Valoron

turning waste into value

Applicant Privacy Notice

Privacy Policy for Applications at Valoron

We take the protection of your personal data seriously. This privacy notice explains how we process your personal data when you apply for a position at Valoron GmbH through our website. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

Valoron GmbH

see Impressum

2. Data Protection Officer

We are not legally required to appoint a Data Protection Officer pursuant to § 38 BDSG. For all data protection inquiries, please contact us directly at info@valoron.eu.

3. Purpose of Data Processing

We process your personal data exclusively for the purpose of handling your application and evaluating your suitability for the advertised position. This includes in particular:

  • Reviewing your application documents
  • Assessing your qualifications and suitability
  • Conducting the selection process
  • Communicating with you regarding your application
  • Documenting recruitment decisions
  • Complying with statutory obligations where applicable (e.g. § 22 AGG)

4. Categories of Personal Data Processed

Personal identification data - First name, last name - Email address - Postal address and phone number (if voluntarily provided)

Application documents - CV / résumé - Cover letter and additional voluntarily submitted documents (e.g. references, certificates)

Evaluation data - Application ID (pseudonymized identifier) - Answers to application questions - Internal scoring and evaluation notes

Technical data - Submission timestamps - Process status information

5. Legal Basis for Processing

  • Art. 6(1)(b) GDPR in conjunction with § 26(1) BDSG — processing necessary for taking steps prior to entering into an employment relationship
  • Art. 6(1)(f) GDPR — our legitimate interest in conducting an efficient, fair and well-documented recruitment process; you have the right to object pursuant to Art. 21 GDPR (see Section 13)
  • Art. 6(1)(c) GDPR — compliance with statutory obligations (e.g. documentation requirements under § 22 AGG)
  • Art. 6(1)(a) GDPR — your separate consent, where applicable (e.g. inclusion in our talent pool beyond the current role, voluntary disclosure of additional information)

6. Special Categories of Personal Data (Art. 9 GDPR)

You are not required to disclose special categories of personal data (e.g. health information, religious affiliation, ethnic origin, trade union membership) in your application. We kindly ask you to omit such information unless it is directly relevant to the position.

A photograph is not required. If you choose to include one, you do so voluntarily.

If you voluntarily disclose special categories of personal data, processing is based on Art. 9(2)(b) GDPR in conjunction with § 26(3) BDSG or, where applicable, on your explicit consent under Art. 9(2)(a) GDPR.

7. Automated Decision-Making

We do not use fully automated decision-making within the meaning of Art. 22 GDPR. Scoring and ranking criteria may support our internal evaluation, but the final hiring decision is always made by a natural person.

8. Recipients and Processors

Your data is accessible only to authorized personnel involved in the recruitment process (management and HR-responsible staff).

We engage carefully selected service providers as processors under Art. 28 GDPR, in particular:

  • Website hosting and infrastructure providers
  • Cloud storage providers
  • Application form and applicant tracking system providers
  • Internal evaluation and workflow tools

All processors are bound by data processing agreements and appropriate technical and organizational safeguards. Your data will not be sold or used for unrelated purposes.

9. Transfers to Third Countries

Some of our processors may be located in countries outside the European Economic Area (EEA), in particular the United States. In such cases, transfers are safeguarded by:

  • An adequacy decision under Art. 45 GDPR (e.g. the EU-U.S. Data Privacy Framework), and/or
  • Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR, supplemented by appropriate technical and organizational measures.

You may request a copy of the relevant safeguards by contacting us at info@valoron.eu.

10. Data Separation and Security

Your data is processed using a separated structure to ensure data minimization and confidentiality:

  • Personal data and CV are stored separately in secured internal storage with restricted access.
  • Evaluation data is stored pseudonymized using an internal application ID and does not contain direct personal identifiers.

Only authorized personnel involved in the hiring process can connect the two data sets where necessary.

11. Retention Period

Your application data will generally be deleted 6 months after completion of the application process. This period reflects the limitation period under § 15(4) AGG, applicable procedural deadlines, and a reasonable buffer for potential follow-up inquiries.

If you are hired, your application documents will be transferred to your personnel file and retained in accordance with applicable employment, tax and social security law.

If we wish to retain your application for future opportunities (talent pool), we will request your separate consent in accordance with Art. 6(1)(a) GDPR.

12. Obligation to Provide Data

Providing your personal data is neither legally nor contractually required. However, without the data marked as required (in particular name, email and CV), we will not be able to consider your application.

13. Your Rights

Under the GDPR, you have the right to:

  • Access your stored personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure — the "right to be forgotten" (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing based on legitimate interests (Art. 21 GDPR)
  • Withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal (Art. 7(3) GDPR)

To exercise any of these rights, please contact us at info@valoron.eu.

14. Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for Valoron GmbH is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA) Promenade 18 91522 Ansbach, Germany poststelle@lda.bayern.de www.lda.bayern.de

15. Contact

For any questions regarding the processing of your personal data or to exercise your rights, please contact:

Email: info@valoron.eu

Last updated: April 2026

Information icon

Wir benötigen Ihre Zustimmung zum Laden der Übersetzungen

Wir nutzen einen Drittanbieter-Service, um den Inhalt der Website zu übersetzen, der möglicherweise Daten über Ihre Aktivitäten sammelt. Bitte überprüfen Sie die Details in der Datenschutzerklärung und akzeptieren Sie den Dienst, um die Übersetzungen zu sehen.