage, customer data, purchasing), the general policy applies. For all recruitment-related data processing, this document governs.