Skip to main content

Processing of (personal) data by the entity in charge of the online application process

Privacy Statement TSC Life

Current version: 20251222
Last updated: December 22, 2025


1. General Information

A. Privacy
TSC Life (“we”) attaches great importance to privacy and the protection of your personal data. We handle your data in a transparent and responsible manner by complying with the applicable requirements as laid down in the General Data Protection Regulation (GDPR).

If you have any questions about this privacy statement or how we handle your data, you can contact us at legal@tsc-life.com.

B. Summary                                                                 
This privacy statement provides a clear overview of:

  • The purpose(s) for which we process your personal data;
  • The legal basis on which we process your personal data;
  • Which of your personal data we may process;
  • How long we store your personal data;
  • Which third parties or (sub)processors may be involved in processing your personal data;
  • What rights you have under the GDPR regarding your data; and
  • What measures we take to protect your personal data.

2. Personal Data We Process

Through our website, we may collect and process the following personal data:

  • Name of your organisation (if you provide this when contacting us);
  • Contact details and other personal information you actively provide (for example, your name, email address, phone number, or any information you include in the contact form on our website);
  • Location data (for instance, general location information derived from your IP address, or if you share your location in a form);
  • Information about your activities on our website (e.g. pages visited, clicks, and browsing behavior collected via cookies or similar technologies, consistent with our Cookie Policy);
  • IP address (Internet Protocol address, which can identify your device’s general location);
  • Internet browser and device type (automatically collected technical information about the browser and device you use to access our site).

3. Legal Bases for Processing

We only process your personal data when we have a lawful basis under the GDPR (Article 6 GDPR). Depending on the context, one or more of the following legal bases may apply:

  • Performance of a contract: Processing is necessary to fulfill a contract or agreement we have with you, or to take steps at your request before entering into a contract.
  • Legal obligation: Processing is necessary for us to comply with a law or regulatory obligation (e.g., tax, audit, or labor law requirements).
  • Legitimate interests: Processing is necessary for our legitimate business interests—such as improving our services, securing our IT systems, or responding to inquiries—provided those interests are not overridden by your rights and interests. When we rely on this basis, we will only do so after carefully considering and balancing our interests with your privacy rights, and we will inform you in clear terms what our legitimate interest is.
  • Consent: In some situations, we may ask for your consent to process your data for a specific purpose (for example, if we want to send you a newsletter or marketing communications). Where consent is our legal basis, you have the right to withdraw that consent at any time.

4. Why We Need Your Data and How Long We Keep It

A. Purpose of Data Processing
TSC Life processes personal data for clear and specific purposes. Primarily, we use your data to carry out our business obligations and services, such as the execution of sales agreements (providing our products or services to clients) and the administration of employment contracts with our employees. Additionally, personal data collected via our website (for example, through a contact form) will be used for the purpose for which you provided it—for instance, to respond to your inquiries or requests. We will not use your personal data for purposes other than those communicated to you, unless we obtain your consent or have another lawful basis to do so.

B. Retention Periods for Personal Data
We will not keep your personal data longer than necessary for the purposes described above, unless a longer retention period is required or permitted by law. This means that once the data is no longer needed for the purpose it was collected, we will delete it or anonymize it. For example, if you become a customer, we will retain your contract and billing information for the duration of our agreement and for any subsequent period required by financial laws (such as keeping invoice data for 7 years to comply with tax obligations). If you contact us with a question but do not become a customer, we will typically not retain your information longer than needed to address your inquiry. In cases where we cannot specify an exact timeframe, we apply criteria such as the applicable legal retention requirements and the expectation of future interactions. We also periodically review the data we hold and securely dispose of information that is no longer needed.

5. Security

TSC Life applies adequate implements appropriate technical and organizational measures to secure your personal data and to ensure its confidentiality, integrity, and availability. In practice, this means we take steps to safeguard our IT systems and physical records against unauthorized access, loss, or misuse. For example, we use access controls, encryption, and secure servers where appropriate, and we train our staff on data protection practices. These measures are designed to be in line with industry standards and GDPR requirements for data security.

6. Use of Processors (Third-Party Service Providers)

In some cases, TSC Life may use external companies to help us process your personal data—these are known as processors under the GDPR. For example, we might use a cloud hosting provider to store data or an email service to send newsletters. When we engage processors, we always establish a data processing agreement with them to ensure that your personal data is handled with an adequate level of protection and security, in accordance with GDPR. These processors act only on our instructions and are not allowed to use your data for their own purposes. If any processor is located outside the European Economic Area (EEA), we will make sure that appropriate safeguards are in place for that data transfer (such as EU Standard Contractual Clauses or an approved adequacy decision) to protect your information. We will inform you if we ever need to transfer your personal data to a country outside the EEA.

7. Exercising Your GDPR Rights

Under the GDPR, you have several rights regarding your personal data. TSC Life respects these rights and has processes to help you exercise them. Your rights include the following:

  • Right of access: You can request confirmation of whether we are processing your personal data, and if so, ask for a copy of the data we hold about you.
  • Right to rectification: If any personal data we have about you is incorrect or incomplete, you have the right to have it corrected or updated.
  • Right to erasure: In certain circumstances (for example, if the data is no longer needed for the original purpose, or if you withdraw consent and no other legal basis applies), you can request that we delete your personal data (“right to be forgotten”).
  • Right to restrict processing: You have the right to ask us to limit or pause the processing of your data in specific situations—for instance, while a question or dispute about data accuracy or usage is being resolved.
  • Right to object: If we process your data based on our legitimate interests, you have the right to object to that processing. If you object, we will evaluate whether our reasons (interests) for using your data outweigh your privacy rights, and we will stop or adjust the processing unless we have a compelling legitimate ground to continue. If we ever process your data for direct marketing purposes, you have an absolute right to object (opt-out) at any time.
  • Right to data portability: When processing is based on your consent or on a contract with you, and is carried out by automated means, you can request to receive the personal data you have provided to us in a structured, commonly used, machine-readable format. You also have the right to have that data transmitted to another organization, where technically feasible.
  • Right to withdraw consent: If we are processing your personal data based on your consent, you are entitled to withdraw that consent at any time. This will not affect the lawfulness of any processing done before your withdrawal.
  • Right to lodge a complaint: If you believe we have not handled your personal data properly or lawfully, you have the right to file a complaint. You can contact us directly with your concerns, and we will do our best to resolve them. Additionally, you have the right to lodge a complaint with your local Data Protection Authority.

You can exercise your rights by contacting us at legal@tsc-life.com. We may need to verify your identity for security purposes before fulfilling certain requests. We will respond to your request as soon as possible, and at the latest within the timeframe required by law (generally within one month). Please note that some rights may not apply in all situations—for example, in certain cases we might not delete data that we are required by law to keep. If we cannot fulfill a particular request, we will clearly explain why.

8. Data Breaches and Notification

TSC Life has policies and procedures to handle any personal data breaches (security incidents that result in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data). In the event of a data breach, we will take all necessary actions to mitigate the issue and to comply with our legal notification obligations. This includes, if required, reporting the breach to the relevant local Data Protection Authority without undue delay (within 72 hours if feasible, as mandated by the GDPR), and if the breach is likely to result in a high risk to the affected individuals, we will also inform those individuals promptly, as required by law. We maintain an internal breach register to document any such incidents in accordance with GDPR.

9. Cookies

We use functional, analytical, and (with consent) marketing cookies on our website. Cookies are small information files that can be automatically stored on, or read out from, your device. For more information, please see our Cookie Policy. You can disable cookies via your browser settings, but this may affect the functionality of our website.

10. Changes to This Privacy Statement

TSC Life may update this privacy statement from time to time. We continually re-evaluate our privacy practices, and we might make changes to this statement to reflect new processing activities or changes in the law. If we plan to use your personal data for a new purpose not covered by this notice, we will update this privacy statement and, if required, inform you (for example, via our website or by email). We encourage you to review this statement periodically to stay informed about how we protect your personal data.

11. Contact and Complaints

If you have a question or would like to file a complaint about our use of your personal data, you can contact us at legal@tsc-life.com. We will handle every question and request internally and communicate about it with you. If you are not satisfied with our response, you have the right to file a complaint with your local Data Protection Authority.


Processing of (personal) data by the operator of the recruitment website

General information

This recruitment website is operated by Personio SE & Co. KG, which offers a human resource and candidate management software solution (https://www.personio.com/legal-notice/). Data transmitted as part of your application will be transferred using TLS encryption and stored in a database. The sole controller of this data within the meaning of article 24 of the GDPR is the enterprise carrying out this online application process. Personio’s role is limited to operating the software and this recruitment website and, in this context, being a processor under article 28 of the GDPR. In this case, the processing by Personio is based on an agreement for the processing of orders between the controller and Personio. In addition, Personio SE & Co. KG processes further data, some of which may be personal data, to provide its services, in particular for operating this recruitment website. We will refer to this in more detail below.

The controller

The controller under data protection law is:
Personio SE & Co. KG
Seidlstraße 3
80335 München
Tel.: +49 (89) 1250 1004
Entry in the commercial register
Commercial register entry number: HRA 115934
Registration Court: Amtsgericht München
Data Protection Officer contact: privacy@personio.com

Access logs (“server logs”)

Each access to this recruitment website automatically causes general protocol data, so-called server logs, to be collected. As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. Without this data, it would, in some cases, be technically impossible to deliver or display the contents of the software. In addition, processing this data is absolutely necessary under security aspects, in particular for access, input, transfer, and storage control. Furthermore, this anonymous information can be used for statistical purposes and for optimizing services and technology. In addition, the log files can be checked and analyzed retrospectively when unlawful use of the software is suspected. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. Generally, data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp of the access to the software is collected. The scope of this log process does not exceed the common log scope of any other site on the web. These access logs are stored for a period of up to 7 days. There is no right to object to this.

Error logs

So-called error logs are generated for the purpose of identifying and fixing bugs. This is absolutely necessary to ensure we can react as quickly as possible to possible problems with displaying and implementing content (legitimate interest). As a rule, this data is a pseudonym and thus does not allow for inferences about the identity of an individual. The legal basis for this is §25 subsection 2 Sentence 2 TDDDG. When an error message occurs, general data such as the domain name of the website, the web browser and web-browser version, the operating system, the IP address, as well as the timestamp upon occurrence of the respective error message and/or specification is collected. These error logs are stored for a period of up to 7 days. There is no right to object to this.

Use of cookies

So-called cookies are used on parts of this recruitment website. They are small text files which are stored on the device with which you access this recruitment website. As a general rule, cookies serve the purpose of ensuring secure access to a website (“absolutely necessary”), implementing certain functionalities such as standard-language settings (“functional”), improving the user experience or the performance of the website (“performance”), or placing targeted advertisements (“marketing”). On this recruitment website, we generally use only cookies that are absolutely necessary, functional or performance-related, in particular for implementing certain default settings such as language, for identifying the job advertising channel, or for analyzing the performance of a job advert via which a user accessed this recruitment website. The use of cookies is absolutely necessary for providing our services and thus for the performance of the contract (article 6 (1) b) of the GDPR). Period of storage: up to 1 month or until the end of the browser session Right to object: You can determine via your browser settings whether you allow or object to the use of cookies. Please note that deactivating cookies may result in limited or completely blocked functionalities of this recruitment website.

Rights of data subjects

If Personio SE & Co. KG as the controller processes personal data, you as the data subject have certain rights under Chapter III of the EU General Data Protection Regulation (GDPR), depending on the legal basis and the purpose of the processing, in particular the right of access (article 15 of the GDPR) and the rights to rectification (article 16 of the GDPR), erasure (article 17 of the GDPR), restriction of processing (article 18 of the GDPR), and data portability (article 20 of the GDPR), as well as the right to object (article 21 of the GDPR). If the personal data is processed with your consent, you have the right to withdraw this consent under article 7 III of the GDPR. To assert your rights as a data subject in relation to the data processed for the purpose of operating this recruitment website, please refer to Personio SE & Co. KG’s Data Protection Officer (see item B).

Concluding provisions

Personio reserves the right to adjust this data privacy statement at any point in time to ensure that it is in line with the current legal requirements at all times, or in order to accommodate changes in the services offered, for example when new services are introduced. In this case, the new data privacy statement applies to any later visit of this recruitment website or any later job application.