Data protection for applicants EN/RU/CN

DATA PROTECTION DECLARATION FOR APPLICANTS

Dear applicant,

Thank you for your interest in our company. In accordance with the provisions of Articles 13, 14 and 21 of the General Data Protection Regulation (GDPR), we hereby inform you about the processing of personal data that you have provided during the application process and that we may have collected, as well as your rights in this regard. To ensure that you are fully informed about the processing of your personal data during the application process, please take note of the following information.

1 Controller

BAUER COMP Holding GmbH

Wolfratshauser Straße 80

81379 Munich

Telephone: +49 (0) 89 / 78049 – 0

Email: info@bauer-kompressoren.de

2 Contact details of the data protection officer

You can contact the data protection officer at

Proliance GmbH

www.proliance.ai

Data Protection Officer

Leopoldstr. 21

80802 Munich

Email: datenschutzbeauftragter@proliance.ai

When contacting the data protection officer, please state the company to which your enquiry relates. Please also refrain from including sensitive information, such as a copy of your ID card, with your enquiry.

3 General information on data transfer to third countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission may exist in accordance with Art. 45 (1) GDPR. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be found at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or linked to the fulfilment of additional conditions.

For example, the adequacy decision for data transfers to the USA only applies to companies certified under the EU-U.S. Data Privacy Framework. The certification status of a participating company can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When your data is transferred to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to seek legal redress.

To ensure an adequate level of data protection when transferring your data to recipients in such third countries, we therefore ensure that appropriate safeguards within the meaning of Art. 46 GDPR are in place.

Standard data protection clauses of the European Commission in accordance with Art. 46 (2) (c) GDPR are therefore regularly concluded either by us or by the service providers we use. They oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on the Standard Contractual Clauses (SCCs) - European Commission. If you require further information on the modules of the standard data protection clauses or supplementary measures concluded by us in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

For certain recipients, data transfers may also be based on binding internal data protection regulations (BCR) approved by the supervisory authorities in accordance with Art. 46 (2) (b) GDPR. These can be viewed at the following link: Approved Binding Corporate Rules | European Data Protection Board.

If the standard data protection clauses or binding internal data protection regulations are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures will be taken to secure the data transfer. In addition, regular reviews and assessments are carried out to determine whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures need to be taken.

Further information on data transfers to third countries can be found in the relevant cases below in the section on data processing or services used, "Data processing in third countries".

4 General information on the use of artificial intelligence

Artificial intelligence (AI) may be used in the processing of your data. Either entire AI systems and assistants for general use are used, or specific AI functions integrated into other services and software solutions are used to perform specific tasks.

4.1 Use of AI systems and assistants for general purposes

We use AI systems or assistants for general purposes throughout the company. The use of these AI systems and assistants is not limited to individual functions or activities, but can be applied across a range of applications.

These systems are usually based on large language models and can be used flexibly for a variety of purposes, such as assisting with text creation, responding to internal enquiries or analysing content.

In this context, personal data may be processed in so-called "prompts". A prompt is an input request or instruction that our employees send to the AI system in order to obtain a specific output. The AI systems process these inputs and generate corresponding outputs, which may also contain personal data. These outputs can in turn be further processed and used.

With this type of AI use, it is not possible to provide a definitive list of the personal data that is processed in detail. However, we would like to emphasise that:
The input of highly personal and sensitive data does not take place as a matter of principle.
If the processing of personal data is unavoidable, it is limited to the minimum necessary.
It is ensured that any personal data entered is not used for training the AI model used.

We have compiled a list of the AI systems and assistants we use for general purposes below.

4.1.1 Microsoft CoPilot

Our company uses the AI system "Microsoft CoPilot" from Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.

Description of data processing and purpose

When using Microsoft Copilot, prompts in the form of requests, questions, documents, images and other content can be entered and generated. These may then be processed internally or externally, as long as such processing is permissible within the scope of our business activities. For example, we use CoPilot for:

Research and questioning
Revising documents

It cannot be ruled out that CoPilot prompts may contain personal data or that this data may be included in responses. In principle, all categories of personal data that we hold about you may be affected, although the entry of sensitive personal data is expressly prohibited.

The use of the processed data for training the AI model by Microsoft is contractually excluded.

The purpose of data processing and our legitimate interest lie in enabling a more efficient way of working and facilitating the performance of certain work tasks within the scope of the aforementioned activities.

Legal basis for data processing

Data processing is carried out in accordance with Art. 6(1)(1)(f) GDPR in our aforementioned legitimate interest.

Recipients

As part of data processing, your data will be transferred to the following recipients:

Microsoft Ireland Operations, Ltd, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland,
Microsoft Corporation, One Microsoft Way, Redmond WA 94043, USA.

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA, there is an adequacy decision by the EU Commission with regard to companies certified under the EU-U.S. Data Privacy Framework. Microsoft Corporation is certified under the EU-U.S. Data Privacy Framework.

Additional information on this and further links can be found above in the section "General information on data transfers to third countries".

Storage period

When you use CoPilot, data is transferred to the above-mentioned recipients and stored there for as long as necessary to achieve the stated purposes. In addition, this data is processed in our own systems for as long as necessary to achieve the stated purposes. We will then delete your data from our operational systems, unless data processing is still permitted for another purpose specified in this statement and on a corresponding legal basis.

4.1.2 ChatGPT Enterprise

Our company uses the AI system "Chat GPT Enterprise" from Open AI Inc., 3180 18th St, San Francisco, CA 94110, USA.

In the European Union (EU) and the European Economic Area (EEA), the service is provided by OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre 117-126 Sheriff Street Upper Dublin 1, D01 YC43, Ireland.

Description of data processing and purpose

When using ChatGPT, prompts in the form of requests, questions, documents, images and other content can be entered and generated. These may then be processed internally or externally, as long as such processing is permissible within the scope of our business activities. For example, we use ChatGPT for:

Research and questioning,
Revising documents.

It cannot be ruled out that ChatGPT prompts may contain personal data or that this data may be included in responses. In principle, all categories of personal data that we hold about you may be affected, although the entry of sensitive personal data is expressly prohibited.

The use of the processed data for training the AI model by OpenAI is contractually excluded.

Legal basis for data processing

Data processing is carried out in accordance with Art. 6(1)(1)(f) GDPR in our aforementioned legitimate interest.

Recipients

As part of data processing, your data will be transferred to the following recipients:

OpenAI Ireland Ltd., 1st Floor, The Liffey Trust Centre 117-126 Sheriff Street Upper Dublin 1, D01 YC43, Ireland,
Open AI Inc., 3180 18th St, San Francisco, CA 94110, USA

Data processing in third countries

Your data will be transferred to recipients in third countries. For data transfers to the USA where the recipients are not certified under the EU-U.S. Data Privacy Framework, there is no adequacy decision by the EU Commission. Therefore, standard data protection clauses are concluded and further measures are taken to ensure an adequate level of data protection.

Additional information on this topic and further links can be found above in the section "General information on data transfer to third countries".

Storage period

When using ChatGPT, data is transferred to the above-mentioned recipients and stored there for as long as necessary to achieve the stated purposes. In addition, this data is processed in our own systems for as long as necessary to achieve the stated purposes. We will then delete your data from our operational systems, unless data processing is still permitted for another purpose specified in this statement and on a corresponding legal basis.

4.2 Use of specific AI functions

In addition to the use of AI systems and assistants for general purposes, we use specific, purpose-built AI functions and extensions for certain data processing operations or when using certain services and software solutions.

Such AI functions and extensions may, for example, be integrated into the software we use in the context of one of the data processing operations described here. In this case, specifically defined tasks are always performed using AI.

In these cases, we provide separate information in the relevant section below about the specific use, its purpose and the type and scope of data processing.

5 Data protection information for applicants

5.1 Data processing in the application process

Description of data processing and purpose

We process your personal data to the extent necessary to decide whether to establish an employment relationship with us.

We only process data that is related to your application. This may include general personal data (name, address, contact details, etc.), information about your professional qualifications and education, information about further professional training and, if applicable, other data that you provide to us in connection with your application.

If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship, insofar as this is necessary for the implementation or termination of the employment relationship or for the exercise or fulfilment of the rights and obligations of employee representation arising from a law or a collective agreement, a works or service agreement (collective agreement).

The legal basis for data processing

The legal basis for data processing is Art. 88 GDPR in conjunction with § 26 (1) BDSG or Art. 6 (1) sentence 1 lit. b GDPR, insofar as data processing is necessary for the decision on the establishment of an employment relationship.

If you give us your express consent to process personal data for specific purposes, the lawfulness of this processing is based on your consent in accordance with Section 26 (2) BDSG and Article 6 (1) (a) GDPR. Consent that has been given can be revoked at any time with effect for the future.

The legal basis for any further processing for the purpose of establishing or terminating the employment relationship is Art. 88 GDPR in conjunction with Section 26 (1) BDSG or Art. 6 (1) (b) GDPR.

Source

We process personal data that we receive from you when you contact us or apply for a job via the upload function of our career portal, by post or by email, or that you send to us via job portals and professional networks of your choice, or that we receive from recruitment agencies.

Recipients

As part of data processing, your data will be transferred to the following categories of recipients, which we use in the context of data processing to achieve the aforementioned purposes:

Service providers who provide us with personnel or applicant management systems and software,
Software service providers who provide us with solutions for internal and external communication, for creating and editing documents, and for managing databases.

Data processing in third countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR may exist. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be viewed at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or linked to the fulfilment of additional conditions.

We therefore ensure that appropriate safeguards within the meaning of Art. 46 GDPR are in place to ensure an adequate level of data protection when transferring your data to recipients in such third countries.

Standard data protection clauses of the European Commission pursuant to Art. 46 (2) (c) GDPR are therefore regularly concluded either by us or by the service providers we use. They oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on the Standard Contractual Clauses (SCCs) - European Commission. If you require further information on the modules of the standard data protection clauses or supplementary measures concluded by us in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

If the standard data protection clauses or binding internal data protection rules are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures will be taken to secure the data transfer. In addition, regular reviews and assessments will be carried out to determine whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures need to be taken.

Storage period

We store your personal data for as long as is necessary to decide on your application. Your personal data and application documents will be deleted no later than 6 months after the end of the application process (e.g. notification of rejection), unless longer storage is legally required or permitted.

Beyond this, we only store your personal data to the extent that this is required by law or in specific cases to assert, exercise or defend legal claims for the duration of a legal dispute.

If you have consented to the longer storage of your personal data, we will store it in accordance with your declaration of consent.

If the application process results in an employment, training or internship relationship, your data will initially continue to be stored, to the extent necessary and permissible, and then transferred to the personnel file.

If applicable, you may receive an invitation to join our talent pool following the application process. This allows us to consider you for suitable vacancies in our applicant selection process in the future. If we have your consent, we will store your application data in our talent pool in accordance with your consent or any future consents.

Necessity of providing personal data

The provision of your personal data in the context of application processes is voluntary. However, we can only make a decision to establish an employment relationship or establish an employment relationship with you if you provide the personal data necessary to process your application.

5.2 Transfer of applicant data to companies in the BAUER GROUP

Description of data processing and purpose

If your application matches a job profile at another company in our group and you give us your express consent to transfer your data, we will forward your application to a specific company in our group on a case-by-case basis.

The purpose of data processing is to be able to consider applicants for other potentially suitable positions at companies within the group to which they have not directly applied.

Legal basis for data processing

Data processing is carried out on the basis of your consent in accordance with Art. 6 (1) (a) GDPR or in accordance with country-specific laws (in Germany on the basis of § 26 (2) BDSG). If you provide special categories of personal data within the meaning of Art. 9 GDPR in your application letter or other documents provided by you (e.g. a photo that reveals your ethnic origin, information about severe disability, etc.), the consent pursuant to Art. 9 (2) GDPR expressly also applies to this data.

Your consent is voluntary and can be revoked at any time with effect for the future. To exercise your right of revocation, please contact us using the contact details provided above under "Controller".

Recipients

In the context of data processing, your data will be transferred to the following categories of recipients or recipients that we use in the context of data processing to achieve the aforementioned purposes:

Service providers who provide us with personnel or applicant management systems and software,
IT service providers who support us in the implementation, administration and maintenance of our IT systems,
Software service providers who provide us with solutions for internal and external communication, for creating and editing documents, and for managing databases,
Companies within our group of companies to which we forward your application in individual cases.

These are in particular the following recipients:

Affiliated companies of the BAUER GROUP.

Data processing in third countries

Your data may also be processed in countries outside the European Union (EU) and the European Economic Area (EEA).

For data transfers to certain third countries, an adequacy decision by the EU Commission pursuant to Art. 45 (1) GDPR may exist. Such a decision establishes that an adequate level of data protection exists in the third country. A list of previous adequacy decisions can be found at the following link: Data protection adequacy for non-EU countries.

The scope of an adequacy decision may also be limited to a specific group of recipients or linked to the fulfilment of additional conditions.

For example, the adequacy decision for data transfers to the United States only applies to companies certified under the EU-U.S. Data Privacy Framework. The certification status of a participating company can be viewed at the following link: Participant Search (dataprivacyframework.gov).

When transferring your data to recipients in third countries for which no adequacy decision exists, there is a risk that local authorities may access your data for security and surveillance purposes without you being informed or being able to seek legal redress.

In order to ensure an adequate level of data protection when transferring your data to recipients in such third countries, we therefore ensure that appropriate safeguards within the meaning of Art. 46 GDPR are in place.

We or the service providers we use therefore regularly conclude standard data protection clauses of the European Commission in accordance with Art. 46(2)(c) GDPR. These clauses oblige the recipient of the data in the third country to process it in accordance with the European level of protection. The clauses can be viewed at the following link: Publications on the Standard Contractual Clauses (SCCs) - European Commission. If you require further information on the modules of the standard data protection clauses or supplementary measures concluded by us in individual cases, we will be happy to provide you with a copy. In this case, simply contact us using the contact details provided above under "Controller".

For certain recipients, data transfers may also be based on binding corporate rules (BCR) approved by the supervisory authorities in accordance with Art. 46(2)(b) GDPR. These can be viewed at the following link: Approved Binding Corporate Rules | European Data Protection Board.

If the standard data protection clauses or binding internal data protection regulations are not sufficient to guarantee the level of protection, additional technical, contractual or organisational measures will be taken to secure the data transfer. In addition, regular reviews and assessments will be carried out to determine whether these additional measures continue to guarantee an adequate level of data protection or whether further supplementary measures need to be taken.

Storage period

We process the data collected until the transfer to the respective company within our group of companies is complete. We then delete your data from our operational systems, unless data processing is still permitted for another purpose specified in this statement and on a corresponding legal basis.

6 Data protection information for other data processing

6.1 Fulfilment of other legal obligations

Description of data processing and purpose

We process personal data if this is necessary to fulfil a legal obligation. The scope of the data to be processed is determined by the legal obligation we are required to comply with.

Legal basis for data processing

In these cases, the legal basis for the processing of your data is Art. 6 (1) (c) GDPR in conjunction with the respective legal norm that imposes such an obligation on us.

These may be provisions from the German Fiscal Code (AO), e.g. Section 147 AO, the German Commercial Code (HGB), e.g. Section 257 HGB, or the German Code of Criminal Procedure (StPO).

Recipients

In the context of data processing, your data will be transferred to the following categories of recipients or recipients that we use in the context of data processing to achieve the aforementioned purposes:

Tax advisors,
auditors,
Financial or investigative authorities,
lawyers,
Experts,
courts.

Storage period

We store your data to the extent necessary for as long as this is necessary to achieve the aforementioned purpose. The storage period is determined by the special legal provisions at , which oblige us to store or process data for up to 10 years, with the specific start of the storage periods being determined by the respective special law.

We will then delete your data unless data processing, possibly also in other systems, is still permitted on the basis of another legal basis.

6.2 Exercise or defence of legal claims

Description of data processing and purpose

In addition, we process your data in individual cases for the purpose and in the interest of asserting legal claims, for example to enforce our claims due to unpaid invoices, provided that your data is relevant to a legal dispute.

In addition, we process your data in individual cases for the purpose and in the interest of defending against legal claims brought against us, for example in the event of claims for liability for material defects, provided that your data is relevant to a legal dispute.

Legal basis for data processing

The legal basis for the processing of your data is Art. 6 (1) (f) GDPR.

Recipients

Tax advisors,
auditors,
financial or investigative authorities,
lawyers,
Experts,
courts.

Storage period

We store your data in individual cases to the extent necessary for as long as this is necessary to achieve the aforementioned purpose. We then delete your data unless data processing, possibly also in other systems, is still permitted on another legal basis or is mandatory for us (e.g. in the case of statutory retention obligations).

7 Your rights

Below you will find information on the rights granted to you by the applicable data protection law with regard to the controller in relation to the processing of your personal data:

The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details.

The right to request the immediate correction of inaccurate or incomplete personal data stored by us in accordance with Art. 16 GDPR.

The right to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.

The right to request the restriction of the processing of your personal data in accordance with Art. 18 GDPR, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have objected to the processing pursuant to Art. 21 GDPR.

The right, pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request its transfer to another controller.

The right to lodge a complaint with a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state of our registered office indicated above or, if applicable, that of your usual place of residence or workplace.

The right to withdraw consent granted in accordance with Art. 7(3) GDPR: You have the right to withdraw your consent to the processing of data at any time with effect for the future. In the event of withdrawal, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent at . The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to object

If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 (1) (f) GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that this is done for reasons arising from your particular situation. If the objection is directed against the processing of personal data for direct marketing purposes, you have a general right of objection without the need to specify a particular situation.

If you wish to exercise your right of revocation or objection, please contact us using the contact details provided above under "Responsible party".

8 Status of the privacy policy

This privacy policy was last amended on 24 October 2025.

DATA PROTECTION DECLARATION FOR APPLICANTS

My Account

Товары

Решения

Cервис и поддержка

Предприятие

Title 4