Privacy

Privacy policy for applicants of the CORESTATE Capital Group

Dear applicant,


We are delighted that you are interested in working for the CORESTATE Capital Group and decided to send your application documents. We are aware that the data provided contains very personal and sensitive information and requires particularly sensitive and trustworthy handling. Where we refer to the GDPR in this privacy policy, these references to legal basis do not apply to applicants in Switzerland and the United Kingdom (once the United Kingdom will have left the European Union); otherwise, however, this privacy notice and the information therein apply equally to all applicants.

Therefore and in accordance with applicable data protection laws, in particular Articles 13, 14 of the GDPR, we like to inform you in the following how we, the CORESTATE Capital Group, process the applicant data collected via our applicant portal or made available to us in any other way.

1. Name and address of the controller and the contact details of the data protection officer

The company of the CORESTATE Capital Group to which you apply (hereinafter "we" or "us") is responsible for processing your personal data within the meaning of the GDPR and other data protection laws applicable in the Member States of the European Union[1], the United Kingdom (once the United Kingdom will have left the European Union) and Switzerland. The name, address and contact details of the data protection officer of the relevant CORESTATE Capital Group company can be found in the table attached as Annex 1 to this privacy policy.

2. What is personal data and which personal data do we process?
Personal data is defined as any information relating to an identified or identifiable natural person. This includes information by which conclusions can be drawn about your personal or factual circumstances or by which you as a person can be identified clearly. In relation to the application and selection process, this may include your name, address and other contact data (such as phone and/or e-mail address), details of your vocational training and/or previous professional experience, as well as further information from your application documents provided. Furthermore, this may also include data that we receive about you from headhunters.
The data may also contain special categories of personal data within the meaning of Article 9 para. 1 GDPR, the UK-GDPR[2] or respectively specially protected data (Switzerland) (such as information on severe disability).

3. For what purpose and on what legal basis do we process your personal data?
We process the personal data obtained via the application portal or made available to us in any other way exclusively for the application process.
We use your data to contact you, assess your application and check your suitability for the respective position and to make a final decision (rejection/approval).
This processing is based on the initiation or performance of a contract under Article 6 para. 1 lit. b) of the GDPR.[3]
The processing of special categories of personal data or respectively specially protected personal data (Switzerland) is based carrying out the obligations and exercising rights in the field of employment and social security and social protection law (Article 9 para. 2 lit. b) of the GDPR[4]). If you provided your consent to be included in our applicant database, the storage and processing of your data is based on your consent pursuant to Article 6 para. 1 lit. a) of the GDPR[5].

4. How long do we store your personal data?
As described under point 3, we need your personal data to carry out the application process. In absence of your consent to be included in our applicant database, your data will be deleted or rendered anonymous as soon as this data is no longer required for the application process or as soon as the application process ended without entering into an employment relationship with us. The application process ends in the following cases:

  • A negative decision (rejection) by us
  • Final staffing of the vacant role
  • Other ways of terminating the application process
As legal regulations may provide for a longer retention period and thus prevent us from deleting data or as further retention may be necessary for evidence purposes, we will store your data for a maximum of 6 months after the application process. After the 6 months, the data will either be deleted or anonymised, so that a personal reference is no longer possible, in order to carry out static surveys.
The six-month retention period shall not apply in cases where
  • the applicant withdraws his application
  • the applicant rejects an offer from us
In such cases, we will delete or anonymise your data immediately after we become aware of the withdrawal of the application or the rejection.
If you provide your consent to be included in our applicant database, we will store your data longer than the abovementioned 6 months for a maximum of 2 years, unless you withdraw your consent. We delete or anonymise your data upon receipt of the withdrawal, at the earliest 6 months after completion of the application process.
If your application results in an employment relationship with us, we continue to store your data for the performance of the employment relationship. You will receive a separate privacy notice.
 
5. What data protection rights do you have as an applicant?
As an applicant providing us with personal data you have the following rights under applicable data protection laws, in particular the GDPR:
  • You can obtain information as to which personal data is stored
  • You have the right to rectification of inaccurate data
  • You have the right to deletion of your data
  • You have the right to restriction of processing of your personal data
  • You have the right to data portability
 If the processing of your data is based on your consent, you have the right to withdraw your consent at any time for the future without giving reason. The withdrawal of consent does not affect the lawfulness of processing based on consent before the withdrawal.
You can send us your withdrawal informally at any time (see our contact addresses under point 1).
In Switzerland, you also have the right to object against the processing of your personal data at any time.
To exercise your rights, please contact us (see our contact details under point 1).
In addition, you can contact a supervisory authority[6] at any time (Article 77 of the GDPR).

6. Which recipient groups have access to your data?
Access to your data is only granted to those persons who are significantly and/or directly involved in the application process and decision making. These are the HR department and, typically the relevant decision-makers, such as managers, and the works council if we have one. As the applicant management within the CORESTATE Capital Group is centralised at CORESTATE Capital Group GmbH, the latter also has access to your data as our processor.

7. Is your data transferred to third countries and/or international organisations?
If you apply to a company within the European Economic Area:
Given our locations in Switzerland and the United Kingdom, your data may be transferred to these countries. For Switzerland there is an adequacy decision from the European Commission. This means that Switzerland has an adequate level of data protection and that therefore data can be transferred from EU Member States and Member States of the European Economic Area to Switzerland without further requirements.
Once the United Kingdom will no longer be a member of the European Union and the European Economic Area, the United Kingdom will become a third country. From that date, the transfer of personal data to the United Kingdom will be based on standard contractual clauses. You can get further information on this (see our contact details under point 1).
If you apply to a company in Switzerland or the United Kingdom (once the United Kingdom will have left the European Union):
We also share your data with recipients within the EU (particularly Germany, Spain, Austria and Luxembourg) and the United Kingdom. With regard to the Member States of the EU and the United Kingdom respectively Switzerland, Switzerland and the United Kingdom (with regard to leaving the European Union) have both taken a decision on adequacy. This means that these countries offer an adequate level of protection for personal data and that therefore personal data can be transferred from Switzerland and the United Kingdom respectively to these countries without further requirements.

8. Is there an obligation for me to provide data?
You must provide such data that we need to enter into a contract with you in the event of a positive result of the application process. Without this information, we will usually not be able to enter into the contract or complete the application process and will have to end the application process.


Annex 1
 
CORESTATE - Company Contact data protection officer
CORESTATE Capital Group GmbH 
Friedrich-Ebert-Anlage 35-37 / Tower 185  60327 Frankfurt am Main 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
CORESTATE Capital Advisors GmbH 
Friedrich-Ebert-Anlage 35-37 / Tower 185  60327 Frankfurt am Main 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
Hannover Leasing GmbH & Co. KG  Wolfratshauser Str. 49 
82049 Pullach im lsartal 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
Hannover Leasing GmbH & Co. KG  Wolfratshauser Str. 49 
82049 Pullach im lsartal 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
ACCONTIS GmbH Finanzanlagen und 
Beteiligungen 
Friedrich-Ebert-Anlage 35 – 37 / Tower 185  60327 Frankfurt am Main 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
accontis digital solutions GmbH  Wolfratshauser Straße 49 
82049 Pullach 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
UPARTMENTS Real Estate GmbH  Augustusplatz 9 
04109 Leipzig 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
Urban Micro Estate 
Immobilienverwaltungs GmbH  Vorgartenstraße 204 
1020 Wien, Österreich 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
CORESTATE Capital Holding S.A.  4, rue Jean Monnet 
2180 Luxemburg 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de
CORESTATE Capital Fund Management  S.àr.l. 
4, rue Jean Monnet 
2180 Luxemburg 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de 
CORESTATE Capital Advisors GmbH  Sucursal en Espana 
Barbara de Braganza 2 
28004 Madrid 
Richard Laqua 
c/o EYEDSEC - INFORMATION SECURITY GMBH  Friedrichstr. 25 / 95444 Bayreuth 
E-Mail:  r.laqua@eyeDsec.de
CRM Students Ltd. 
Hanborough House, 5 Wallbrook Court  North Hinksey Lane, Botley 
Oxford OX2 OQS 
Emma Gibbons 
c/o CRM Students Ltd. 
Hanborough House, 5 Wallbrook Court 
North Hinksey Lane, Botley, Oxford OX2 OQS  E-Mail: EGibbons@crm-students.com 
Hartly Invest. S.L.U 
Calle Príncipe de Vergara 112  Cuarta Planta, Madrid, 28002 
Emma Gibbons 
c/o CRM Students Ltd. 
Hanborough House, 5 Wallbrook Court 
North Hinksey Lane, Botley, Oxford OX2 OQS  E-Mail: EGibbons@crm-students.com 
Cisnes E Silhuetas Uniepessoal LDA  Registered Office: 
Rua Latino Coelho 
13, 3rd Floor, Lisboa, 1050-132 
Emma Gibbons 
c/o CRM Students Ltd. 
Hanborough House, 5 Wallbrook Court 
North Hinksey Lane, Botley, Oxford OX2 OQS  E-Mail: EGibbons@crm-students.com 
Rewiana sp z o.o , 
Plac Pilsudskiego 1, 00-078 Warschau, Polen 
Emma Gibbons 
c/o CRM Students Ltd. 
Hanborough House, 5 Wallbrook Court 
North Hinksey Lane, Botley, Oxford OX2 OQS  E-Mail: EGibbons@crm-students.com 

 
[1] In Germany the German Federal Data Protection Act (Bundesdatenschutzgesetz applies.
[2] As per the EU (Withdrawal) Act 2018 (EUWA) once the United Kingdom will have left the European Union..
[3] In Germany together with Section 26 para. 1, para. 8 sentence 2 of the German Federal Data Protection Act.
[4] In Germany together with Section 26 para. 3 sentence 2 of the German Federal Data Protection Act.
[5] In Germany together with Section 26 para. 2 of the German Federal Data Protection Act.
[6] In Switzerland this is the Federal Data Protection and Information Commissioner (Eidgenössischen Datenschutz- und Öffentlichkeitsbeauftragten).
 
Go to Top