Augenarzt Jobs

Privacy Policy

This policy explains how we process personal data when you use the “Augenarzt Jobs” recruitment platform, in accordance with the General Data Protection Regulation (GDPR).

1. Controller

Persolab Digital Solutions, owner Emre Kayali
Bremserstraße 130, 67063 Ludwigshafen am Rhein, Germany
Email: kontakt@persolab.de · Phone: +49 176 47186448

2. Data protection contact

We are not legally required to appoint a data protection officer and have not done so. For any data protection matters, please contact us using the details above.

3. Scope

This policy applies to the website and all platform services: the public job board, the candidate area, the employer area and the administration area.

4. Registration & authentication

To use the protected areas, you create an account (email address and password). Authentication, account and session management are handled by our processor Supabase (see section 11). Passwords are stored only as a cryptographic hash; sign-in relies on signed session tokens (JWT).
Legal basis: Article 6(1)(b) GDPR (contract / use relationship).

5. Candidate profiles

If you are a doctor, we process the profile details you provide — for example your name, contact details, specialty, professional status, current employer, salary expectations and availability. Your profile stays anonymous to employers until you actively apply for a role. Particularly sensitive details are encrypted at field level.
Legal basis: Article 6(1)(b) GDPR and your consent under Article 6(1)(a) GDPR (recorded at registration).

6. Document uploads (medical license, CV, specialist certificate, references)

To verify your status as a doctor, you upload supporting documents — mandatory: your medical license (Approbation) and CV; optional, for example, your specialist certificate, employment and academic references and language certificates. These documents and the information they contain (in particular your professional qualifications and medical license) are especially sensitive and are handled with additional care:

  • Stored in a non-public object store (Supabase Storage, EU region Frankfurt).
  • Accessed only via time-limited, signed URLs — by you alone and by authorised reviewers on our team.
  • Strict access separation (row-level security); other candidates and employers cannot access your documents.
  • A security check (malware scan) of every uploaded file.

Legal basis: your explicit consent (Article 6(1)(a); for special categories additionally Article 9(2)(a) GDPR) and the performance of pre-contractual measures / the use contract (Article 6(1)(b) GDPR). Consent is voluntary and can be withdrawn at any time with effect for the future; you can delete documents yourself at any time.

7. Verification process

Authorised staff review your documents and either approve your status as a doctor or decline it with reasons. You are notified of the outcome. You can only apply for roles once you have been successfully verified. Decisions are logged for evidentiary purposes.
Legal basis: Article 6(1)(b) and (f) GDPR (safeguarding platform integrity — only verified doctors).

8. Employer profiles

If you are an employer, we process details about your practice, medical care centre or hospital (name, type, location, description, contact person) and about your job ads. Employer profiles are approved by us before they are published.
Legal basis: Article 6(1)(b) GDPR.

9. Applications & placement

When you apply for a role, your profile data, your optional cover letter and your CV are made available to the relevant employer. Employers can only access applications from verified candidates for their own roles. You can check the status of your application at any time.
Legal basis: Article 6(1)(b) GDPR (carrying out the application you initiated).

10. Email communication & notifications

We send you system- and contract-related messages (for example registration confirmation, password reset, verification outcome, receipt of an application and status changes). These are necessary to use the service and are not a marketing newsletter.
Legal basis: Article 6(1)(b) GDPR.

11. Hosting & processing (Supabase)

Our database, authentication and file storage run on Supabase (Supabase Inc.). Platform data — including your profile and document data — is processed in a data centre in the European Union (Frankfurt am Main, eu-central-1). A data processing agreement (DPA) under Article 28 GDPR is in place with the provider. Where the parent company is based outside the EU, any transfer takes place on the basis of the EU Standard Contractual Clauses.
Legal basis: Article 6(1)(f) GDPR (secure, reliable operation) in conjunction with Article 28 GDPR.

12. Access data & server log files

When you access the service, technically necessary access data (for example IP address, time, requested resource and browser type) is processed in order to provide the service, ensure its stability and security, and prevent misuse (for example bot / abuse detection).
Legal basis: Article 6(1)(f) GDPR.

13. Cookies

We use only technically necessary cookies, in particular an authentication cookie to keep you signed in. We do not carry out any tracking or advertising profiling; no consent is required for this (section 25(2) TDDDG).

14. Retention period

We retain personal data only for as long as it is necessary for the purposes set out above or for as long as statutory retention periods require. Account, profile and document data is deleted when you delete your account or withdraw your consent, unless a retention obligation applies.

15. Recipients & disclosure

Data is disclosed only to the processors named in this policy and — as part of your application — to the employer you have selected. We do not disclose data to any other third parties unless we are legally required to do so.

16. Data security

We take appropriate technical and organisational measures: encrypted transmission (TLS), a non-public document store with signed, time-limited access URLs, tenant- and role-based access control (row-level security), field-level encryption of sensitive data, and malware scanning of uploads.

17. Your rights

Under the GDPR you have the following rights:

  • Right of access (Article 15)
  • Right to rectification (Article 16)
  • Right to erasure (Article 17)
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20)
  • Right to object to processing (Article 21)
  • Right to withdraw consent with effect for the future (Article 7(3))

You also have the right to lodge a complaint with a supervisory authority. The authority responsible for us is the State Commissioner for Data Protection and Freedom of Information of Rhineland-Palatinate (Hintere Bleiche 34, 55116 Mainz, Germany).

18. Legal bases at a glance

Article 6(1)(a) (consent), (b) (contract / pre-contractual measures) and (f) (legitimate interest) GDPR; for special categories of data, Article 9(2)(a) GDPR.

19. Changes to this policy

We update this privacy policy when the legal situation or our processing changes. The version published here applies in each case.

Last updated: February 2026 · Go to the imprint