Lilium GmbH, together with all of its affiliates (referred to collectively herein as “Lilium”, the “Company”, “Our” or “We”) is committed to the protection of information relating to job applicants and their individual applications. Protecting the confidentiality and integrity of personal data is a critical responsibility that Lilium takes seriously. We will ensure that personal data is always processed in accordance with applicable data protection regulations.
Personal Data, Processing of Personal Data and Legal Basis
Personal data is any information relating to an identified or identifiable natural person. Personal data includes e.g., name, email address or telephone number information about hobbies, memberships or websites viewed. Special categories of personal data mean personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and also means genetic data, biometric data for the purpose of uniquely identifying a natural person, and data concerning health or data concerning a natural person’s sex life or sexual orientation.
Data processing means any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
To the extent that the processing of personal data is (also) subject to UK, Swiss, and/or U.S. data protection laws, the country-specific Addendums respectively set out in Annex 2 will (also) apply.
Lilium GmbH, Claude-Dornier Str. 1, Geb. 335, 82234 Wessling, Germany
Phone: +49 (0)151 25388676
Lilium GmbH centrally manages the application process and the related processing of personal data at the Company. There are instances where Lilium GmbH may share your personal data with other (relevant) Lilium affiliates. This is especially the case if your application relates to a job position (i) at one of these affiliates or (ii) for a team whose supervisor(s) or team members are located at one or several of the affiliates.
Lilium GmbH and its respectively relevant affiliates have:
- jointly determined the purposes and means of processing in relation to such sharing of personal data including subsequent processing (excluding processing of personal data which is exclusively performed by one affiliate and where the purposes and means have not been jointly determined with other affiliates) in these instances; and
- are jointly performing such processing.
Relevant affiliates of Lilium GmbH are incorporated in the Netherlands, Germany, Switzerland, the UK, and the United States of America.
In relation to the affiliates located outside of the EU, the following applies:
Whenever your personal data is shared with Lilium’s affiliates in Switzerland or the UK, we rely on the respective adequacy decisions of the European Commission regarding Switzerland and the UK, through which these territories are deemed to provide an adequate level of data protection. The decisions may be found here and here.
Whenever your personal data is shared with Lilium’s affiliate in the United States, we rely on Standard Contractual Clauses issued by the European Commission, as published here, as appropriate safeguards to protect your personal data when it is processed outside of the European Union (“EU”).
Data Protection Officer
Lilium GmbH and Lilium eAircraft GmbH have appointed a Data Protection Officer who may be reached via firstname.lastname@example.org.
What kind of personal data will Lilium process in connection with the recruitment process?
We may process your contact details including name, email, address and telephone number, gender, your career history, qualifications, country of residence, language skills and any other personal data (e.g., passport, citizenship, education certificates, as well as user data regarding your account on our Website) you include in your job application, your business social network profile and in interactions with Lilium. We may also ask for additional information to assist with our recruitment process and in the event that you are offered a job (e.g., date of birth and work documents).
How do we use your personal data?
We process your personal data:
- to fulfill our contractual or pre-contractual obligations (based on Art. 6 (1) 1 b. GDPR) or – as applicable – for the purpose of the commencement or performance of the employment relationship with you (Section 26 (1) 1 BDSG). We use your data:
- To contact you, communicate with you, update you, and to facilitate your application;
- To make decisions related to the recruitment process;
- To offer an online-application system that is connected to our Website;
- To respond to your questions or concerns; and/or
- To verify your identity and get agreements signed with you.
- to process
- user data regarding the usage of our services in relation to your account on our Website that we usually aggregate, pseudonymize or anonymize; and
- the personal data we collect as described above including your feedback on the recruitment process to and based on our legitimate interest to improve the quality of our service (based on Art. 6 (1) 1 f. GDPR - if and to the extent such data are considered personal data).
- for the establishment, exercise, or defense of legal claims (based on Art. 6 (1) 1 f. GDPR and, in case of special categories of personal data, based on Art. 9 (2) f. GDPR).
- to comply with our legal obligations (based on Art. 6 (1) 1 c. GDPR) where the basis for the processing is laid down by EU or Member State law.
- for employment-related purposes and in relation to special categories of personal data - if it is necessary to exercise rights or comply with legal obligations based on labor law, social security and social protection law and if there is no reason to assume that you do not have an overriding legitimate interest for the data not to be processed (based on Section 26 (3) 1 BDSG).
- to comply with our legal obligations (based on Art. 6 (1) 1 f. GDPR and our legitimate interest to achieve compliance with legal obligations) where the basis for the processing is not laid down by EU or Member State law that may especially apply to non-EU laws to which our affiliates are subject to (for example, if we are required to provide personal data of a U.S. job applicant to a U.S. authority).
- with your explicit consent (based on Art. 6 (1) 1 a. GDPR, Art. 9 (2) a. GDPR or Section 26 (2) and (3) 2 BDSG), for example, to store your information to keep you informed about other opportunities if you wish us to do so. You may withdraw such consent with effect for the future at any time via email to email@example.com.
If you send us a job application of yours that includes special categories of data, we will not be able to process your application without your consent to the processing of your special categories of data.
- if you are someone other than the job applicant, for example, individuals mentioned in the job application or someone who refers a job applicant to us – to and for our legitimate interest to perform the job application process (based on Art. 6 (1) 1 f. GDPR).
Am I required to provide my personal data?
In general, you are not legally or contractually required to provide your personal data to us as an applicant. However, if you do not provide your personal data, we may not be able to consider your application, or you may face certain disadvantages. For example, Lilium would not be able to provide you with information and answers in our recruiting process.
Third Parties processing your personal data
We use third-party providers and hosting partners to provide the necessary administration, accounting, software, storage, outsourced IT services and related technology required to run our recruiting processes. Please see the list of third-party providers we utilize to run our recruiting processes in Annex 1 and the reasons we may share your personal data with them.
We will never share your personal data with a third party without a legal basis (e.g., your prior consent). For further information you may contact us any time via email to firstname.lastname@example.org.
Is my personal data processed outside the EU?
Personal data is transferred outside the EU due to the integration of cloud/hosting, mailing and career management services who work on our behalf and assist us in carrying out our business activities. Such providers that process data outside the EU are identified in Annex 1.
Information we collect from other sources
We may collect some personal data about you from public sources to verify the details that you provide to us. Such public sources may include Google, LinkedIn, Twitter, or other social media websites. The data collected from public sources is not used to create a personality profile.
In cases where you, as a job applicant, are referred to us via a third party (such as a head-hunter), the third-party may provide us with some of the kind of personal data that is described above, such as the personal data included in your CV.
In cases where we identify you as a potential job seeker through external resources (e.g., a business social network), which could be publicly available, we obtain your personal data from such sources.
In cases where a job applicant is referred to us by you or you are mentioned in the job application of someone else, we may obtain your personal data from the job applicant or the third party (such as a head-hunter) who has shared a job application with us.
According to Art. 15 GDPR, you have the right to obtain confirmation from us as to whether personal data concerning you is being processed by us. Where that is the case, you have a right to access the personal data and obtain further information.
According to Art. 16 GDPR, you may have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
According to Art. 17 GDPR, you may have the right to obtain erasure of personal data concerning you if:
- it is no longer necessary in relation to the purpose for which it is collected;
- you have withdrawn your consent on which the processing is based;
- you have objected to the processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Art. 21 (2) GDPR;
- your personal data has been unlawfully processed;
- your personal data must be erased for compliance with a legal obligation to which Lilium is subject; and/or
- your personal data has been collected in relation to the offer of information society services pursuant to Art. 8 (1) GDPR.
We will refrain from deleting your personal data, where we have a legal right or are under a legal obligation not to do so.
According to Art. 18 GDPR, you may have the right to obtain the restriction of processing. Such right shall exist if:
- you contested the accuracy of the personal data;
- the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead;
- the personal data is no longer needed for the purposes of the processing, but it is required by you for the establishment, exercise, or defense of legal claims; and/or
- you have objected to processing pursuant to Art. 21(1) GDPR pending the verification of whether our grounds legitimately override yours.
According to Art. 19 GDPR, you have the right to obtain information about the recipients of data to whom the rectification, erasure, or restriction of processing has been communicated, upon your request.
According to Art. 20 GDPR, you have the right to obtain personal data concerning you, which you have provided to us, in a structured, commonly used, and machine-readable format and to transmit the data to another controller. Insofar as this is technically feasible, you can request that we transfer the data directly to another data controller.
You also have the right, without prejudice to any other administrative or judicial remedy and to complain to a supervisory authority in the EU Member State of your usual residence, place of work or place of the alleged infringement. An overview of the supervisory authorities in Germany and the EU may be found here or here.
To exercise your rights under this paragraph, you can contact us without any formality by post or e-mail at the points of contact listed above.
How long do we keep your information?
Consent for Storing your Data
With your explicit consent (which we collect on our Career Portal), we will keep your information on our Career Portal in case any other job opportunities become available that you might be interested in. Assuming you do not obtain employment with us, we will automatically delete your account on our Career Portal and the personal data associated with it after 24 months of inactivity on your account. You may withdraw such consent with effect for the future at any time via email to email@example.com.
How to reach out?
If you have any questions, comments or concerns about any aspect of this Policy or how Lilium handles your personal data please email our team in the first instance on firstname.lastname@example.org.
Annex 1: Third Parties processing your personal data
|3rd party provider||Service category||Processing outside EEA||Additional information|
|“MS Teams” by Microsoft, 1 Microsoft Way, Redmond, WA 98052, USA||Video Interviews||Yes||
Any personal data you share in a video or related chat will be processed by the engaged third-party platform (MS Teams, or Zoom) for using their service and will be shared with Lilium for the purpose of and as part of the recruitment process. If you do not want to share your data via video call with us, please let us know and we will arrange a meeting in person or a phone call instead.
|“Zoom” by Zoom Video Communications, Inc., 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA||Video Interviews||Yes||Any personal data you share in a video or related chat will be processed by the engaged third-party platform (MS Teams, or Zoom) for using their service and will be shared with Lilium for the purpose of and as part of the recruitment process. If you do not want to share your data via video call with us, please let us know and we will arrange a meeting in person or a phone call instead.|
|“Workday Inc.” 6110 Stoneridge Mall Rd · 94588 Pleasanton, CA, USA||HR Platform||Yes|
|“CultureAmp” by Culture Amp Limited (CRN 10067991) 1st Floor, 35 Luke St, London EC2A 4LH, UK||Surveys||Yes|
|Greenhouse Software, Inc., 110 Fifth Avenue, 3rd Floor, New York, NY 10011, USA||Receiving and Managing Job Applications via our Website||Yes||
In the “Careers” section of our Website interested individuals are forwarded to the Greenhouse Software website www.greenhouse.io and may apply for job openings and submit and upload related personal data, such as name, email address, LinkedIn-profile, information on why you would like to join, your CV and other personal documents.
Such data may be processed on servers outside the EU and provided to us or the Greenhouse Software after you clicked the respective ‘submit application’ button on the Greenhouse website www.greenhouse.io
|Amazon Web Services, Inc., 410 Terry Avenue North Seattle, WA 98109, USA (“AWS”)||Hosting your Data provided through the Website or Service||Yes|
|“DocuSign” by DocuSign Inc., 221 Main St., Suite 1000, San Francisco, CA 94105, USA||E-Signing Agreements||Yes|
Annex 2: Country-specific Addendums
Interpretation of this Addendum
This Addendum shall mean the UK Addendum.
UK Data Protection Laws shall mean all laws relating to data protection, the processing of personal data, privacy and/or electronic communications in force from time to time in the UK, including the UK GDPR and the Data Protection Act 2018.
UK GDPR shall mean the UK GDPR, as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.
UK ICO shall mean the UK Information Commissioner’s Office.
UK shall mean the United Kingdom.
UK Specific Provisions
- The reference to “Applicable legal provisions” shall refer to the “UK Data Protection Laws and such other laws as may be applicable from time to time”.
- References to the “European Union”, “EU”, "European Economic Area", “EEA”, “EU Member State” and "Member State/s" are all replaced with the “UK”.
- References to the "European Commission" shall be replaced with the "UK ICO".
- In relation to transfers of personal data to Lilium Aviation Inc., the relevant paragraph shall be amended as follows:
“Wherever your personal data is shared with Lilium Aviation Inc., we rely on (i) EU Standard Contractual Clauses issued by the European Commission, as published here, as amended by a UK Addendum or (ii) UK Standard Contractual Clauses respectively issued by the UK ICO as appropriate safeguards to protect your personal data when processed outside of the UK or such other appropriate safeguards as may be required from time to time. If not publicly available, we grant you a copy of the respective appropriate safeguards or provide further information where they have been made available.”
- In relation to your right to lodge a complaint to a supervisory authority, the following wording shall be incorporated: “If you are in the UK, you may contact the UK ICO to lodge a complaint.”
These country-specific amendments shall apply to job applications and other recruitment-related contacts and communications with our Swiss-based affiliate, Lilium Schweiz GmbH (our “Swiss Affiliate”), by job applicants and other third parties involved in a particular job application (e.g., referral, previous employer), regardless of their nationality.
- References to the GDPR shall include references to the Swiss Federal Act on Data Protection (“Swiss DPA”), as amended from time to time;
- References to transfers outside the EU shall include transfers outside of Switzerland;
- References to the adequacy decisions of the European Commission shall include references to the equivalent adequacy assessment by the Swiss Federal Data Protection and Information Commissioner or the Swiss Federal Council, as applicable;
- Job applicants' personal data may be processed in Europe and Switzerland as well as in any country in the world (please see the list of our third-party providers and their locations in Annex 1 above); and
- Where a recipient of personal data is located in a country that does not provide an adequate level of data protection, the Swiss Affiliate will rely on appropriate safeguards, unless it can rely on an exception (e.g., legal proceedings abroad or consent of the job applicants).
The following information may apply to you if you are located in the United States.
Definition of Personal Information. Personal information means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you within the context of you acting as a job applicant. It does not include aggregated or deidentified information that is maintained in a form that is not capable of being associated with or reasonably linked to you.
- Background Check Information: when permitted by applicable law, we may choose to conduct a background check in connection with your application such as to verify professional and educational history and qualifications or identify criminal history that may be relevant for a position with us. The results of the background check may include personal information we do not already have about you.
- Equal Opportunity Information: with your consent, we may also process information such as age, race, ethnicity, national origin, citizenship, sex, gender identity, sexual orientation, religion, disability or accommodation request, or marital or veteran status when you choose to provide it, but it will not be used in the hiring decision (unless specifically permitted by law).
Note that video backgrounds may inadvertently provide sensitive personal data such as your political affiliation, medical condition, religious belief, gender identity and sexual identification, biometric information, and genetic information to the extent there are posters, art, photos, or other background material. As such, please be mindful of your surroundings when selecting your interview location.
Although we often collect the personal information described above directly from you, we may also collect certain information from references, recruiters, job-related social media sites (such as LinkedIn), and publicly available sources. In addition, we may also collect this information through service providers and other third parties that collect it on our behalf, such as communications providers, scheduling providers and application providers.