Careers home page > How we recruit > Data protection statement for job applicants

Data protection statement for job applicants (European Patent Office)

At the European Patent Office (EPO), every invention is unique. So too is everyone in our team. To enable us to continue building our team with exceptional talent like you, we use personal data in a variety of different ways. Your privacy is important to us, and we can assure you that we are committed to respecting and protecting your personal data and ensuring your rights. All data of a personal nature that identifies you directly or indirectly will be handled lawfully, fairly and with due care.

By submitting your application, you acknowledge that you have read and understood our data privacy policy for job applicants, which sets out how we collect, process and use your personal data.

> What personal data do we collect and process?
The personal data you provide in your application and otherwise as part of the recruitment procedure, including data in any attachments you load into the system, will be held and processed solely for the purposes of our recruitment procedure.                                                                

Categories (with examples)

  • Contact information (Name, address, email address, phone number.)
  • Education and training (University degrees and certificates obtained, academic results.)
  • Personal information (Date of birth, age, nationality, gender, languages spoken.)
  • Job-specific information (Your job application form and other details of your application, including your cover letter, CV (previous employment record, professional qualifications and other relevant skills) and references.)
  • Bank account details (Reimbursement of travel expenses.)

We may also process the results of your performance at interview (phone, Skype or face-to-face) and in any written and/or oral tests, as well as in any psychometric assessments and/or pre-recorded video interviews. Psychometric assessments and advance video interviews are carried out by our external provider, SHL, in compliance with this data protection statement. The categories of personal data that are processed by SHL as part of its talent assessment services are as follows: name, email address, gender, language, account login details, demographic information, responses to questionnaires and assessments, audio recordings, video recordings and visual images. If you are invited to an assessment, you will be provided with details of SHL’s data protection policy.

If after completion of the above process we consider you eligible for the position offered, additional data will be required for the recruitment procedure. This includes reference checks, your availability to start work at the EPO, a medical examination to assess whether you meet the requirements of the post, an extract from the national police register/certificate of good conduct, proof of education and professional experience, and any documents required to determine your entitlements under our Service Regulations. You will be provided with details of how your personal data will be processed prior to the start of the recruitment procedure.


> What do we use your personal data for?
During the selection phase, we collect and process your personal data only to the extent necessary to enable us to evaluate your eligibility, expertise and profile with respect to the specific job vacancy concerned.

We will use any personal data you provide to process your application for the specific position you have applied for. We may also use it to process your application for other current and future open positions at the EPO which may be suitable for you, provided you have been invited – and have agreed – to join our Talent Pool. You can withdraw from the Talent Pool at any time by informing us via email.

If after completion of the above process we consider you eligible for the position offered, we will use your personal data for our pre-employment screening check, which will be conducted by Signum, an external service provider. You will be provided with detailed information about the personal data that Signum will process prior to the start of the screening check.

As mentioned above, you will also be required to undergo a medical examination. The results of the examination will be forwarded to the EPO’s Health and Safety department (doctor/nurse). The HR department will only be informed about whether or not you meet the requirements of the post.


> Who has access to your personal data and to whom is it disclosed?

• Within the EPO
To ensure proper operation of the system, only nominated EPO staff responsible for conducting the selection and recruitment procedure will have access to your personal data. Your data will be disclosed to staff working in the Talent Acquisition department, line managers and authorised staff in the department of the vacancy concerned, and members of the selection board.

If your application is successful, your personal data – excluding your medical data – will be disclosed on a need-to-know basis to the appointing authority and the relevant departments within the EPO, including Salaries, Pensions, Administrative Services, Finance, and Compensation and Benefits.

• With third parties
As indicated above, your personal data may also be collected or managed by, and/or transmitted to, external service providers who support the EPO in its recruitment procedures and who are subject to EU data protection legislation.


> How do we secure your personal data?
The EPO implements all the technical, organisational and security measures required to protect the confidentiality and security of the personal data collected from this website and/or our applications, including sensitive personal data. Your personal data will be protected against unauthorised access through encrypted transmission and storage, a role and authorisation concept, a data backup concept and physical security measures for the servers.

These measures include the following:

  • An EPO username and password are required in order to access our systems and databases.
  • Authentication and authorisation are based on roles.
  • Service providers sign confidentiality and data protection clauses.
  • Editing rights to the back office tools in which your personal data is processed are restricted to a limited number of duly authorised persons with a specific IT profile.

For our job application site we use SAP SuccessFactors Recruiting Management, a web-based application using “software as a service”. Communication occurs over the public internet. The application is accessed through a browser. SSL technology protects information by using both server authentication and data encryption to help ensure that data is safe, secure and available only to the user concerned.

External users must log on using their own email address. When logging on for the first time, you will be asked to create an account and choose a password.

SAP SuccessFactors requires a unique username and password that must be entered each time you log on. Passwords must be strong and conform to specific requirements. They must be changed at regular intervals. The password and login policy setting for staff and externals can be set and modified by the EPO.

Our external processors have signed data protection agreements to ensure the secure processing of your personal data on behalf of the EPO.


> Where is your personal data stored?
All personal data processed by the EPO will be stored in a database operated by a cloud provider. The cloud provider is SAP. EPO data is stored in the SAP Data Center in Germany.


> How can you manage or delete your personal data?
You are in control of your personal data and responsible for ensuring that it is truthful, correct, non-ambiguous and up to date. You can amend and update your account at any time.

You can view, change or delete your CV and all personal data stored in your candidate profile at any time. You can also delete your user account on the applicant portal at any time via the Delete Profile button. Please note that deleting your user account will lead to your withdrawal from all activated and unfinished procedures.


> How long do we keep your personal data?
If you do not delete your profile, your personal data will remain stored for up to 24 months, starting from the last modification date or date of activity in the profile and provided that your application status is non-active. This means that you can re-use it should you apply for other vacancies at the EPO. If you do not modify your data or apply for another job with us during this 24-month period and provided that your application status is non-active, your data will automatically be deleted. When this happens, our applicant portal will retain anonymised data only. The 24-month retention policy also applies to the personal data processed by SHL. With regard to the screening checks carried out by Signum, the data concerned is anonymised three months after completion of each screening.


> What are your rights regarding your data?

  • You can request access to your data.
  • You can ask for your data to be rectified.
  • You can ask for your data to be erased.
  • You can withdraw your consent to the processing of your data.
  • You can ask for processing to be restricted.
  • You can object to the processing of your personal data by us.


> What is the legal basis for processing your data?
Your personal data is processed in accordance with the Guidelines for the Protection of Personal Data in the European Patent Office, and in particular Article 5(a)-(e) thereof:

“Article 5
Personal data may be processed only if
(a) processing is necessary for the performance of a task carried out on the basis of the European Patent Convention or other legal instruments adopted on the basis thereof or in the legitimate exercise of the official authority vested in the European Patent Office or in a third party to whom the data are transmitted; this shall also include the management of the Information Systems; or
(b) processing is necessary for administering, terminating or winding up a relationship of service or former service, or
(c) processing is necessary for compliance with a legal obligation to which the controller or the controller's entity is subject, or
(d) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract, or
(e) the data subject has given his consent […].”


> How to contact us
If you have any questions concerning the processing of your personal data, please contact us at You can also contact our Data Protection Officer at


> Changes to our privacy policy
We keep our privacy policy under regular review and we publish any updates on this web page. The privacy policy was last updated in December 2020.