Careers home page > How we recruit > Data protection statement for job applicants

Data protection statement for job applicants (European Patent Office)

At the European Patent Office (EPO), every invention is unique. So too is everyone in our team. To enable us to continue building our team with exceptional talent like you, we use personal data in a variety of different ways. Your privacy is important to us, and we can assure you that we are committed to respecting and protecting your personal data and ensuring your rights. All data of a personal nature that identifies you directly or indirectly will be handled lawfully, fairly and with due care.

By submitting your application, you acknowledge that you have read and understood our data privacy policy for job applicants and newcomers, which sets out how we collect, process and use your personal data.

> What personal data do we collect and process?
The personal data you provide in your application and otherwise as part of the recruitment and onboarding procedures, including data in any attachments you load into the system, will be held and processed solely for the purposes of our recruitment and onboarding procedures.                                                            

Categories (with examples)

  • Contact information (Name, address, email address, phone number)
  • Education and training (University degrees and certificates obtained, academic results)
  • Personal information (Date of birth, age, nationality, gender, languages spoken)
  • Job-specific information (Your job application form and other details of your application, including your cover letter, CV (previous employment record, professional qualifications and other relevant skills) and references)
  • Bank account details (Reimbursement of travel expenses and payment of salary)
  • Information related to spouse and children (Date of birth, age, nationality, gender

We may also process the results of your performance at interview (phone, Skype or face-to-face) and in any written and/or oral tests, as well as in any psychometric assessments and/or pre-recorded video interviews. Psychometric assessments and advance video interviews are carried out by our external provider, SHL, in compliance with this data protection statement. The categories of personal data that are processed by SHL as part of its talent assessment services are as follows: name, email address, gender, language, account login details, demographic information, responses to questionnaires and assessments, audio recordings, video recordings and visual images. If you are invited to an assessment, you will be provided with details of SHL's data protection policy.

If after completion of the above process we consider you eligible for the position offered, additional data will be required for the recruitment and onboarding procedures. This includes reference checks, your availability to start work at the EPO, a medical examination to assess whether you meet the requirements of the post, an extract from the national police register/certificate of good conduct, proof of education and professional experience, and any documents required to determine your entitlements under our Service Regulations. You will be provided with details of how your personal data will be processed prior to the start of the recruitment and onboarding procedures.


> What do we use your personal data for?

During the selection phase, we collect and process your personal data only to the extent necessary to enable us to evaluate your eligibility, expertise and profile with respect to the specific job vacancy concerned.

We will use any personal data you provide to process your application for the specific position you have applied for. We may also use it to process your application for other current and future open positions at the EPO which may be suitable for you, provided you have opted to receive such notifications on career opportunities and/or have been invited – and have agreed – to join our Talent Pool. You can withdraw from the Talent Pool at any time by informing us via email.

We may also use the personal data you provide when creating a candidate profile and/or completing a data capture form to notify you of appropriate job postings and career opportunities and events at the EPO, provided you have opted to receive such notifications by selecting one or more of the options in your candidate profile. You can manage these settings in your candidate profile at any time by clearing the relevant check box in the Data privacy section or by modifying any job alerts you have configured under Options/Job Alerts.

If after completion of the above process we consider you eligible for the position offered, we will use your personal data for our pre-employment screening check, which will be conducted by Signum, an external service provider. You will be provided with detailed information about the personal data that Signum will process prior to the start of the screening check.

As mentioned above, you will also be required to undergo a medical examination. The results of the examination will be forwarded to the EPO's Health and Safety department (doctor/nurse). The HR department will only be informed about whether or not you meet the requirements of the post.

The onboarding procedure will begin as soon as we receive confirmation that you have passed the medical examination and will run in parallel to the pre-employment screening check. We will collect and process additional personal data (e.g. information related to your spouse and children) only to the extent necessary to enable us to evaluate your eligibility for certain allowances and other benefits before joining the EPO.

We will use your private email address to send you useful information such as credentials (user ID and password) for logging on to EPO systems before your first day of service. We may also use it, prior to that day, to provide you with helpful links and contact details about relevant EPO support services. We will also connect you to other newcomers through an integrated onboarding community platform on SuccessFactors.


> Who has access to your personal data and to whom is it disclosed?

• Within the EPO
To ensure proper operation of the system, only nominated EPO staff responsible for conducting the selection and recruitment procedure will have access to your personal data. Your data will be disclosed to staff working in the Talent Acquisition department, line managers and authorised staff in the department of the vacancy concerned, and members of the selection board.

If your application is successful, your personal data – excluding your medical data – will be disclosed on a need-to-know basis to the appointing authority and the relevant departments within the EPO’s Directorate-General Corporate Services.

• With third parties
As indicated above, your personal data may also be collected or managed by, and/or transmitted to, external service providers who support the EPO in its recruitment procedures and who are subject to EU data protection legislation.


> How do we secure your personal data?
The EPO implements all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected from this website and/or our applications, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.

These measures include the following:

  • An EPO username and password are required in order to access our systems and databases.
  • Authentication and authorisation are based on roles.
  • Service providers sign confidentiality and data protection clauses.
  • Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.

For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.

External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.

SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by the EPO.

Our external processors have signed data protection agreements to ensure the secure processing of your personal data on behalf of the EPO.


> Where is your personal data stored?
All personal data processed by the EPO will be stored in a database operated by a cloud provider. The cloud provider is SAP. EPO data is stored in the SAP Data Center in Germany.


> How can you manage or delete your personal data?
You are in control of your personal data and responsible for ensuring that it is truthful, correct, non‑ambiguous and up to date. You can amend and update your account at any time.
You can view, change or delete your CV and all personal data stored in your candidate profile at any time. You can also delete your user account on the applicant portal at any time via the Delete Profile button. Please note that deleting your user account will lead to your withdrawal from all activated and unfinished procedures.

You can also withdraw from the onboarding procedure at any time by informing us via email ( Please note that this will lead to your withdrawal from all activated and unfinished procedures, including the relevant job offer.


> How long do we keep your personal data?
If you do not delete your profile, your personal data will remain stored for up to 24 months, starting from the last modification date or date of activity in the profile and provided that your application status is non-active. This means that you can re-use it should you apply for other vacancies at the EPO. If you do not modify your data or apply for another job with us during this 24-month period and provided that your application status is non-active, your data will automatically be deleted. When this happens, our applicant portal will retain anonymised data only. The 24-month retention policy also applies to the personal data processed by SHL. With regard to the screening checks carried out by Signum, the data concerned is anonymised three months after completion of each screening.

In the case of onboarding, your data will be automatically transferred on your first day of service to our system (SAP/FIPS) and will be stored in the personal file.


> What are your rights regarding your data?

  • You can request access to your data.
  • You can ask for your data to be rectified.
  • You can ask for your data to be erased.
  • You can withdraw your consent to the processing of your data.
  • You can ask for processing to be restricted.
  • You can object to the processing of your personal data by us.


> What is the legal basis for processing your data?
Your personal data is processed in accordance with the Guidelines for the Protection of Personal Data in the European Patent Office, and in particular Article 5(a)-(e) thereof:

“Article 5
Personal data may be processed only if
(a) processing is necessary for the performance of a task carried out on the basis of the European Patent Convention or other legal instruments adopted on the basis thereof or in the legitimate exercise of the official authority vested in the European Patent Office or in a third party to whom the data are transmitted; this shall also include the management of the Information Systems; or
(b) processing is necessary for administering, terminating or winding up a relationship of service or former service, or
(c) processing is necessary for compliance with a legal obligation to which the controller or the controller's entity is subject, or
(d) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or
(e) the data subject has given his consent […].”


> How to contact us
If you have any questions concerning the processing of your personal data, please contact us at You can also contact our Data Protection Officer at For questions relating to onboarding, please contact our Talent Acquisition department at


> Changes to our privacy policy
We keep our privacy policy under regular review and we publish any updates on this web page. The privacy policy was last updated in April 2021.