Privacy Notice for Applicants – Proalpha Group

Introduction / General Data Protection Information

At the Proalpha Group, the protection of your personal data is of utmost importance to us. We process your data exclusively in accordance with applicable data protection laws (GDPR) as well as the requirements of the German General Equal Treatment Act (AGG). This Privacy Notice provides comprehensive information about which personal data we process during the application process, for what purposes we process it, and which rights you have. The Proalpha Group consists of multiple affiliated companies in Germany and other countries. As certain services and processes within the Group are centrally organized (e.g., Talent Acquisition, IT, Compliance), personal data may be processed jointly under Art. 26 GDPR (joint controllership) or on the basis of Art. 28 GDPR (processing on behalf). The corresponding agreements exist across all group companies. As a result, your personal data may be transferred or jointly processed within the Proalpha Group. If you have any questions or concerns regarding this Privacy Notice, you may contact the address listed under Section 1 at any time. This notice applies to all companies of the Proalpha Group involved in the application process.

If you have any questions or concerns regarding this Privacy Notice, you may contact the address listed under Section 1 at any time.

This notice applies to all companies of the Proalpha Group involved in the application process.

Privacy Notice for the Application Process at the Proalpha Group

1. Controller

The controller responsible for data processing in the application process is Proalpha Group GmbH jointly with the specific Proalpha Group company to which you have applied.

Contact details of Proalpha Group GmbH:

Proalpha Group GmbH

Auf dem Immel 8

67685 Weilerbach

Phone: +49 6374 800 0

E-mail: info@proalpha.com

You can reach the Data Protection Officer of Proalpha Group GmbH at the above address with the addition “Data Protection” or at: datenschutz@proalpha.com

2. Data Processing in the Application Process

In the context of your application, we process personal data as follows:

2.1 Carrying out the application process

If you apply to us via our applicant tracking system Greenhouse, by e-mail, or through any other channel, we process the following categories of personal data:

• Contact details (name, address, phone number, e-mail)
• Application documents (CV, cover letter, certificates, references)
• Information on qualifications, work experience, skills
• Social media profiles (LinkedIn/Xing), if voluntarily provided
• Information about salary expectations, notice periods, working time preferences

Purpose of processing:

The data is processed for the planning and execution of the application process across the Proalpha Group. This includes assessing candidate suitability, preparing interviews, coordinating communication and scheduling, issuing invitations or rejections, and conducting pre-contractual measures..

Legal basis:

Art. 6 (1) (b) GDPR (pre-contractual measures) and Art. 6 (1) (f) GDPR (legitimate interest). Our legitimate interest lies in ensuring an efficient recruiting process and in preserving legal rights under the German Equal Treatment Act (AGG). In case of legal disputes, we may use the data for evidentiary purposes.

2.2 Operation of the Greenhouse Applicant Tracking System

For online applications, we use the applicant tracking system “Greenhouse”. For the operation of this system, the following data is processed:

• Login data (username, password)
• Technical usage data (IP address, browser information, timestamps)

Legal basis:

Art. 6 (1) (f) GDPR. Our legitimate interest is to ensure the technical functionality, security, and stability of the system.

2.3 Inclusion in our Talent Pool

With your explicit consent, we will add your profile to our talent pool. In this case, we store your consent for two years and may contact you if suitable positions within the Proalpha Group become available.

Legal basis:

Art. 6 (1) (a) GDPR. You may withdraw your consent at any time by contacting datenschutz@proalpha.com.

2.4 Statistical Analyses

To improve the quality of our application processes and to optimize our internal workflows, we carry out statistical analyses. These analyses are performed exclusively in aggregated and anonymized form, ensuring that no conclusions can be drawn about individual applicants.

For this purpose, we process the following categories of data:

• Process and usage data
  • Number of applications per position, time period, or recruiting channel
  • Number of screenings, interviews, rejections, and hires
  • Process times (e.g., time-to-contact, time-to-hire)
  • Applications by source (career page, job portals, referrals)
  • Status changes and conversion rates
  • System usage data from Greenhouse (e.g., process steps)
    
    
• Channel and campaign information
  • Source of application (e.g., Indeed, LinkedIn, referral, direct application)
  • Data from AI-supported parsing or matching processes (e.g., CV parsing via Textkernel)
    (Note: These data are processed technically but evaluated only in anonymized form.)
    
    
• Structural applicant data (voluntarily submitted)
  • Professional and qualification data (work experience, skills, education level)
  • Functional and role-related preferences
  • Location preferences (country/region)
    
    
• Demographic data (voluntary and anonymized only)
  • Gender (if provided)
  • Year of birth / age ranges (e.g., 20–29, 30–39)
  • Nationality (for aggregated diversity reporting only, never for individual decisions)
    
    
• Technical metadata
  • Timestamps
  • Technical parameters (e.g., device type, browser information), where required for optimization

Legal basis:

Art. 6 (1) (f) GDPR. Our legitimate interest lies in optimizing our recruiting processes.

3. Recipients of Personal Data

Your data is primarily processed by our HR department and the hiring managers responsible for the role. In addition, other internal and external parties may be involved as necessary.

3.1. Within the Proalpha Group

Authorized internal recipients include:

• People & Culture functions, such as Talent Acquisition
• Hiring departments & managers
• Works Council (only where required under German law)
• Executive Management (in exceptional cases)

3.2. Other Proalpha Group Companies

Our Talent Acquisition & Employer Branding team acts as a central shared service for the entire Group. Therefore, your application data may be shared with other Group companies to ensure proper allocation of your application to relevant roles and contacts.

Das bedeutet, dass Deine Bewerbungsdaten mit anderen Gruppenunternehmen geteilt werden können, um sicherzustellen, dass Deine Bewerbung den passenden Ansprechpartnern und den relevanten Stellen innerhalb unserer Unternehmensgruppe zugeordnet wird.

3.3. External Service Providers

We use external service providers who support us in the application process. Where required, they are contractually bound under Art. 28 GDPR. These include, among others:

• Greenhouse Software, Inc. (applicant tracking system)
• Microsoft Ireland Operations Ltd. (communication tools, video interviews)

4. International Data Transfers

Some of our service providers are located in countries outside the European Union (third countries). These countries may not offer the same level of data protection as within the EU. To ensure adequate protection, we use:

• EU Standard Contractual Clauses (SCCs) issued by the European Commission
• Additional contractual and technical safeguards where required

You may request access to these guarantees by contacting datenschutz@proalpha.com.

5. Storage Period

DYour data will be stored for up to six months after the application process is completed, unless you have consented to longer storage (e.g., talent pool). If you do not provide consent for extended storage, your personal data will be retained for six months for documentation and evidentiary purposes and then deleted or irreversibly anonymized. If you consent to the storage of your data in our talent pool, your data will be deleted after two years unless you renew your consent. Longer retention may apply only where legally required (e.g., tax or retention obligations). You may request deletion at any time by contacting us.

6. Your Rights as a Data Subject

Under the GDPR, you have the following rights at any time:

• Right of access (Art. 15 GDPR)
• Right to rectification (Art. 16 GDPR)
• Right to erasure (Art. 17 GDPR)
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 (3) GDPR)

To excercise your rights, plkease contact: datenschutz@proalpha.com

You also have the right to lodge a complaint with a supervisory authority.

7. Obligation to Provide Data

Certain information is necessary for conducting the application process (e.g., contact details, application documents). Without these, we cannot process your application.

8. Use of AI-Based Functions in the Application Process (No Automated Decision-Making)

We use certain AI-supported features within Greenhouse. These functions serve process support only, not decision-making.

AI-supported functions may include:

• CV parsing
  Your documents (e.g., CV, certificates) may be automatically read and converted into structured data.
• AI-based matching
  AI may suggest which applications appear suitable for a given position or whether your profile matches other open roles. These suggestions support our talent acquisition team but do not replace human evaluation.
• AI-assisted sorting & ranking
  AI may generate preliminary rankings to support efficient review of large applicant volumes. This does not replace human screening.

No automated decisions (Art. 22 GDPR)

• AI does not decide on invitations, rejections, or hiring decisions.
• AI does not make any decisions with legal or similarly significant effects.
• Every decision is reviewed and made by a human.

AGG and GDPR compliance

We ensure that:

• all AI tools undergo technical and legal checks,
• no discriminatory or prohibited criteria are used,
• only data necessary for the application process is processed.

AI tools are used solely to increase efficiency and quality.

9. Changes to this Privacy Notice

This notice is reviewed regularly and updated when necessary due to legal, organizational, or technical changes. The current version can always be found on our careers page.

Version: November 2025