Privacy notice for applicants (short version)

Controller (Verantwortlicher)

The following legal entities may be responsible for processing your personal data as part of the application and recruitment process:

  • Universitätsklinikum Hamburg-Eppendorf, Körperschaft des öffentlichen Rechts, Martinistraße 52, 20246 Hamburg
  • KFE | Klinik Facility-Management Eppendorf GmbH, Martinistraße 52, 20246 Hamburg
  • KSE | Klinik Service Eppendorf GmbH, Martinistraße 52, 20246 Hamburg
  • KGE | Klinik Gastronomie Eppendorf GmbH, Martinistraße 52, 20246 Hamburg
  • KTE | Klinik Textilien Eppendorf GmbH, Martinistraße 52, 20246 Hamburg
  • KLE | Klinik Logistik & Engineering GmbH, Martinistraße 52, 20246 Hamburg
  • Martini-Klinik am UKE GmbH, Martinistraße 52, 20246 Hamburg
  • Ambulanzzentrum des UKE GmbH, Martinistraße 52, 20246 Hamburg

The specific legal entity responsible is the one that has advertised the respective position and named in the respective job advertisement in E-Recruiting under "Contact person" or "Contact".

Data protection officer

Data Protection Officer appointed for all legal entities mentioned under section A. I.  can be reached under:

[Name of respective legal entity]

Datenschutzbeauftragter

Martinistr. 52

20246 Hamburg

Telefon: 040/7410-56890

E-Mail: dsb@uke.de  

Purposes and legal basis of data processing

Carrying out the application procedure and, if applicable, inclusion in a talent pool pursuant to Art. 6 para. 1 lit. b) GDPR, § 26 BDSG [Federal Data Protection Act]; Art. 6 para. 1 lit. a), Art. 9 para. 2 lit. a) GDPR; Art. 6 para. 1 lit. c), Art. 9 para. 2 lit. c) GDPR, regarding log files Art. 6 para. 1 lit. b) GDPR in conjunction with Sec. 25 para. 2 no. 2 Telecommunications-Telemedia Data Protection Act.

Categories of data processed

Master data (e.g. name, age, contact details),

qualifications, CV, other details from the application,

documents from the application and the application process,

salary and salary expectations, information on family circumstances, data concerning health, data additionally processed by directly supporting operational resources.

Obligation to provide the applicant data

You are not obliged to provide personal data and decide yourself on the scope of the data provided. However, if you do not provide us with any data or provide insufficient data, this may result in your application being rejected.

Source of data

Your application and statements in selection interviews.

Recipients or categories of recipients

The Software is hosted by milch & zucker Talent Acquisition & Talent Management Company AG and provided as a cloud service. The cloud service provider receives the data described in this Art. 13 GDPR as a processor. Universitätsklinikum Hamburg-Eppendorf, Körperschaft des öffentlichen Rechts, may also be a processor for individual legal entities.

Your application documents with personal data may be processed by various departments (Bereiche) and committees (Gremien) within the respective legal entity as part of the application process (e.g. the staff councils (Personalrat) as part of the statutory co-determination, etc.). The respective legal entity is always controller and therefore responsible for data protection.

Storage period /

Deletion periods

Upon recruitment:              Depending on the duration of the contract and the existing retention                                                                                         periods for personnel files (up to 5 years after termination of                                                                                                     employment).

Otherwise:                           Differentiated concept

Data subject rights (Betroffenenrechte)

You have the following rights under the respective legal requirements:

  • Information about the data processed by the UKE, Art. 15 GDPR.
  • Correction and completion of your data, Art. 16 GDPR.
  • Deletion of your data, Art. 17 GDPR
  • Blocking of your data, Art. 18 GDPR
  • Data portability, Art. 20 GDPR
  • Objection to processing, Art. 21 GDPR

Complaints / supervisory authority

You can complain to the competent data protection supervisory authority if you believe that the processing of your applicant data violates applicable data protection law. You can reach this authority as follows:

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str 22, 20459 Hamburg, 040/42854-4040, mailbox@datenschutz-hamburg.de

Here you will find the long version of our data protection information.