SUSE Careers Privacy Policy

Article 13 GDPR Information

Information on Personal Data Processing for SUSE Candidates

The protection of your personal information is important to us. Therefore, we would like to inform you about the handling of such information and the following rights that you have with regard to the use of such information in the context of your application to us. For the purposes of processing your application and to contact you with respect to your application, SUSE Software Solutions Germany GmbH and its corporate affiliates (“SUSE Group”) must process certain personal data which you provide (“Personal Data”).


The controller of the processing for the purposes of Article 4(7) GDPR is:
SUSE Software Solutions Germany GmbH
Frankenstraße 146 
90461 Nuremberg, Germany.

SUSE’s Data Protection Officer is:
Mr. Andrew Colyer,
+65 9187 5662,

The SUSE Group privacy policy is available at

Purposes of Processing

We use your Personal Data to decide whether to establish an employment relationship and to contact you. If the employment relationship does not materialise, we use your Personal Data to send you a rejection, typically using the same method you used to send us your application documents. The processing of your Personal Data is thus necessary pursuant to i.a. Article 6 (1)(b) and Article 88 GDPR (for our german candidates in connection with § 26 BDSG-new), for the establishment of an employment relationship with you.
Should you choose to participate in the SUSE Talent Community (our pool of interested candidates), we will process your Personal Data in order to maintain a pool of candidates who wish to be considered and contacted with respect to future job offers. You can also opt to receive a newsletter as part of the SUSE Talent Community, which provides you with updates on SUSE job opportunities, company news and events. You can use the unsubscribe link in the individual newsletter emails to remove yourself from further mailings.
SUSE uses a ChatBot function on Should you choose to use this feature, the ChatBot may ask you to provide Personal Data in order to help you search available jobs and to provide you with information pertinent to the feedback that you enter in the ChatBot window.
In order to streamline your application, SUSE offers you the opportunity to upload your resume from an existing cloud storage service, such as DropBox and SkyDrive. Should you choose to use this feature, SUSE must process Personal Data in order to technically facilitate this data transfer.
Our jobs platform processes certain information (which may include Personal Data such as IP or data which, when aggregated, may be unique and as such potentially personally identifiable) for the purpose of displaying job recommendations based on your browsing history.
It is also possible to login/register on SUSE’s job platform using your LinkedIn, Facebook or Google account. Should you choose to do so, we process your name, photo (where available) and primary email address as supplied by those platforms for the purpose of creating your profile on our jobs platform. You can stop this processing at any time in the settings of the relevant platform. In addition, when registering, SUSE’s platform will process Personal Data for the purpose of determining what current job opportunities are available that match your profile and in order to contact you with such job opportunities.
Finally, SUSE’s job platform automatically collects and processes technical information which may include Personal Data (IP or data which, when aggregated, may be unique and as such potentially personally identifiable) for the purpose of ensuring the technical stability of the platform and for identifying and mitigating potential security issues.

Categories and Types of Personal Data Processed

To apply, you will need to create an account on SUSE’s Workday platform. The platform requires at a minimum your contact details (such as name, email, country of residence, street name, house number, city, postal code, phone number), work history (job title, company, location, duration, role description), education (school/university, degree, field of study, overall result, duration), skills, resume (you can upload this and so you decide what Personal Data is included), any websites you decide are relevant to your application, confirmations regarding any employment history or relationship with various government bodies (for regulatory compliance), legal work status (work permit, residency permit/visa) and gender (you may choose ‘undeclared’).
If you choose to join SUSE’s Talent Community, you will be asked to provide your contact details (name, email, phone number, current employer, current title, country, city) and areas that interest you. You may also upload your resume or use DropBox or SkyDrive to transfer your resume.
If you use SUSE’s ChatBot, we will process Personal Data such as your location (to search job opportunities at that location). Should you choose to give us feedback on how useful the ChatBot is, we also process that information. Please note that the ChatBot allows free text entry so any Personal Data you enter will be processed. You are thus encouraged to refrain from entering Personal Data except as necessary and as prompted by the ChatBot.
If you use LinkedIn, Facebook or Google to create or log in to your profile on SUSE’s job platform, we will process contact information that is supplied to us from such platform - contact information (name, email, phone) as well as your current job description and skills. You may restrict or stop such processing at any time using the settings of the relevant platform.

Legal Grounds for Processing

When applying for a job through our SUSE jobs platform, the Personal Data we collect is necessary for the decision as to whether to establish an employment relationship with you. We cannot process incomplete applications. The categories and types of Personal Data that are necessary are marked as such (usually with a red asterisk) and it will not be possible to proceed without completing such fields. For such necessary Personal Data in the context of your job application, we process this Personal Data according to Article 6(1)(b) and Article 6(1)(f) GDPR (as well as under §26 BDSG-neu, through Article 88 GDPR for applicants from Germany).
If you choose to create a profile on our jobs platform or you join the SUSE Talent Community, we process such Personal Data under Article 6(1)(a) GDPR – i.e. we rely on your consent.
If you choose to enter Personal Data in our ChatBot, we process such Personal Data under Article 6(1)(f) GDPR. It is within SUSE’s legitimate interest to process such data in order to match your input with the job opportunities currently available. Given the minimum nature of the processing (see above) we believe that a fair balancing of our rights is attained.

Recipients of Personal Data

Your application as well as any Personal Data you enter to join the SUSE Talent Community will be received and will be reviewed by SUSE’s hiring and talent managers and will be made available to the department leads and anyone else with a need to access the Personal Data to process and/or approve the job application (whereby this group of recipients will be kept to the minimum necessary). Transfers of your Personal Data to SUSE entities within the SUSE Group occur solely under a Data Processing Agreement to which all SUSE entities have acceded. This Group Data Processing Agreement incorporates the Standard Contractual Clauses.

Processors of Personal Data

SUSE engages Workday, (by Workday, Inc) as our Human Capital Management processor. The Workday tenant used by SUSE is located in Europe. Data transfers between SUSE Group entities and between the SUSE Group and Workday, Inc are also legitimated by a data processing agreement which adopts the Standard Contractual Clauses. Workday’s privacy policy is available here:
SUSE engages Phenom People, (by Phenom, Inc) as our Talent Experience Platform (which includes the ChatBot deployed on the SUSE jobs platform). The Phenom tenant used by SUSE is located in Europe. Data transfers between SUSE Group entities and Phenom, Inc are also legitimated by a data processing agreement which adopts the Standard Contractual Clauses (despite references to Privacy Shield in Phenom’s privacy policy). Phenom’s privacy policy is available here:

Appendix A (Your Rights)

You have the right:

  • pursuant to Article 7 (3) GDPR, to revoke your consent to us at any time, for Personal Data shared externally. Thereafter, we will not be allowed to continue the data processing based on your revoked consent for the future.
  • pursuant to Article 15 GDPR, to request information about your Personal Data processed by us. In particular, you may request information about the processing purposes, the categories of Personal Data, the categories of recipients to whom your data has been disclosed, the planned retention period, the right of rectification, deletion, limitation of processing or opposition, the existence of a right to complain, the source of their data, if not collected from us, and the existence of automated decision-making, including profiling, and - if necessary - meaningful information about their details.
  • pursuant to Article 16 GDPR, to immediately demand the correction of incorrect or completed Personal Data stored by us.
  • pursuant to Article 17 GDPR, to demand the deletion of your Personal Data stored by us, except where the processing is necessary for the exercise of the right to freedom of expression and information, for the fulfilment of a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.
  • pursuant to Article 18 GDPR, to demand the restriction of the processing of your Personal Data, insofar as the accuracy of such Personal Data is disputed by you; or the processing is unlawful, you reject the deletion of such unlawfully processed Personal Data and we no longer need the Personal Data, but where you  assert, exercise or defence of legal claims or you have objected to the processing in accordance with Article 21 GDPR.
  • pursuant to Article 20 GDPR, to receive the Personal Data that you have provided to us in a structured, standard and machine-readable format or to request the transfer to another controller.
  • pursuant to Article 77 GDPR, to complain to a supervisory authority. For example, you can contact the supervisory authority of your location or workplace or our corporate office (see Appendix A)
To exercise any of the rights listed above, please use our GDPR Web Form. For Personal Data shared externally, you can revoke your consent at any time, effective for the future by filling out our GDPR Web Form. This will not affect the legitimacy of processing under the consent up to the time of revocation.

Case-specific Right of Objection under Article 21 GDPR

You have the right at any time, for reasons arising out of your particular situation, to object to the processing of your Personal Data pursuant to Article 6 (1)(e) GDPR (Data Processing in the Public Interest) and Article 6 (1)(f) GDPR (Data processing on the basis of a balance of interests). This also applies to profiling based on this provision within the meaning of Article 4 (4) GDPR. Should you object, we will not further process your Personal Data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing is for the purpose of enforcing, pursuing or defending legal claims. Your objection should be done by filling our GDPR Web Form.