Applicants Privacy Policy

Remerge cares about your privacy and would like you to be familiar with how we collect and process information about you. We are committed to protecting and legally correcting the collection, processing, and use of your personal data. We comply with all legal data protection requirements to ensure that you feel safe completing and sending us your online application.

Please read the following information about our data processing:

1. Controller

The entity responsible for collecting, processing, and using your personal data under data protection law for the application process is

Remerge GmbH

Heidestr. 9, 10557, Berlin, Germany

Data Protection Officer:

Ilan Leonard Selz, Am Hamburger Bahnhof 4, 10557 Berlin, Germany

The DPO will handle your request confidentially. In principle, sensitive employee information is not shared with the employer in the event of a direct request to the DPO.

2. Data Collection and Processing

Personal data means any information that relates to an identified or identifiable individual person. This includes your name, your telephone number, your email address, your gender information, your picture, and other application data that you share with us during the course of your application.

To manage your online application, we collect, process, and use the data you disclosed via the online application form or by sending us your CV. In general, you decide which data you want to enter and share with us.

The mandatory fields are your first name, surname, email address, and phone number. If you do not provide personal data relevant to the application process, such as your education or employment history, we may not be able to process or assess your application correctly.

In your application, you may include a link to your profile on LinkedIn, XING, or similar job/social media sites. We also gather personal data during interviews, discussing your background and profile.

We discourage providing sensitive personal data, such as your racial or ethnic origin, marital status, political opinions, religion or other beliefs, health, criminal record, or trade union membership. Generally, we do not require or encourage you to include a photo in your CV.

For certain positions, and in accordance with the law, we may request health-related data or other sensitive information (e.g., a medical certificate confirming you are medically fit for the job). If you provide this information, we will handle it responsibly and need your explicit consent to process it.

2.1 Types of personal data usually processed during the application:

• Name
• Date of birth
• Address
• Telephone number
• Email address
• Information on qualifications
• Professional experience
• Training
• Hobbies and leisure activities (if applicable)
• Photograph
• Internal records from job interviews conducted with

2.2 Diversity and Inclusion

At Remerge, we foster inclusivity and diversity in recruiting and developing talent by providing equal opportunities regardless of gender. For this purpose, your gender information is not used for decision-making.

3. Purpose and Legal Basis of Data Processing

As part of the application process, we process the personal data you give us. The purpose of collecting your personal data is for your application procedure and to verify whether we offer you the position for which you have applied and whether you are a suitable employee.

We will, therefore, use your applicant data only to process your application. The legal basis for this data processing is Article 6 (1) (b) GDPR and Article 88 GDPR.

Insofar as the data are classified as special categories of personal data, such as data on your health, which you communicate to us (e.g. information about a severely disabled person), the processing takes place based on Article 6 (1) (b), Article 9 and Article 88 GDPR.

The provision of your data is required if a possible contract is concluded with us. You are not legally or contractually obliged to provide us with your data. However, since we require personal information from you for our application process, the possible consequence of failing to provide this information is that we are unable to consider you as an applicant.

4. Retention Period

We store your personal data after receipt of your application.

Should you be offered and accept a position with us during the application process, we will store the personal data collected as part of the application within your employment document and kept per current regulations.

Should we reject your application, we shall store your application data for a maximum period of (6) six months after the rejection of your application unless you consent (Article 6 (1) (1) (a), Article 88 GDPR) to a more extended period of storage or the storage is required for legal or statutory requirements.

5. Data Transfers, Third Parties

Your personal data shall not be transmitted to any recipients other than us within the scope of processing. Only the employees of our company who must view your data within the framework of the application procedure shall have access to your personal data, in particular the HR department and the decision-makers in the respective department, who must also co-decide on your recruitment and, therefore, must view your data.

In certain cases, we may have to pass on parts of your data that we process as part of the application process to places and persons outside our company. We may pass on data to the following groups of recipients

• Our associated companies within the Remerge Group:
  

remerge GmbH (Germany)
remerge Services Ltd (UK)
remerge Service Spain, S.L (Spain)
remerge Inc. (United States)
remerge Brasil Ltda. (Brazil)
remerge K.K.(Japan)
remerge Pte. Ltd.(Singapore)
remerge Ltd. (South Korea)

• If applicable, lawyers we appoint
• Service providers who process personal data on our behalf (so-called processors) are listed below:
  

Provider:

BreezyHR (BreezyHR Inc.)
Location: Raleigh, NC, USA
Website: www.breezy.hr.
Purpose: Applicant Tracking System and Management Talent Pool

Zoom (Zoom Video Communications, Inc.)
Location: San Jose, USA
Website:www.zoom.us
Purpose: Video conferencing and online meeting platform

Google Workspace (Google Ireland Limited)
Gordon House, Barrow Street
Dublin 4 - Ireland
Website: www.google.com
Purpose: Interview scheduling implementation, Document management, e-mail

Juro (Juro Online Limited)
Location: United Kingdom
Website: https://juro.com/
Purpose: Contract Management

Service providers who work on our behalf may process personal data for us. If this is the case, we conclude a data processing agreement with the service provider, in which we require the service provider to process the data carefully in accordance with our instructions and data protection regulations.

6. Social Plugin

Social media functions may be integrated into our services. These include so-called social plug-ins or social logins, such as “Apply Using LinkedIn” and “Use My Indeed Resume”. If you activate or use these functions and are a member of the relevant social network, we may receive data from their respective operators which allows us to identify you. We usually receive the following data from social networks:

• your public profile information (e.g. name, profile picture)
• Information on the type of device you are using
• the account ID of your profile with the relevant network (e.g. LinkedIn ID)

You can find more detailed information in the relevant providers’ terms of use and privacy policies.

7. Security

All of your data transmitted to us is encrypted automatically (SSL encryption). Suitable technical and organizational measures are in place to ensure that your personal data is handled confidentially and securely in accordance with the legal requirements.

For any transfers of your personal data from the EEA to countries that are not considered to provide an adequate level of protection by the European Commission (like the USA), we have put in place adequate measures, such as Standard Contractual Clauses adopted by the European Commission, to protect your personal data. You may obtain a copy of these measures by contacting us via the contact information provided below.

8. Your Rights as a Data Subject

You have the right at any time to request information about and access to the processed data (Art. 15 GDPR) and, if the data are incorrect, to demand rectification (Art. 16 GDPR) or to restrict processing (Art. 18 GDPR) and to request erasure (Art. 17 GDPR) of your personal data. Furthermore, you have the right to data portability (Art. 20 GDPR). In addition, you have the right to object (Art. 21 GDPR) to processing based on Art. 6 para. (1) (e) or (1) (f) GDPR and the right not to be subject to a decision based exclusively on automated processing (Art. 22 GDPR).

You also have the right to file a complaint to the competent supervisory authority. Please note that this is a rough outline for better understanding and that the exact scope of your rights naturally depends on the legal regulations of Art. 15 to 22 GDPR.

If you consent or have consented to the processing of your data, we process the data for the purpose and to the extent to which you have consented. For example, this may be the case for taking and using photos or video recordings during job fairs. We will inform you about the data processing type and scope when you consent.

If you provided consent to Remerge, you have the right to withdraw it. If you withdraw your consent, your data will no longer be processed based on that consent. However, this will not affect the permissibility of data processing based on your consent before your withdrawal.

We at Remerge take your rights seriously. Please do not hesitate to contact us at privacy@remerge.io using the above-mentioned contact details, but please include the following title in your message: “Applicant/ Candidate Data Subject Rights.”

9. Updates To This Privacy Policy

Further development of our websites and apps and the implementation of new technologies to improve our service for you may require changes to this privacy policy. We therefore recommend that you re-read this Data Protection Declaration from time to time.

Effective date: 01.08.2024 - Version 01.

‍

ようこそ！当社がセキュリティ脆弱性ケースをどのように処理するかに興味をお持ちいただきありがとうございます。このページは、以下の懸念に対応することを目的としています：

パート1：はじめに

報告を進める前に、このページの内容を注意深くお読みください。当社のポリシーを読んで理解していただくと、当社の報告プロセスと当社に報告を提出する方法についてより良い考えが得られます。

当社のチームは定期的にセキュリティ問題をレビューし、ケースを調査し、パートナーと協力してセキュリティ脆弱性を真剣に受け止めています。

パート2：このポリシーがカバーする内容

この開示ポリシーは、以下の条件の下でRemergeが所有、運営、または保守する資産に対してのみ有効です：

このポリシーは、現在および元Remergeスタッフ、サードパーティサプライヤー、パートナー、およびRemerge製品とサービスの一般ユーザーを含むすべての人に適用されます。

Remergeは、セキュリティ脆弱性を指摘するために時間と努力を捧げる方々を独自の方法で認識する努力をしますが、バグバウンティは支払いません。

パート3：報告に関するガイドライン

報告は真正な根拠に基づいている必要があり、当社のウェブサイトをより安全な場所にすることを目的としている必要があります。セキュリティ研究者として、以下のことをしてはいけません：

脆弱性問題が解決された後1ヶ月以内、または必要がなくなった時点のいずれか早い方で、調査中に取得したすべてのデータを削除する必要があります。

パート4：セキュリティ脆弱性を報告する方法

セキュリティ脆弱性の兆候を発見した場合は、上記のパート2およびパート3で説明されている詳細をお読みいただき、範囲を理解してください。その後、security@remerge.io宛に電子メールで報告をお送りください。

報告には以下の詳細を含めてください：

報告を迅速に管理および割り当てるために、報告は役立つ、建設的、かつ客観的な方法で脆弱性の証明を提供する必要があります。これにより、重複する報告や特定の脆弱性の悪意のある悪用を生成する可能性を最小限に抑えることができます。例としてSQLインジェクションが挙げられます。

当社は、電子メールで報告を受け取ってから72営業時間以内に返信することを目指しています。当社のセキュリティチームは報告をトリアージし、さらなる情報が必要な場合、脆弱性が範囲内または範囲外か、または脆弱性が以前に報告されたことがあるかどうかをできるだけ早く連絡します。修正作業が必要な場合は、関連するRemergeチームによって内部で解決されます。バグ修正と軽減については、影響の深刻度と悪用の複雑さに基づいて優先順位を付けます。

報告の評価には時間がかかる場合があります。必要な場合のみプロセスの状況をフォローアップできます。2週間に1回で十分です。これは、当社のチームが報告自体の調査に努力を集中できるようにするためです。

報告が解決された、または修正作業が必要な場合、当社のセキュリティチームがお知らせし、当社の解決策をレビューし、お客様が提起された脆弱性問題に対応しているかどうかを確認していただくようお願いします。

パート5：法的コンプライアンス

当社は、業界のベストプラクティスに沿ってこの脆弱性開示ポリシーを作成しました。このポリシーは、法律に反する方法で行動する権利、またはRemergeが法的義務を違反する原因となる可能性のある権利を提供するものではありません。これには以下が含まれますが、これらに限定されません：

この文書で言及されている関連情報に関して、お住まいの地域に適用されるデータ保護規制および法律についてご自身で情報を得て、遵守してください。Remergeは、この開示ポリシーに合意して、真に懸念を持ち、当社のサービスまたはシステムのセキュリティ脆弱性を指摘する良い意図を持っている報告者に対して法的措置を講じることはありません。ただし、これはセキュリティ研究者に当社の知的財産をリバースエンジニアリングする権利を与えるものではなく、その場合は法的措置を講じることができます。

インターネットをより安全な場所にすることに興味をお持ちいただきありがとうございます。