Information on Data Protection for Applications

  1. Home
  2. |
  3. Contact
  4. |
  5. Information on Data Protection for Applications

Information on Data Protection for Applications
(Art. 13 f. GDPR), Status September 2022

In the following, we provide information about the collection of personal data when applying for employment.

Definition of personal data
Personal data are all data that can be related to you personally, e.g. name, address, e-mail address, application photo, information in the curriculum vitae such as school and professional background, performance evaluations (certificates), marital status or date of birth.

Responsible person
The person responsible according to Art. 4 No. 7 GDPR is the respective company in our group of companies to which the application or the intended employment relationship refers: Sturm Holding GmbH (parent company) and/or Sturm Maschinen- & Anlagenbau GmbH (subsidiary).

Data sources
We process personal data which we receive from you, from recruitment agencies or from publicly accessible sources (e.g. professional networks) in the context of the decision to establish an employment relationship by contacting you. In addition, we receive personal data of interns and trainees from the municipality of Salching.

Purpose and legal basis for the processing
The data will be processed by us to the extent necessary for the decision on the establishment of an employment relationship. The legal basis for this is § 26 para. 1 Federal Data Protection Act (BDSG) in conjunction with Art. 88 para. 1 GDPR.

Passing on of the data
Data is only passed on
a) within the company to which you are applying to those positions that require it in order to decide whether to establish an employment relationship.
Processors employed by us (Art. 28 GDPR) may also receive data for these purposes. These are companies in the categories of IT services, telecommunications, consulting and marketing, address research and data destruction, but also the parent company Sturm Holding GmbH, which performs central tasks for its subsidiaries, especially in the areas of personnel recruiting and administration as well as in the financial sector. To protect your data, data protection agreements have been made with these companies in accordance with legal requirements.
b) to third parties, if legal provisions permit or require this. This includes public bodies and institutions such as social insurance agencies, tax authorities, police/public prosecutor’s office, supervisory authorities or auditors as well as other companies such as banks/credit institutions, shipping and collection companies or the company doctor.

Data security
We maintain up-to-date technical measures to ensure the protection of personal data. These are adapted to the current state of the art in each case.

Duration of storage
Personal data will only be stored by us for as long as it is necessary to achieve the respective purpose, statutory storage obligations exist or the data is required by us to secure and enforce statutory claims. Storage beyond this period is permitted for a maximum of two years after consent.

Your rights
You have the right to request information from us at any time about the personal data we have stored about you (Art. 15 GDPR). This also applies to the recipients or categories of recipients to whom this data is passed on and the purpose of the storage.
In addition, you have the right to demand correction under the conditions of Art. 16 GDPR and/or deletion under the conditions of Art. 17 GDPR and/or restriction of processing under the conditions of Art. 18 GDPR.
Furthermore, you may at any time request data transmission under the conditions of Art. 20 GDPR.

Please address all requests for information, requests for disclosure, revocations or objections to data processing by e-mail to our data protection officer at For more detailed information, please refer to the full text of the GDPR, which is available on the Internet at, and to our data protection declaration, which can be viewed on the Internet at

You also have the opportunity to complain to the responsible supervisory authority about data protection issues.

Download area