The career page and the job portal are provided and operated by HENSOLDT AG, Willy-Messerschmitt-Strasse 3, 82024 Taufkirchen, Germany, phone: +49.89.51518-0, e-mail: info@hensoldt.net.

The HENSOLDT company responsible for processing your personal data in connection with your application for a specific job posting is the respective company named in that particular job posting. You can find an overview of the relevant HENSOLDT group companies in Section 11 of this privacy policy.

You can contact the Data Protection Officer of HENSOLDT AG at

Data Protection Officer
HENSOLDT AG, Taufkirchen
Willy-Messerschmitt-Strasse 3
82024 Taufkirchen
Mail: dataprotection@hensoldt.net

The subject of data protection is the protection of personal data. This is all information that relates to an identified or identifiable natural person (so-called data subject). This includes information such as name, postal address, email address or telephone number, but also other information that arises during the application process, such as information about your qualifications, education, or professional background.

We process personal data insofar as this is necessary for the provision of the career page and the job portal as well as to carry out the application process and, if applicable, to prepare an employment, training or internship relationship or other employment with you, in particular for the following purposes:

• Recording and checking applications,
• Application management and implementation of the selection process (forwarding to the relevant internal departments, organization and implementation of job interviews, management and administration of staffing),
• Organization and implementation of selection days and tests for certain application procedures, such as vocational training or general application days.

Data processing is carried out based on Art. 6 para. 1 lit. b GDPR (General Data Protection Regulation). In this respect, we process the personal data that is required to carry out the application process.

If we obtain your consent for certain data processing, the legal basis is Art. 6 para. 1 lit. a GDPR, Section 26 para. 2 BDSG (Federal Data Protection Act).

We carry out some data processing on the basis of our legitimate interests, whereby a balance is always struck between your interest’s worthy of protection and our legitimate interests. The legal basis for this is Art. 6 para. 1 lit. f GDPR.

Insofar as the processing is necessary to fulfill a legal obligation to which we are subject, the legal basis is Art. 6 para. 1 lit. c GDPR.

Further information on data processing on the career page can be found in the data protection notice of our company website at https://www.hensoldt.net/de/data-protection-notice

Our career page provides a job portal where you can create a profile and submit job applications.

We use a cloud-based applicant management tool from an external provider for the purpose of operating our job portal. We have concluded a data processing agreement with the provider in accordance with Art. 28 GDPR. Under this agreement, the provider is responsible for ensuring the necessary protection of your data and processing it exclusively on our behalf and in accordance with our instructions, in line with the applicable data protection regulations. We use the service provider to enable us to offer you our job portal. The platform itself and the data processed therein are located in data centres in Frankfurt, meaning they are processed within the EU.

If you are interested in the job advertisements on our career page, you will be automatically redirected to our job portal when you access vacancies directly via the 'Job advertisements' link. We use a frame to transmit your data. This means that the job portal is embedded directly in our career page, so you may not notice the transition, as our job portal also has HENSOLDT´s design.

5.1. Data processed when visiting the job portal

When you access our job portal, we collect data about how you interact with it, including your device and user ID, information about your operating system, which subpages you access during your visit, and the date and time of each request you make (“usage data”). This data is temporarily stored in a log file.

This data is collected for technical reasons, in order to display the job portal to you and to ensure its stability and security. This data is processed to ensure a smooth connection to the portal, user-friendly use, and system security and stability.

The legal basis for processing this data is Art. 6 para. 1 lit. f GDPR. Our legitimate interest arises from the aforementioned processing purposes. Under no circumstances do we use the collected data to draw conclusions about you as an individual. This data will be deleted as soon as it is no longer required for the purpose of its collection.

5.2. Use of cookies

We use cookies on our job portal. These are small text files assigned to your browser and stored on your device via a unique identifier. Information flows via these files to the website that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, so they cannot cause any damage. They make the job portal more user-friendly, effective and pleasant for you.

Some cookies contain data that enables your device to be recognized. In some cases, cookies only contain information on settings that cannot be assigned to a specific person. However, cookies do not allow any direct conclusions to be drawn about a user.

There are two types of cookie: session cookies, which are deleted as soon as you close your browser, and persistent cookies, which are stored beyond the individual session. Only cookies that are technically necessary are used in our career portal. These cookies are essential for navigating the website, using basic functions, and ensuring the security of the job portal. They do not collect any information about you for marketing purposes, nor do they store the websites you visit.

The legal basis for using such cookies is Section 25 para. 2 no. 2 of the Telecommunications Digital Services Data Protection Act (TDDDG).
You can delete any cookies that have already been stored on your device at any time. To prevent the storage of cookies, you can adjust your internet browser settings accordingly. Instructions for popular browsers such as Internet Explorer, Firefox, Google Chrome, Google Chrome Mobile, Microsoft Edge, Safari and Safari Mobile can be found online. Alternatively, you can install ad blockers. Please note that some of our website's functions will not work if you have deactivated cookies.

5.3. Registration and login

In order to apply via our job portal, you must first register.

The following personal data is collected and processed in the course of registration:

• First and last name
• Email address
• Country / region of residence
• Password (freely chosen)
• Visibility of the application profile (also see section 7)

Once you have registered, you will receive personal, password-protected access to the job portal. Before using the job portal, you can log in using your email address and the password you have chosen. You can then view the job offers you are interested in and apply for them.

The legal basis for data processing is Art. 6 para. 1 lit. b GDPR, the necessary processing of your data in the recruiting process to carry out the application procedure, as well as Art. 6 para. 1 lit. f GDPR, our legitimate interest in enabling you to apply via our job portal.

You can cancel your registration at any time by logging out and deleting your user account. You can initiate the deletion yourself via the job portal. If you have any questions, please contact: jobs@hensoldt.net.

5.4. Submitting applications

After registering, you can enter your applicant data via your personal user account, apply for advertised vacancies and upload the application documents requested or selected by yourself to the job portal. Various types of data may be processed in the course of using the job portal, depending on which data is required for the application in question or is submitted voluntarily via the portal. In detail, this may be the following data:

Data that you provide when setting up your personal user account or when creating a candidate profile in the course of applications:

• Nationality *
• Second nationality *
• Place of birth *
• Curriculum vitae *
• Language skills *
• Salary expectations *
• Reference (How you became aware of HENSOLDT) *
• Indication whether you have already worked for HENSOLDT in the past *

Other data that you send us in the course of applications via the job portal or application documents uploaded there:

• Title
• Postal address
• Phone / mobile number
• Motivation to apply
• Applicant status (application as experienced professional, university graduate, student, trainee, pupil)
• Cover letter
• Data on possible impairments
• Employment references, professional, training, and further education qualifications
• Portrait photo
• Information on your gender

The provision of personal data via our job portal is generally voluntary for you. However, some of the information requested within the portal is marked as a mandatory field (also marked as a mandatory field in the list above with a *). If these fields are not completed, we will not be able to process your application and will not consider it in the selection process.

You have the option of deleting the information and documents you have entered in your personal user account at any time. You can initiate the deletion yourself via the job portal. If you have any questions, please contact: jobs@hensoldt.net.

If you wish to delete the user account altogether, we will delete your personal data with the exception of such data that we must continue to store in order to fulfill legal obligations or that we have a legitimate interest in continuing to store in order to defend against any claims that may still be asserted (e.g. under the General Act on Equal Treatment -Allgemeines Gleichbehandlungsgesetz – AGG – see also Section 6).

5.5. Data processing in the application process

In the further application process, your data will generally be processed in relation to the respective advertised position and only passed on to departments that are involved in the application process and carry out the selection process. As a rule, this is our HR department (Human Resources or HR Business Partner (HRBP)) and, depending on the position advertised, the relevant specialist department/training manager and, if applicable, other persons entrusted with handling the application process, such as the works council or the representative body for severely disabled employees. All parties involved will treat your application documents with due care and in the strictest confidence. The purpose of data processing is to carry out the application procedure to select suitable applicants in the recruitment process. Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

Below, you can find an overview of the possible processing of your application for a position at German HENSOLDT companies. Please note that specific data processing may differ depending on the job advertisements and application processes, as well as the legal requirements of the country in which you are applying.

5.5.1. Permanent employment (standard process for permanent/fixed-term positions) and employees in marginal employment

When applying for positions with a regular permanent position (permanent/fixed term) and for positions in marginal employment, applications are recorded via our job portal. Our Human Resources departments and the relevant specialist department/manager then review the application, invite suitable applicants to an interview and then decide whether to hire or reject the applicant. The processing of your personal data takes place on the legal basis of Art. 6 para. 1 lit. b GDPR, to decide on the establishment of an employment relationship with you.

5.5.2. Applications from candidates with severe disabilities/equal status

If the application procedure involves applicants with severe disabilities/equal status, the responsible representative body for severely disabled employees (Social Code (SGB) Book Five (V)) is also involved in the selection process in accordance with Section 164 (1) sentence 1 Book Nine of the Social Code, which, in addition to the other bodies, checks the suitability of the applicants and, at the applicant's request, also takes part in the interview. In addition, the company representative body/works council is involved in the process. The processing of your personal data takes place on the legal basis of Art. 6 para. 1 lit. b GDPR, for the decision on the establishment of an employment relationship with you and based on Art. 6 para. 1 lit. c GDPR in conjunction with § 164 para. 1 sentence 4 of Book Nine of the Social Code.

5.5.3. „Secure Hire“ (positions relevant to security/export control)

The purpose of the security check is to determine in advance on an individual basis whether there are any facts to cast doubt on the personal integrity of the person being checked.

If a job advertisement includes the filling of a position that is considered security-relevant or export control-relevant, applicants must also provide additional information about themselves ("Secure Hire"): For this purpose, we collect the following additional personal data from you via the Secure Hire questionnaire. For positions with security relevance, these are

• Last name, first name
• Current place of residence
• If the residence has not been in Germany continuously for the last 5 years, further information about the residence(s) will be requested: in which countries, address, length of stay and the reason for the stay.
• Place and country of birth
• Citizenships: first, second and third citizenship, as well as renounced citizenships
• Possession of a U.S. Green Card
• Country of birth father
• Country of birth mother

If the applicant is: married, in a registered civil partnership, in a relationship or cohabitation (or similar), further information about the partner must be filled in:

• Last name, first name
• Current place of residence
• If the residence has not been in Germany continuously for the last 5 years, further information about the residence(s) will be requested: in which countries, address, length of stay and the reason for the stay.
• Place and country of birth
• Citizenships: first, second and third citizenship, as well as renounced citizenships
• Country of birth father
• Country of birth mother

For positions with export control relevance, these are

• Last name, first name
• Citizenships: first, second and third citizenship, as well as renounced citizenships
• Possession of a U.S. Green Card

If the position is security-relevant, our internal Security Officer then checks the applicant's details. If the vacancy is relevant to exports, the Export Control department is usually involved in the review process. The data is collected in order to be able to make the necessary assessment on the basis of the information provided as to whether the candidate can fulfill the existing security and export control-related restrictions.

The procedure follows the statutory provisions, in particular the Security Review Act and the rules laid down in the Security Manual, the validity of which is recognized as legally binding by the conclusion of a public law contract between the Federal Republic of Germany and HENSOLDT. In the case of international projects, regulations agreed at intergovernmental level must also be observed.

The legal basis for data processing in the context of the examination of applicants for security-relevant positions is therefore Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. c GDPR in conjunction with the Security Screening Act, SÜG and supplementary administrative regulations as well as the General Administrative Regulation on Material Secret Protection (EUCI).

5.5.4. Trainees and dual students

Applications for advertised training positions are also submitted via our job portal. After suitable applicants have been screened by the respective trainers in our specialist departments, suitable candidates are invited to complete an aptitude test (for data processing in the context of aptitude tests, see section 5.5.8. below). The test result is then transferred to the applicant's profile, which is viewed by the training departments/manager. In addition, depending on the type of job posting, applicants must go through the Secure Hire process (for data processing as part of the Secure Hire process, see above under „Secure Hire“, 5.5.3.). Suitable applicants are then invited to interview days or job interviews. The interviews are generally conducted in the presence of the training department, the Human Resources department and, in some cases, the Works Council. The responsible trainer/manager then makes the decision to hire or reject the applicant, considering all aspects including the results of the aptitude tests and the secure hire procedure.

The processing of your personal data takes place on the legal basis of Art. 6 para. 1 lit. b GDPR, for the decision on the establishment of the training relationship with you and in the verification of security-relevant applicant information in accordance with Art. 6 para. 1 lit. c in conjunction with the Security Screening Act (SÜG) and supplementary administrative regulations as well as the General Administrative Regulation on Material Secret Protection (EUCI).

5.5.5. Young people

In the case of application procedures to fill so-called „young people positions“ (internships, student trainees, final thesis, vacation workers), candidates are selected by our responsible manager in the relevant specialist department (student supervisor) after the application is received via the job portal, who reviews and pre-selects the applications, invites suitable candidates to an interview, conducts the interview and then decides whether to hire or reject the candidate. Further processing is then carried out by the Human Resources department. The processing of your personal data takes place on the legal basis of Art. 6 para. 1 lit. b GDPR, for the decision on the establishment of the training relationship.

5.5.6. Student internship

Students can apply for student internships. Once the application has been received via the job portal, candidates are selected by the coach (trainer), who reviews the applications, checks the placement opportunities within the available training workshops (technical student internships) or in the commercial departments (commercial student internships) and decides on the allocation of internship places based on the qualifications of the applicants and available placement opportunities. On request, a certificate of attendance can be issued to the school before the internship begins. An internship certificate will be issued after the internship has been completed. The processing of your personal data takes place on the legal basis of Art. 6 para. 1 lit. b GDPR.

5.5.7. Combined training

We also support Thales Deutschland GmbH (Thales) as our network partner in its recruitment of trainees. During our cooperation, Thales acts as a data controller within the meaning of Art. 4 No. 7 GDPR, for which we act as a processor in accordance with Art. 4 No. 8 GDPR regarding the data processing carried out. Accordingly, we have concluded an order processing contract with Thales in accordance with Art. 28 GDPR.

Apprenticeships at Thales are advertised on the company's own website at Thales Applications are sent directly to Thales. Once the applications have been received, they are reviewed by Thales and an initial pre-selection is made as to the extent to which the respective applicants appear suitable for the training position. Thales then forwards the application documents of applicants deemed suitable to us. On behalf of Thales, we then carry out a recruitment test with the applicants (for data processing in our recruitment tests, see 5.4. below) and then forward the respective test results to Thales for review and evaluation. If Thales still considers applicants to be suitable, Thales will arrange interviews, which are generally attended by representatives of the respective Thales department, the works council and one of our trainers. The final hiring decision is made by Thales. In the course of the subsequent training, the Thales trainees also complete training stations in our specialist departments, in accordance with the respective Thales specifications and the valid existing training regulations.

Further information on data protection in the application process at Thales can be found at https://www.thalesgroup.com/en/privacy-statement.

5.5.8. Carrying out aptitude tests (CyQuest)

As part of application procedures that require the performance of aptitude tests, we use the online assessments of the provider CyQuest GmbH, Heußweg 25, 20255 Hamburg (hereinafter „CyQuest“). We have concluded an order processing agreement with CyQuest in accordance with Art. 28 GDPR. According to this agreement, CyQuest undertakes to ensure the necessary protection of your data and to process it in accordance with the applicable data protection regulations exclusively on our behalf and in accordance with our instructions.

If you take an aptitude test, you will first receive an applicant ID from us, which is generated by our linked applicant management system in order to be able to assign the results of the online aptitude test to you as a specific applicant. CyQest itself can only assign all your entries to the pseudonymous applicant ID.

Upon receipt of your application, you will receive an invitation e-mail with an access key to the online assessment and a login link. The applicant ID from our job portal, the invitation date, language variables and job codes, for example, are encrypted in this key. You can use this access key to log in to CyQuest Online Assessment and then take the online test, whereby the test results are generated in real time and assigned to your user ID. After completion of the test, the results are provided in the form of a database-readable text file (XML), imported into our job portal and assigned to your application profile and serve as further information for the selection decision. Automated decision-making or profiling within the meaning of Art. 22 GDPR does not take place.

The data processing of the e-mail address, applicant ID, access key, answers to aptitude test questions and evaluation results is carried out for the purpose of carrying out the aptitude test required for filling the position as part of the application procedure; the legal basis is Art. 6 para. 1 lit. b GDPR.

In addition, the following data is processed when you access the online assessment platform:

• Operating system used
• Information about the browser type and version used
• Name of the access provider
• IP address of the requesting computer
• Date and time of the call
• Manufacturer and type designation of the smartphone, tablet or other end device, if applicable
• Name of the page accessed
• Referrer URL (origin URL from which you came to the website)

The collection of this data is technically necessary in order to display the website to you and to ensure its stability and security. The aforementioned data is processed for the purposes of ensuring the smooth establishment of a connection to the website, its convenient use and system security and stability. The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest follows from the aforementioned processing purposes.

5.6. Use of headhunters and personnel service providers

In the application process, we only collect data that we receive directly from you as part of the application process by sending us your application documents for advertised positions via the job portal. If no suitable candidate can be found using the procedures already in use in the recruitment process via our job advertisements, we also use personnel service providers as headhunters. Based on a job profile provided by us, our service providers support us in the search for and selection of suitable applicants, from whom we then receive your application profiles. The purpose of our data processing is to find suitable applicants as part of the recruiting process. The legal basis for our data collection from our recruiter (headhunter) and the subsequent processing is Art. 6 para. 1 lit. b GDPR or your consent pursuant to Art. 6 para. 1 lit. a GDPR.
In cases in which the commissioning of headhunters by us constitutes processing by a processor, we ensure that the necessary protection of your data is guaranteed and that your data is processed exclusively on our behalf and in accordance with our instructions by agreeing a data processing agreement in accordance with Art. 28 GDPR.

5.7. Employee referral program

As part of our recruiting process, we also use our employee referral program („Refer a friend Program“). This enables our employees to approach you as a person from their private environment or professional network for a job at our company and, if you are interested, to enter your data (first and last name, email-address, country of your residence). For this purpose, our employee will record your relevant application data in our HR management software, subject to your prior consent. The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future without giving reasons.

After reviewing and comparing your application profile with open vacancies, we use the communication data provided by you for this purpose (usually e-mail-address) to contact you as part of the recruiting process and to initiate the application procedure. The purpose of data processing is to screen whether you are a suitable applicant for currently open job profiles and to carry out the subsequent application process. The legal basis is Art. 6 para. 1 lit. b GDPR.

5.8. Completion of the application process

If, at the end of the recruitment process, we conclude an employment or training contract with you or enter into an internship relationship or other employment, we will continue to process your data for the purposes of this employment relationship insofar as this is necessary for its implementation or termination or for the exercise or fulfillment of the rights and obligations of the representation of employees' interests arising from the law, a collective agreement or a works agreement. The legal basis for the data processing described is Art. 6 para. 1 lit. b GDPR (implementation of the employment relationship).

If you have applied but have received a rejection from us for the position in question, or if we have met you by other means (events in schools, trade fairs, personal contacts, unsolicited applications, etc.) and we assume that you may be able to fill vacancies in our company in the future due to your qualifications, you have the opportunity to register in our talent pool if you receive a registration link from us. To implement our talent pool, we use the talent relationship management system "myVeeta" from the provider Talent Solutions GmbH, Kölblgasse 2/II, 1030 Vienna, . For information on data processing in our talent pool, see 5.8 below.

At your request, we will reimburse you for the costs you incur in connection with an interview. We will process your email address and your name to address you personally as well as the information you provide in the application form, which is usually the date of the interview, address, bank details, choice of transport and amount of travel expenses. The data will be checked by our Human Resources department during processing and then forwarded to our accounting department for reimbursement. The data processing is carried out for the purpose of the proper processing of the reimbursement claim; the legal basis for the data processing is the implementation of pre-contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

5.9. Talent Pool „myVeeta“

To implement our talent pool, we use the talent relationship management system "myVeeta" from the provider Talent Solutions GmbH, Kölblgasse 2/II, 1030 Vienna. MyVeeta is a web platform for specific services with the aim of supporting job seekers and companies before, during and after the recruitment process. We are registered users of myVeeta with our company.

If you have applied to us but have received a rejection from us for the job or position in question, or if we have met you by other means (e.g. at job fairs or personal contacts etc.) and we assume that you may be able to fill vacancies in our company in the future based on your qualifications, you have the opportunity to register in our talent pool. You will receive a personal invitation and a registration link from us.

After registering on myVeeta, you can provide us with information such as your application and contact details about yourself in the talent pool, e.g.

• Personal data such as name, address, and date of birth
• Contact details (incl. email address and telephone number)
• Curriculum vitae (incl. education, professional experience, skills, etc. plus any attachments)
• Professional expectations (desired job, place of work, salary expectations, etc.)

We use your data to find suitable positions for you and to contact you in this regard and to send you interesting job offers and information. Your data will only be used internally; we will never pass your data on to third parties. The data will not be used for automated decision-making (profiling). The legal basis for data processing is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.
You can change, add to, or delete your data yourself at any time. Your data will also be deleted if you leave our talent pool and delete your profile. By doing so, you also withdraw your consent to the processing of your data.
The data you provide to us in the talent pool will not be transferred to our company's own systems. If we offer you a job via myVeeta, please apply via our job portal.

For the data processing in our talent pool on myVeeta, we have concluded an agreement with Talent Solutions GmbH for order processing in accordance with Art. 28 GDPR.

When you register with myVeeta, you also have the sole right to decide - independently of our talent pool - whether and, if so, to which other companies registered on myVeeta you wish to make your documents and data available. However, you can only register for our talent pool if you have received our registration link from us.

If you use myVeeta outside of our talent pool to contact other companies, Talent Solutions GmbH is the independent controller for the data processing carried out in accordance with Art. 4 No. 7 GDPR. The privacy policy (https://www.myveeta.com/en/talents/dataprotection/) of Talent Solutions therefore applies.

5.10. Notification of new job postings and general information on career opportunities

When registering in our job portal, you have the option to subscribe to email notifications about new job postings and/or general information about career opportunities at HENSOLDT. If you select this option during registration, you consent to the use of your data (in particular your email address) for this purpose.

The legal basis for processing your personal data for this purpose is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

You can withdraw your consent at any time with effect for the future via the link to the settings in the job portal, which is provided in the emails, as well as directly via the settings in the job portal.

We store the data you provide to us during the application/recruitment process for as long as is necessary for the decision on your application with us.

If an employment, training, internship, or other contractual relationship does not result from the recruitment process, we may continue to store your data if this is necessary for the defense against possible legal claims (for example, under the German General Equal Treatment Act (AGG)).
Application documents from Germany are generally deleted no later than six months after the rejection decision is notified, unless an extended storage period is exceptionally required due to the assertion or defense of legal claims. You will not receive a separate notification regarding the deletion of your data.

Your profile in our job portal will be automatically deleted by the system after six months of inactivity (time since the last login). Before your profile is deleted due to such inactivity, you will receive an email reminder that the deletion is imminent. You will then have the opportunity to log in again before the automatic deletion takes place, which will reset the six-month period and prevent your profile from being deleted.

Your personal data will not be transferred to third parties unless,

• you have given your express consent to this,
• the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
• there is a legal obligation for the disclosure,
• the transfer is legally permissible and necessary for the processing of contractual relationships with you.

Within the HENSOLDT Group, your data will only be processed for the application process in relation to the respective advertised position and will only be passed on to departments that are involved in the application process and carry out the selection process. As a rule, this is our human resources department and, depending on the position advertised, the responsible specialist department/training manager and, if applicable, other persons entrusted with handling the application process, such as the works council or the representative body for severely disabled persons.

If we are unable to offer you this position at the end of the selection process, but there is another vacant position within our Group that could match your application profile, we will offer you the opportunity to have your application considered for open job profiles at other Group companies by contacting us. We will only forward your application to other companies within the HENSOLDT Group if you give us your prior consent to do so. In this case, we may forward your application to one or more of the following Group companies, depending on the job profile advertised. You will be informed during the course of communication which group companies will receive your data.

The legal basis for data processing is your consent in accordance with Art. 6 para. 1 lit. a. GDPR. You can withdraw your consent given to us in whole or in part at any time without giving reasons with effect for the future. To do so, please contact jobs@hensoldt.net.

When creating your user account in the job portal, you have the option, regardless of your application for a specific position, to select which HENSOLDT companies, in addition to HENSOLDT AG, can view the information in your user profile. You can optionally choose between visibility for other job postings from all HENSOLDT companies in your country and visibility for other job postings from all HENSOLDT companies worldwide. The legal basis for the transfer of your personal data to these companies is your consent according to Art. 6 para. 1 lit. a GDPR. You can revoke the consent given and thus the visibility of your data for other HENSOLDT companies at any time by adjusting the settings in your user account. An overview of the HENSOLDT companies that can view the information in your user profile depending on the settings you have made can be found under section 11 of this privacy policy.

External service providers and partner companies will only receive your data if this is necessary to carry out the recruiting process. In these cases, however, the scope of the data transmitted is limited to the minimum required. Insofar as our service providers process your personal data on our behalf, we ensure that they comply with the provisions of the data protection laws in the same way as part of processing on behalf in accordance with Art. 28 GDPR.

Service providers who support us in the fulfilment of our tasks may have access to your data. These are especially service providers from the following categories:

• Hosting service providers for the operation of our servers
• Development service providers for programming, development, maintenance, and support of software applications, in particular the online application system
• IT service providers to support and provide our services
• Service providers for the implementation of aptitude and recruitment tests (e.g. CyQuest)
• Personnel service providers/head-hunters to support the selection of applicants

Service providers used by us must meet special confidentiality requirements. They are only given access to your data to the extent and for the period required to fulfil the tasks. The respective service provider is responsible for the content of external services, whereby we check the services for compliance with the legal requirements within the scope of reasonableness.

We attach great importance to processing your data within the EU/EEA. However, we may use service providers who process data outside the EU/EEA. In the case of such data transfers, the high European level of data protection does not apply. In such cases and where required by applicable data protection law, HENSOLDT will take measures to ensure appropriate and adequate safeguards for the protection of personal data elsewhere.

• We only pass on your data to HENSOLDT Group companies in third countries if they have concluded EU standard contractual clauses with HENSOLDT.
• We only transfer your data to external recipients in third countries if they have concluded EU standard contractual clauses with HENSOLDT or another appropriate safeguard within the meaning of Article 46 of the GDPR is in place.

If you have any questions about such data protection contracts based on the EU standard contractual clauses or would like more information on further security mechanisms and security measures for data transfers to third countries, please feel free to contact us by email at dataprotection@hensoldt.net.

We use the widespread SSL (Secure Socket Layer) method in conjunction with the highest level of encryption supported by your browser.
You can tell whether an individual page of our website is transmitted in encrypted form by the closed display of the key or lock symbol in the upper status bar of your browser.

We also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or unauthorized access by third parties. Our security measures are continuously improved in line with technological developments.

10.1. General rights

Under the respective conditions, the existence of which must be checked in each individual case, you have the following rights:

• the right to obtain information about the processing of your personal data (Article 15 GDPR)
• the right to request the rectification or completion of inaccurate or incomplete personal data (Article 16 GDPR),
• the right to erasure (Article 17 GDPR),
• the right to request the restriction of processing (Article 18 GDPR),
• the right to receive your personal data in a structured, commonly used and machine-readable format (data portability) or to transfer it to a third party (Article 20 GDPR).

In cases where data processing is based on your consent, you have the right to revoke your consent at any time with effect for the future. Processing that took place before the revocation is not affected by the revocation.

To exercise these rights, please contact: dataprotection@hensoldt.net or jobs@hensoldt.net or contact the above-mentioned controller or Data Protection Officer by post using the contact details provided.

10.2. Rights in data processing according to the legitimate interest

In accordance with Art. 21 para. 1 GDPR, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is based on Art. 6 para. 1 lit. e GDPR (data processing in the public interest) or on Art. 6 para. 1 lit. f GDPR (data processing to safeguard a legitimate interest); this also applies to profiling based on this provision. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defense of legal claims.

10.3. Right to lodge a complaint with a supervisory authority

Without prejudice to these rights and the possibility of seeking any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority at any time, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes data protection regulations (Art. 77 GDPR).

You can find the responsible supervisory authorities for our group companies in the following section.

We reserve the right to change or adapt this privacy policy at any time in compliance with the applicable data protection regulations.

Status: 01.07.2025