Privacy Notice - Job Applications

Privacy Notice for processings of personal data resulting from applications for job openings of the uberall Group.


uberall GmbH, uberall B.V., uberall France, uberall Ltd, uberall Inc, Momentfeed UB, Inc. and SweetIQ Analytics Inc. (each individually hereinafter also referred to as "Company" and individually or together hereinafter referred to as “Companies”) process personal data (which within the meaning of the Privacy Notice includes personal information as defined under California Data Protection Law) of individuals (hereinafter also referred to as the "Data Subject") in connection with applications of such Data Subject(s) for job openings of the Companies (“Applications”) in accordance with, applicable data protection laws which may in particular include (i) Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (General Data Protection Regulation) (“GDPR”) and any applicable national implementations of the GDPR by member states of the European Union, such as the German Bundesdatenschutzgesetz (“BDSG”), (together with GDPR “EU Data Protection Law”); (ii) the GDPR as it forms part of UK law (“UK GDPR) by virtue of section 3 of the UK European Union (Withdrawal) Act 2018 and the UK Data Protection Act 2018 (together with UK GDPR “UK Data Protection Law”); (iii) the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”) and any applicable provincial Canadian data protection laws (together with PIPEDA “Canadian Data Protection Law”); (iv) the California Consumer Privacy Act of 2018 (“CCPA”) and the California Privacy Rights Act of 2020 (“CPRA”; CCPA and CPRA together “California Data Protection Law”).

Pursuant to applicable data protection laws (such as, as applicable, Art. 13 and 14 GDPR, Art. 13 and 14 UK GDPR, Section 1798.130 (5) (a) CCPA or Sections 6.1, 7 (1) - 7 (3) PIPEDA) the Companies are obliged to provide the Data Subject with the following information about the processing of his/her personal data, which may be updated from time to time:

I. Responsibilities and Contact Information

The data controllers within the meaning of Art. 26 GDPR (or Art. 26 UK GDPR or collectively responsible businesses within the meaning of California Data Protection Law or organizations within the meaning of Canadian Data Protection Law), the person(s) responsible for processing personal data in connection with an Applications, is the Company to which the Data Subject would be employed in the event of a successful Application. The contact details of the Companies are:


Contact: uberall GmbH
Address: Hussitenstraße 33, 13355 Berlin, Federal Republic of Germany
Email: dataprotection@uberall.com


Contact: uberall B.V.
Address: Weteringschans 109, 1017 SB Amsterdam, Netherlands
Email: dataprotection@uberall.com


Contact: uberall France
Address: 229 rue Saint-Honoré, 75001 Paris, France
Email: dataprotection@uberall.com


Contact: uberall Ltd
Address: 27 Old Gloucester Street London WC1N 3AX, United Kingdom
Email: dataprotection@uberall.com


Contact: uberall Inc
Address: 19 Clifford Street, Detroit, Michigan 48226, USA
Email: dataprotection@uberall.com


Contact: Momentfeed UB, Inc.
Address: 19 Clifford Street, Detroit, Michigan 48226, USA
Email: dataprotection@uberall.com


Contact: SweetIQ Analytics Inc. (in French: Analytiques SweetIQ inc.)
Address: 3700-1 Place Ville-Marie, Montréal (Québec), H3B 3P4, Canada
Email: dataprotection@uberall.com


Contact: uberall LTIP UG (haftungsbeschränkt)
Address: Hussitenstraße 32-33, 13355 Berlin
Email: dataprotection@uberall.com


Contact: uberall ESOP 2022 Beteiligungs UG & Co. KG
Address: Hussitenstraße 32-33, 13355 Berlin
Email: dataprotection@uberall.com


Contact: uberall ESOP 2024 Beteiligungs UG (haftungsbeschränkt) & Co. KG
Address: Hussitenstraße 32-33, 13355 Berlin
Email: dataprotection@uberall.com


Contact: uberall USA, LLC
Address: 19 Clifford Street, Detroit, Michigan 48226, USA
Email: dataprotection@uberall.com


The contact information of the data protection officer (DE: Datenschutzbeauftragter; FR: Délégué à la protection des données; NL: Functionaris voor gegevensbescherming) of uberall GmbH, uberall B.V., uberall France, uberall Ltd and (the Privacy Officer) of SweetIQ Analytics Inc. is as follows: dataprotection@uberall.com

uberall Inc and Momentfeed UB, Inc. have each not appointed a data protection officer. For matters regarding this privacy notice it can be contacted together with uberall GmbH under the contact information stated above.

II. Purposes, data categories and legal basis of processing

The Company processes personal data of the Data Subject as required for the handling and proper Processing and required record keeping of job applications for open positions of the Company.

Such personal data includes contact data (first & last name, address, email address, phone number etc.), application data (job opening information, curriculum vitae and information included therein, employer information, employment certificates, academic degree, social media profiles, hiring or rejection decision etc.), registration data (registration information, visa information etc.), communication data

In the event and to the extent that the open position, which the Data Subject applies for, is a position opened in the United States of America, Company (which in that event would be uberall Inc or Momentfeed UB, Inc.) may also process veteran status data.

The legal basis for this data processing is Art. 6 (1) lit. (b) Alt. 2 GDPR for any pending or rejected application of a Data Subject and, to the extent that the personal data is processed for the conclusion of an employment agreement following the successful application of a Data Subject Art. 6 (1) lit. (b) Alt. 1 GDPR.

Separate processing of personal data of the Companies will result from any conclusion of an employment agreement between the Data Subject and the Company following any successful application. The Data Subject will be informed of such as part of the employment relationship.

If and to the extent such the processing is necessary for the purposes of the legitimate interests pursued by the Company (such as the defense against claims of other applicants until statute of limitation of such claims has expired), the Company also further processes personal data for such legitimate interest, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject. The legal basis for such data processings is Art. 6 (1) lit. (f) GDPR. The Data Subject may ask for further information on such balancing of interests in the individual case for any data processings based on Art. 6 (1) lit. (f) GDPR as applicable.

Furthermore, Uberall will process analytical and statistical, only based on aggregated and/or fully anonymised data created from the personal data of Data Subject, for market research and continuous improvement purposes beyond the duration described in Section V below.

III. Disclosure of Personal Data

Furthermore, the Company can disclose personal data to processors that are engaged by the Company to provide services for the purposes specified in Section II, such as IT services, operational platform services, legal services, advisory services and audits. The specified recipients of personal data will work on behalf of the Company and per its instructions and will receive access to personal data only to the extent it is necessary for their service.

In the event that over the course or as result of an Application, the Data Subject requests to forward its personal data to a third party (“TPE”), Company will for that purpose disclose personal data of the Data Subject to such TPE, which will then process such personal data as an independent controller.

In addition, the Company can – to the extent legally permissible or required – transmit personal data to authorities (such as tax authorities or law enforcement agencies) and courts to comply with statutory duties or legal obligations.

IV. International Transfer of Personal Data

Personal data processed by the Company may be processed outside of the European Economic Area (EEA).

For the transfer of personal data to which EU Data Protection Law or UK Data Protection Law is applicable outside of the European Economic Area (EEA) or United Kingdom (UK), as applicable, An international data transfer may take place under an adequacy decision in the meaning of Art. 45 (1) GDPR and Art. 45 (1) UK GDPR, as applicable (“Adequacy Decision”). For any such transfer of personal data for which no Adequacy Decision is applicable, the Company will ensure that such transfer complies with the requirements of Art. 44 et seq. GDPR and Art. 44 et seq. UK GDPR

The Company may also conduct an international data transfer if the transfer is necessary for the conclusion or performance of a contract concluded by Uberall in the interest of the respective data subject. The legal basis for this data processing is Art. 49 (1) lit. (c) GDPR or Art. 49 (1) lit. (c) UK GDPR, as applicable. Uberall further may process an international data transfer if the transfer is necessary for the establishment, exercise or defense of claims. The legal basis for this data processing is Art. 49 (1) lit (e) GDPR or Art. 49 (1) lit. (e) UK GDPR, as applicable.

V. Storage and Erasure of Personal Data

The Company will process personal data of the Data Subject as long as required for the purposes described in Section II above (including the defense against potential claims of other applicants) and will erase the personal data once it is no longer necessary to fulfill the purposes specified in Section II, including with respect to the legal obligations of the Company, and once the statutory retention requirements expire. In the event that statutory retention requirements are in effect and any purposes specified in Section II have otherwise expired, the Company will restrict the processing of personal data.

The individually applicable retention period depends on the country in which the position was opened and under whose laws the Data Subject will be or would have been employed in the event of a successful Application. Those retention periods are as follows:

  • Germany: 6 months after end of the job application procedure

  • Spain: 3 years after end of the job application procedure

  • France: 2 years after end of the job application procedure

  • Netherlands: 4 weeks after end of the job application procedure

  • United Kingdom (UK): 1 year after end of the job application procedure

  • United States of America (USA): 4 years after end of the job application procedure

  • Canada: 4 years after end of the job application procedure

  • Philippines: 1 years after end of the job application procedure

In the event that a successful Application would not have resulted in employment in any of the above countries a harmonised retention period is applicable. The deletion of personal data in accordance with the applicable retention period is carried out at regular intervals. Accordingly, if the expiration of the retention period and the next deletion interval do not fall on the same date, the deletion may take place slightly later.

In the event that a Data Subject requested for its personal data to be disclosed to an TPE during an Application (see section 3 above) , such TPE might process that data as a controller with deviating retention periods.

VI. Rights of the Data Subject

Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, the Data Subject has the right to receive information about his/her personal data, to require rectification or erasure of his/her personal data or the restriction of the processing and to receive his/her personal data in a structured, commonly used and machine-readable format (data portability).

Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, the Data Subject also has the right to object to the processing of his/her personal data.

To the extent that Californian Data Protection Laws are applicable, the Data Subject further has the right to non-discrimination and right to object to opt out of sales of its personal data. For the purpose of clarification, the Company will not sell any personal data to which is subject to this privacy notice.

The Data Subject can exercise any of the above rights by submitting a respective request to Company to the Contact Information provided in section I above.

Further, the Data Subject is entitled to lodge a complaint with a supervisory authority regarding the processing of his/her personal data. Right to object to processing: Subject to the statutory requirements, the fulfilment of which must be assessed on a case-by-case basis, the Data Subject also has the right to object to the processing of his/her personal data.

Last Updated: June 26th, 2025