Contact Us
Client Login

Recruiting privacy notice – Germany

Last updated: May 2023 

1. Overview
As part of the recruiting process at Vialto, you may be asked to provide, and Vialto may process, your personal data. As part of our commitment to your privacy, we are providing you with this notice (“Notice”) to inform you about how Vialto processes your personal data in such circumstances. Accordingly, this Notice describes how Vialto processes the personal data of prospective personnel for Vialto in connection with recruitment by the company (“Candidates” or “you”).

This Notice applies to Vialto’s potential employees, contractors and other personnel participating in Vialto’s recruiting process. It does not form part of any contract of employment or other contract to provide services. We may update this Notice from time to time and will provide notice (which may be through automated means) following any such update.

“Vialto”, “we”, “us”, or “our” refers to the entity or partnership within Vialto’s network (consisting of (i) affiliated entities; and (ii) other entities operating as part of Vialto’s network, each of which is a separate legal entity) that determines the purposes and means for data processing in its own right (i.e., acts as a data controller or in a similar capacity) under applicable data privacy laws. A list of relevant Vialto data controllers in Germany is set out in Schedule 1.

Please read this Notice carefully. If you have any questions about this Notice, how and why we process your personal data, or you wish to exercise any rights you may have over your personal data, please contact privacy@vialto.com.

2. Personal Data Types and Retention
Personal data means any information relating to an identified or identifiable living individual. It does not include data which has been aggregated, de-identified or anonymized.

Depending on the role you are applying for, we may collect (directly or indirectly), store and use the following categories of personal data about Candidates:

  • Personal details and characteristics such as your name, address and previous addresses, birthplace and date, phone numbers, email address, passport details, government and other identifiers, and photographs.
  • Information contained in your resume/C.V. and cover letter or provided as part of a background, reference, or credit check (where permissible under local law), including occupational details, current job title, current job description, previous employment records, office location, education details, qualifications, credit history, copies of right to work documentation, references and other information from our application form.
  • Economic, financial, and insurance information, including historic salary, benefits and incentives, income and financial information, tax situation, bank account details.
  • Information about your use of technology resources when using our application portal, including IP address.
  • Your communications with us, including information you provide to us during interviews.
  • Tests or qualification exam results from any assessments that are required to work with us.

Where permissible under applicable law, we may also collect (directly or indirectly), store, and use information that may identify or infer information about you in connection with more sensitive types of personal data including:

  • Protected classifications: Information about your race or ethnicity, religious/philosophical beliefs, sexual life/orientation, political opinions, and trade union membership if you provide it to us.
  • Health information: Information about your health, including any medical condition, health and sickness records.
  • Consumer reporting information and criminal convictions: Information about your history, if any, of criminal convictions and offenses.

You may be required to provide certain personal data to Vialto affiliates so that we may consider your suitability for the role for which you are applying. If you fail to provide any personal data that is required, we may be unable to continue evaluating your application.

We retain your personal data for the duration of the relevant recruitment processes/discussions and as long as necessary thereafter to fulfil the purposes described above. Typically, we may retain your personal data for up to a ten (10) year period after we have received your application. You explicitly agree that we may retain your personal data for such period(s). We do this (i) so we can show, in the event of a legal claim or other grievance, that we have not discriminated against candidates on prohibited grounds and that we have conducted the recruitment exercise in a fair and transparent way, and (ii) so we can keep a record of individuals who have unsuccessfully applied to us in the past so we can identify repeat applicants.

We may extend the retention period if we are required to preserve your personal data in connection with litigation, investigations and proceedings, or if a longer retention period is required by applicable law. After this period, we will not retain your personal data.

We may also extend the retention period if you ask us to inform you about future job opportunities. In this situation, we will obtain your explicit consent to retain your personal data for a fixed period on that basis.

If your application is successful, Vialto may further process your personal data provided to us in the recruitment process and retain it as described in any applicable employee privacy notice, which will be provided to you in connection with your onboarding process.

3. Collection of Personal Data
We collect personal data about Candidates through the recruitment process, either directly from you or an employment, staffing or recruiting agency. We may also collect additional personal data about you from other third parties including, where permitted by law, professional background check providers, credit reference agencies, former employers, and your named or other references. We may also gather personal data about you from publicly available sources (e.g . , public registers or internet search engines).

4. Legal Basis and Use of Personal Data
We use your personal data for the following purposes:

  • Recruitment: managing and administering recruitment processes, carrying out background checks, making travel arrangements, assessing your skills, qualifications, and suitability for the vacancy you are applying for, communicating with you about the recruitment process, making offers to successful Candidates, personnel onboarding, and keeping records related to our hiring process to monitor and ensure fairness in our practices. We process personal data for these purposes on the basis that it is necessary for our legitimate interests in managing and administering our business and recruiting personnel for Vialto. The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Legal and compliance: compliance with legal and other requirements such as immigration, record-keeping, and reporting obligations, reviewing HR processes, political contribution, responding to legal process such as subpoenas and court orders, pursuing legal rights and remedies, defending litigation and managing any internal complaints or claims, conducting investigations and complying with internal policies and procedures. We process personal data for these purposes on the basis that we are required to do so by law, it is in our legitimate interests to do so, including where it is necessary for the establishment, exercise, or defence of legal claims. The processing is necessary for compliance with a legal obligation to which the controller is subject.
  • Communications, facilities and emergencies: facilitating communications with you, protecting the health and safety of anyone visiting our premises, operating, administering, managing, improving and analysing performance and use of postal and IT systems and applications the Vialto network uses, and safeguarding office equipment, facilities, and other property. We process personal data for these purposes on the basis that it is necessary for our legitimate interests in managing and administering our business, and administering, maintaining, and ensuring the security of our IT systems and premises. The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
  • Sensitive data: We may also, where permissible under applicable law, collect certain types of sensitive personal data in limited circumstances, with your explicit written consent. We only collect your sensitive personal data for specific purposes, including the collection of health or medical information for accessibility and fitness for work purposes and diversity-related personal data (such as gender, race, or ethnicity) for equal opportunity monitoring and reporting purposes. We do not collect your sensitive personal data unless we are required to do so in order to carry out our legal obligations or exercise rights in connection with your potential employment, it is needed in the public interests (such as for equal opportunities monitoring), or (in limited circumstances) you have, in accordance with applicable law, provided your explicit consent.
  • Criminal convictions information: Depending on the role you apply for, we may need to collect information about your criminal convictions history during the application process, if we intend to offer you employment (conditional on checks and any other conditions, such as references, being satisfactory). Where the law allows or requires us to, we will carry out a criminal records check in order to satisfy ourselves that there is nothing in your criminal convictions history which makes you unsuitable for employment with us. We will inform you directly where we need to perform criminal convictions checks on you for your application. We process personal data for these purposes on the basis that it is necessary for compliance with our legal obligations, where applicable, or on the basis of your explicit consent.

We do not use your personal data for purposes of automated decision-making.

5. Personal Data Disclosure
We may disclose your personal data to third parties when required to do so by law or regulatory requirements to which you or we are subject, where it is necessary to administer the recruitment process or where we have another legitimate interest in doing so such as where it is necessary for the operation of our business. Examples of when we may disclose personal data about you include:

  • If we are required to do so by law or legal process, for example due to a request from a law enforcement or other governmental authority, a subpoena, court order, or discovery request;
  • When we believe disclosure is necessary or appropriate to prevent physical harm or financial loss;
  • When we believe in good faith that such disclosure is necessary or appropriate in connection with any activity that violates the law (including relating to intellectual property, fraud, contracts, and privacy) or may expose Vialto to liability;
  • In connection with the investigation of suspected or actual fraudulent or other illegal activity; and
  • In the event we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution, or liquidation).

We may disclose your data with service providers that perform services on our behalf, such as payment service providers, benefits service providers, analytics providers, translation service providers, and hosting providers. As required by applicable law, we permit them to use or disclose personal data only as necessary to perform services on our behalf or comply with applicable legal requirements.

We may transfer the personal data that we collect about you to recipients in countries other than the jurisdiction in which the personal data originally was collected. Where we share your personal data outside of any such jurisdiction, we will do so using appropriate and suitable safeguards (e.g., in the EEA, the European Commission-approved Standard Contractual Clauses) in compliance with applicable data protection laws. The laws in the jurisdiction to which we transfer your personal data may be less protective of it than those in which you reside or in which we received it. For more information or any questions, please contact privacy@vialto.com .

6. Personal Data Security
Vialto uses commercially reasonable efforts to protect the confidentiality and security of personal data it obtains in the course of its business. Access to such personal data is limited, and policies and procedures are in place that are designed to safeguard the personal data from loss, misuse and improper disclosure.

7. Personal Data Rights
Candidates applying for a position with Vialto in certain locations may have the following rights under applicable data privacy law to:

  • Request access to your personal data (known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request us to correct any incomplete or inaccurate personal data that we hold about you.
  • Request us to delete or remove from our systems your personal data.
  • Object to the processing of your personal data where there is no valid reason for us continuing to process it. You may also request us to stop processing your personal data where we are relying on a legitimate interest for doing so and there is something about your particular situation that makes you want to object to our processing on this ground.
  • Request us to suspend processing of your personal data, for example, if you want us to establish its accuracy or the reason for processing it.
  • Request the transfer of your personal data to another party.
  • Withdraw your previous consent to us collecting, processing and transferring your personal data for a specific purpose.
  • Contact the applicable data protection authority regarding any issue, concerns, or complaints you have regarding the use of your personal data.
  • Appeal our refusal to take action on a request listed above.

To exercise any of these rights, any appeal on our refusal to take action on a request, or designate an authorized agent to make a request on your behalf, please contact us at privacy@vialto.com. As a part of processing some of your requests, we may require you or your authorized agent to provide certain personal data in order to verify your identity in accordance with legal requirements. If you are not satisfied with how Vialto resolved your matter, you have the right to complain to your country’s data protection authority. You can also refer the matter to a court of competent jurisdiction.

SCHEDULE 1 
List of Vialto Entities in Germany
Vialto Germany Rechtsanwaltsgesellschaft mbH
Vialto Partners Steuerberatungsgesellschaft mbH

© 2025 Copyright Vialto Partners. All Rights Reserved.
Ethics Whistleblower HelpLineLegal (Privacy statement)DisclosuresPrivacyCookie settingsCookie policyTerms and conditions