Back

Data Protection Information Job Applicants

1. Introduction

CENTOGENE AG (“CENTOGENE”) is a worldwide leader in the field of genetic diagnostic testing for rare hereditary diseases, with a broad test portfolio covering genetic testing, biochemical tests, biomarker and clinical whole exome sequencing and whole genome sequencing. CENTOGENE is dedicated to the highest quality genetic and biochemical diagnostic testing for the global medical community. 

CENTOGENE respects the data protection rights of any person whose Personal Data we are entrusted with, and CENTOGENE complies with laws and regulations protecting Personal Data.

This Data Protection Information explains the relevant data protection principles for the protection of Personal Data and how such principles are to be implemented.

2. Definitions

Consent means any freely given, specific, revocable and informed indication of the Individual’s agreement to the processing of his/her Personal Data.
Data Processors means external IT-service providers we use to automatically process Personal Data. These service providers have been carefully selected, are subject to our instructions and regular monitoring and may only use the Personal Data to fulfil their tasks.
Data Subject Request means any request from a natural person to exercise its rights described in Art. 15 – 21 GDPR.
FDPA German Act to Adapt Data Protection Law to Regulation (EU) 2016/679 and to Implement Directive (EU) 2016/680, as amended on 25 May 2018 (Bundesdatenschutzgesetz)
GDPR means the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
Individual means the natural person to whom the Personal Data relates, this can be a Patient, a Physician, a Healthcare Service Provider or any other person.
Personal Data means all information that relates to an Individual where that Individual can be identified by us or others. In some cases, the Individual can be identified directly (e.g., by name or photograph) or the Individual can be identified indirectly (e.g., a medical insurance number, position in a company or by means of a study code assigned in a clinical trial).
Process or Processing means any operation or set of operations performed upon Personal Data. This definition includes, but is not limited to, collection, recording, organization, storage, retrieval, use, disclosure, anonymization, pseudonymization or deletion.
Third Party is any person, including a legal entity, with whom CENTOGENE interacts and that is neither a CENTOGENE company or Associate nor the Individual himself.
Transfer  means any disclosure of Personal Data by someone other than the person to whom the personal data belongs. The term “Transfer” may include the physical movement of Personal Data or the provision of access to Personal Data.

 Reference is made to further definitions set forth in Art. 4 GDPR.

3. Responsible data controller and contact

Data controller and responsible entity for the processing of Personal Data is

CENTOGENE AG
Am Strande 7
18055 Rostock

represented by the Executive Board members as listed on our website. 

You can reach our data protection officer under the same address with the addition “Attn: Data Protection Officer” or by email: dataprivacy(at)centogene(dot)com.

4. Personal Data of job applicants

We collect and process Personal Data from job applicants including up to the following:

  • personal details (e.g. first name, surname, title),
  • contact details (e.g. email address, telephone number),
  • application documents (e.g. application letter, CV references, certificates, photo),
  • salary expectations, 
  • bank details (to reimburse travel expenses), 
  • internal notes from the job interview, 
  • severe disability status (insofar as provided), and
  • other (optional) Personal Data (insofar as provided).

In certain cases, we collect Personal Data via Third Parties. In particular via professional networks such as LinkedIn or Xing and via recruiters. Your Personal Data will be used to process your application and to provide possible employment for the open position we receive the application for. The legal basis is Art. 6 para. 1 (b) and Art. 88 para. 1 GDPR in combination with Section 26 para. 1 clause 1 and para. 3 clause 1 FDPA. If you have consented accordingly, we consider your application for other relevant open positions in the future. The legal basis in this case is Art. 6 para. 1 (a), Art. 9 para. 2 (a) and Art. 88 para. 1 GDPR in combination with Section 26 para. 1 clause 1 and para. 3 clause 1 FDPA.

5. Recipients of Personal Data 

In principle, we process Personal Data ourselves. Transfer of Personal Data to a Third Party only takes place with explicit Consent, in order to fulfill a legal obligation or if such transfer is permitted by law. We may provide some of your Personal Data to the extent necessary to recruiters, if we have received your application via a recruiter. We also use Data Processors, which have been carefully selected, are subject to our instructions and regular monitoring and may only use Personal Data to fulfil their tasks. This may include IT-service providers that maintain our systems as well as data centers which host our systems.

6. Period of Personal Data storage

If we hire you, we store your Personal Data at least for the period of employment. In this case, we provide you with further information on data protection upon your employment. If we cannot offer you a position, we store your Personal Data for up to six (6) months after you receive our letter of refusal. If you have consented accordingly, we may store your Personal Data in our talent pool for other relevant positions until you request erasure.

7. Data subjects rights if Personal Data was collected

You may have the following rights, provided the appropriate requirements are met. If you want to address or use any of the rights listed below, please address us via the contact information provided above.

  • Right of access
  • Right to data portability
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object
  • Right to lodge a complaint
  • Right to withdraw a consent

7.1 Applicable local laws

Any further or modified rights applicable under national law remain unaffected by the rights set forth herein.

7.2 Procedure

In general, CENTOGENE will respond to Individuals’ no later than one (1) month after receiving a Data Subject Request. In exceptional cases, CENTOGENE may extended this period by two (2) further months with prior notice. If a Data Subject Request does not contain sufficient detail, CENTOGENE reserves the right to request additional information. Before denying any Data Subject Request, Associates must seek the advice of CENOTGENE’s legal department. CENTOGENE will provide the Individual with an explanation for any denied Data Subject Request.

    8. Changes to this Data Protection Information

    CENTOGENE reserves the right to amend this Data Protection Information at any time. 

    This version of the Data Protection Information is effective from September 2019.
    Rostock, September 2019
    Further information can be found in our Data Protection Policy.