Book a demo Log in / Sign up

Recruitment Privacy Notice Template for Germany

Generate a bespoke document

  • England and Wales
  • Scotland
  • Northern Ireland
  • Ireland
  • United States
  • Alabama (USA)
  • Alaska (USA)
  • Arizona (USA)
  • Arkansas (USA)
  • California (USA)
  • Colorado (USA)
  • Connecticut (USA)
  • Delaware (USA)
  • Florida (USA)
  • Georgia (USA)
  • Hawaii (USA)
  • Idaho (USA)
  • Illinois (USA)
  • Indiana (USA)
  • Iowa (USA)
  • Kansas (USA)
  • Kentucky (USA)
  • Louisiana (USA)
  • Maine (USA)
  • Maryland (USA)
  • Massachusetts (USA)
  • Michigan (USA)
  • Minnesota (USA)
  • Mississippi (USA)
  • Missouri (USA)
  • Montana (USA)
  • Nebraska (USA)
  • Nevada (USA)
  • New Hampshire (USA)
  • New Jersey (USA)
  • New Mexico (USA)
  • New York (USA)
  • North Carolina (USA)
  • North Dakota (USA)
  • Ohio (USA)
  • Oklahoma (USA)
  • Oregon (USA)
  • Pennsylvania (USA)
  • Rhode Island (USA)
  • South Carolina (USA)
  • South Dakota (USA)
  • Tennessee (USA)
  • Texas (USA)
  • Utah (USA)
  • Vermont (USA)
  • Virginia (USA)
  • Washington (USA)
  • West Virginia (USA)
  • Wisconsin (USA)
  • Wyoming (USA)
  • Austria
  • Denmark
  • France
  • Germany
  • Lithuania
  • Luxembourg
  • Malta
  • Netherlands
  • Poland
  • Portugal
  • Romania
  • Slovakia
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Australia
  • New Zealand
  • Singapore
  • Hong Kong
  • India
  • Malaysia
  • Pakistan
  • United Arab Emirates
  • Qatar
  • Saudi Arabia
  • South Africa
  • Nigeria
  • Canada
  • Brasil
  • Monaco
  • Bermuda
  • Cayman Islands
  • Gibraltar
  • Isle of Man
  • Mauritius

What is a Recruitment Privacy Notice?

The Recruitment Privacy Notice is a mandatory document required under Article 13 and 14 of the GDPR and corresponding provisions of the German Federal Data Protection Act (BDSG) for organizations engaging in recruitment activities in Germany. This document must be provided to job applicants at the time their personal data is collected, typically at the start of the application process. It covers essential information about data processing activities, including the types of data collected, purposes of processing, recipients of data, retention periods, and data subject rights. The notice must reflect specific German legal requirements, such as works council involvement and local data protection standards, while maintaining GDPR compliance. Organizations should implement this document before beginning any recruitment activities and update it whenever their data processing practices change.

Frequently Asked Questions

Is a recruitment privacy notice legally required in Germany?

Yes, under GDPR Article 13-14 and the German Federal Data Protection Act (BDSG), employers must provide a recruitment privacy notice to all job applicants when collecting their personal data. This document is mandatory, not optional, and failure to provide it can result in significant fines. The notice must be given before or at the time of data collection during the recruitment process.

Can German data protection authorities fine companies for missing recruitment privacy notices?

Yes, German data protection authorities can impose fines up to €20 million or 4% of annual global turnover under GDPR Article 83 for failing to provide recruitment privacy notices. State data protection authorities actively investigate recruitment practices and missing or inadequate notices are common violation findings. Even small businesses face substantial penalties for non-compliance.

How does a recruitment privacy notice differ from employee privacy policy in Germany?

A recruitment privacy notice applies specifically to job applicants and covers data processing during hiring, while an employee privacy policy covers current employees' data processing. The recruitment notice must be provided before collecting application data, whereas employee policies cover ongoing workplace data processing. Both are required but serve different phases of the employment relationship under German law.

How long does it typically take to prepare a German-compliant recruitment privacy notice?

Creating a compliant recruitment privacy notice typically takes 2-4 weeks for most German companies. This includes mapping data flows, identifying legal bases under GDSG and GDPR, determining retention periods, and ensuring all mandatory elements are included. Companies with complex recruitment processes or multiple locations may need 4-6 weeks for proper preparation.

Which specific German laws must recruitment privacy notices comply with?

Recruitment privacy notices must comply with the EU GDPR (particularly Articles 13-14), the German Federal Data Protection Act (BDSG), and relevant provisions of the German Works Constitution Act (BetrVG) regarding employee data processing. Additional sector-specific regulations may apply, and some German states have supplementary data protection requirements that must be considered.

Can I use the same recruitment privacy notice for all positions in Germany?

Generally yes, but the notice must cover all types of data processing that may occur during recruitment for any position. If certain roles require additional background checks, reference checks, or specialized assessments, these must be included in the notice. The document should be comprehensive enough to cover your broadest recruitment practices while remaining clear and specific.

What are the most common compliance mistakes in German recruitment privacy notices?

Common mistakes include failing to specify retention periods for unsuccessful applications (typically 6 months under German law), not identifying the correct legal basis for processing (usually legitimate interest for recruitment), and omitting mandatory information about data transfers to third parties like background check providers. Many companies also forget to include information about automated decision-making in their recruitment process.

Reviewed by

Swetha Meenal

Legal Engineer, GenieAI

Swetha Meenal profile photo

A lawyer, legal researcher and legal tech founder, Swetha has built AI products deployed inside Tier 1 firms and enterprises. She ensures GenieAI's alignment with the latest regulation and executes testing on the legal robustness of Genie output.

LinkedIn

Reviewed by

Imad Mohammed Nazar

Legal Engineer, GenieAI

Imad Mohammed Nazar profile photo

A Skadden-trained M&A lawyer, Imad advised on cross-border transactions and contractual risk before moving into legal AI. He reviews GenieAI's output for compliance and enforceability across our 150+ supported jurisdictions, as well as facilitating external benchmarking.

LinkedIn

Jurisdiction

Germany

Reviewed by

Swetha Meenal & Imad Mohammed Nazar

Publisher

GenieAI

Category

Privacy Policy

Sector

Business

Cost

Free to use

Last updated

About the Recruitment Privacy Notice

When recruiting employees in Germany, you are legally required to provide job applicants with a comprehensive privacy notice that explains how you collect, use, and protect their personal data. This document ensures transparency and compliance with both the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG), protecting both your organization and applicants' rights throughout the recruitment process.

When do you need this document?

You must provide a Recruitment Privacy Notice before or at the time you collect any personal data from job applicants. This includes when candidates submit applications through your website, recruitment agencies forward CVs, or you collect information from LinkedIn or other professional platforms. The notice is also required when conducting background checks, requesting references, or using recruitment software that processes applicant data. German law mandates that this information must be provided in a clear, accessible format, typically as part of your application process or prominently displayed on recruitment platforms.

Key legal considerations

Your Recruitment Privacy Notice must clearly identify your legal basis for processing under GDPR Article 6, typically legitimate interest for recruitment activities or contract performance when hiring. You must specify exactly what personal data you collect, including CVs, contact information, qualifications, and any special category data like health information for occupational health assessments. The notice must explain data retention periods, which under German practice typically range from 6 months to 2 years after the recruitment process ends. You must also detail data subject rights, including access, rectification, erasure, and portability rights, along with clear contact information for your Data Protection Officer if required. Additionally, you must disclose any third-party recipients of data, such as background check providers, recruitment agencies, or HR software vendors.

Legal requirements in Germany

German law imposes additional requirements beyond standard GDPR obligations. Under the Works Constitution Act (BetrVG), you must involve your works council in recruitment data processing decisions and may need to reference this in your privacy notice. The German Federal Data Protection Act provides specific provisions for employee data protection, including stricter consent requirements for certain processing activities. Your notice must comply with the General Equal Treatment Act (AGG) by ensuring non-discriminatory data collection practices. German courts expect privacy notices to be written in clear German language, avoiding complex legal terminology that applicants cannot reasonably understand. You must also provide information about cross-border data transfers if you use international recruitment platforms or service providers, including appropriate safeguards under GDPR Chapter V. Finally, German data protection authorities require that privacy notices are easily accessible and prominently displayed throughout the entire recruitment process.

GOVERNING LAW

Applicable law

This Recruitment Privacy Notice is drafted to comply with Germany law. Key legislation includes:

General Data Protection Regulation (GDPR): EU's fundamental data protection law that sets requirements for personal data processing, including in recruitment contexts, covering data subject rights, legal bases for processing, and transparency obligations
German Federal Data Protection Act (BDSG): National law implementing GDPR in Germany, containing specific provisions for employee data protection and recruitment processes
German General Equal Treatment Act (AGG): Anti-discrimination law relevant for recruitment processes, ensuring equal treatment of job applicants regardless of protected characteristics
Works Constitution Act (BetrVG): Regulates employee representation rights and works council involvement in recruitment processes and data protection matters
German Civil Code (BGB): Contains general provisions regarding pre-contractual obligations and information duties that may affect recruitment processes
German Telecommunications Act (TKG): Relevant for electronic communications aspects of recruitment process, including online applications and communication with candidates

Explore 208,390+ legal templates

Explore 208,390+ legal templates

Genie's Security Promise

Genie is the safest place to draft. Here's how we prioritise your privacy and security.

Your data is private:

We do not train on your data; Genie's AI improves independently

All data stored on Genie is private to your organisation

Your documents are protected:

Your documents are protected by ultra-secure 256-bit encryption

We are ISO27001 certified, so your data is secure

Organizational security:

You retain IP ownership of your documents and their information

You have full control over your data and who gets to see it