Online Applicant System (BOS) – As of June 15, 2026
The following information provides an overview of how your personal data is processed in connection with your online application and the subsequent handling of your documents at KIT.
Note: Please check your documents to ensure they are complete. No additional documents can be submitted via the portal. If you need to submit additional documents, please be aware that the contents of unencrypted emails are about as secure as the contents of a postcard. Please note that data transmission over the Internet (e.g., when communicating via email) may be subject to security vulnerabilities.
Overview
1. Data Controller and Data Protection Officer
2. Purpose of Processing
3. Legal Basis
4. Recipients
5. Retention Period
6. Website Visits and Server Log Files
7. Cookies
8. TLS Encryption
9. Employee Referral Program
10. Your Rights
1. Data Controller and Data Protection Officer
The data controller within the meaning of the GDPR (Art. 4(7)) and other data protection regulations is:
Karlsruhe Institute of Technology (KIT)
Kaiserstrasse 12 76131 Karlsruhe
Germany
Tel.: +49 721 608-0
Fax: +49 721 608-44290
Email: info@kit.edu
The Karlsruhe Institute of Technology is a public-law corporation. It is represented by its current President.
You can contact our Data Protection Officer at datenschutzbeauftragte@kit.edu or at the mailing address with the addition “The Data Protection Officer.”
2. Purpose
of Processing The purpose of data processing is to establish and carry out your employment relationship. This also includes a review under foreign trade law regarding any existing personal, country-specific, and/or usage-related restrictions in the event of travel expense reimbursement or an intended hire.
3. Legal Basis
The legal basis for the processing of your personal data is Art. 6(1)(e), (3) of the GDPR in conjunction with Section 15(1), sentence 1, of the Baden-Württemberg State Data Protection Act (LDSG) or Section 83(1) of the Baden-Württemberg State Civil Service Act.
If you provide information regarding a severe disability or equivalent status on a purely voluntary basis, the legal basis is Article 6(1)(e) and (3) of the GDPR in conjunction with Article 9(2)(b) of the GDPR in conjunction with Section 15(2) of the LDSG or Section 83(1), second sentence, of the Civil Service Act of Baden-Württemberg (LBG) in conjunction with Section 15(2) of the LDSG.
Furthermore, processing for the purpose of foreign trade compliance checks is governed by Sections 18 and 19 of the Foreign Trade Act (AWG), the relevant EU regulations*, and other legally relevant sanctions lists**.
4. Recipients
Only authorized employees within KIT who absolutely need to be informed of your application have access to your personal data: the Human Resources Service unit, the organizational unit advertising the position or the selection committee, as well as the employee representative bodies (Staff Council, Equal Opportunity Officer, and, if applicable, the Representative for Persons with Severe Disabilities), and, in the case of travel expense reimbursement, the Financial Management unit. Under certain circumstances, the Legal Affairs Service Unit (DE RECHT) may be involved as part of the review under foreign trade law.
Data will be transferred to third parties only in cases where KIT is legally obligated to do so. A legal obligation exists, in particular, in the context of the foreign trade compliance review to determine whether any personal restrictions apply.
5. Retention Period
The data will be deleted from the online portal as soon as it is no longer required for the purpose of conducting the application process. In the event of a rejection, the applicant’s data will be completely deleted from the application system after a retention period of 100 days. We restrict processing if statutory retention obligations apply.
If you are hired by KIT, your resume and the corresponding certificates will be added to your personnel file, which will be created in this case.
6. Website Visits and Server Log Files
When you use the website for informational purposes only—that is, if you do not register or otherwise provide us with information—we collect only the personal data that your browser transmits to our server based on your browser settings (server log files): truncated IP address, date and time of the request, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, user agent (browser used, including operating system), referrer URL (website from which the file was requested).
This data is used to technically optimize the website and to ensure the security of our IT systems. The IP address is necessary for the operation and delivery of the website; it is recorded in truncated form in the log files and is no longer available in its entirety after the request. We do not use this data to directly identify individual persons. The data is processed for statistical purposes; it is not cross-referenced with other databases. We reserve the right to review this data retrospectively if we become aware of specific indications of unlawful use.
The legal basis for the temporary storage of the data is Art. 6(1)(e), (3)(b) of the GDPR in conjunction with § 4 of the LDSG or § 20(1) of the KITG in conjunction with § 12(1) of the LHG.
Personal data is stored for as long as necessary to achieve the purpose for which it was collected. The data is deleted after seven days at the latest.
7. TLS Encryption
This website uses TLS encryption for security reasons and to protect the transmission of confidential content, such as the inquiries you send to us as the website operator. You can recognize an encrypted connection by the fact that the browser’s address bar changes from “http://” to “https://” and by the lock icon in your browser’s address bar.
When TLS encryption is enabled, the data you transmit to us generally cannot be read by third parties. Please note, however, that when data is transmitted over the Internet, completely foolproof protection against access by third parties can never be guaranteed.
8. Cookies
In addition to the data mentioned above, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your device by the browser you are using and through which certain information is transmitted to us (our website’s server). We use so-called session cookies (transient cookies). The following data is stored and transmitted via the cookies we use:
| Category | Cookie | Purpose | Stored Data | Storage Duration |
| Internal and external | JSESSIONID
| The purpose of this cookie is to identify your computer while you are visiting our website.
| Session ID
| Session |
| external only | captcha
| Required to prevent automated access to the application form. It is set only if the "Captcha" field is enabled in the application form.
| Token
| Maximum 1 day |
external only
| dvinciVideo-EmbedProtection
| The purpose of this cookie is to determine whether you have consented to the loading of video content from YouTube and/or Vimeo for the duration of the session.
| Which platform you have consented to. (YouTube and/or Vimeo)
| Session |
| internal only | dvinciSessionId
| The purpose of this cookie is to identify your computer across all products during your visit.
| Session ID
| Session |
| Internal only | SESSION
| The purpose of this cookie is to identify your computer while you are visiting the respective product (Platform, Onboarding, ...). | Session ID
| Session |
Internal only
| d5MenuCookie
| The purpose of this cookie is to remember whether you have expanded or collapsed your menu and to restore it to that state the next time the page loads. | Session ID
| Session |
These cookies are required so that you can fill out the online application form.
The legal basis for the processing of personal data using technically necessary cookies within the meaning of Section 25(2) TDDDG is Article 6(1)(e), (3)(b) of the GDPR in conjunction with Section 4 of the LDSG or Section 20(1) of the KITG in conjunction with Section 12(1) of the LHG.
Session cookies are automatically deleted when you close your browser or after 30 minutes of inactivity. Blocking session cookies will prevent you from using the online applicant portal. If you encounter problems using the online applicant portal, please check whether the temporary storage of session cookies is enabled in your browser settings.
9. Employee Referral Program
If the form includes the notation “Referral by KIT employees,” you will receive the following specific information in addition to the information mentioned above:
To administer the Employee Referral Program at KIT, the designated staff members of the Personnel Development and Vocational Training (PEBA) unit receive the following data at regular intervals:
- Name and email address: so that the person who referred you can be contacted via email
- Gender, target group (research, administration, infrastructure), country of origin of the application (domestic/international): for statistical and reporting purposes within the Human Resources department and, if applicable, the KIT Executive Board
The data is processed exclusively in connection with the program. Your name and email address will be stored at PEBA for three months. The data used for statistical purposes is stored at PEBA without being linked to your name.
10. Your Rights
You have the following rights with respect to your personal data:
- Right of access
- Right to rectification or erasure
- Right to restriction of processing
- Right to object to processing
- Right to data portability
- Right to Withdraw Consent
You also have the right to lodge a complaint with a data protection supervisory authority regarding our processing of your personal data (https://www.baden-wuerttemberg.datenschutz.de/).
* Currently, these include: EC Regulation 2580/2001, EU Regulation 881/2002, EU Regulation 753/2011, EU Regulation 2016/1686, EC Regulation 305/2006, EU Regulation 2018/1542, EU Regulation 2019/796, EU Regulation 2020/1998, as well as country-specific embargo regulations that impose restrictions on certain individuals.
** Currently: DBL List of Statutorily Debarred Parties; DPL Denied Persons List; ETL The Entity List; FSE Foreign Sanctions Evaders List; SDN Specially Designated Nationals List; SSI Sectoral Sanctions Identification; UVL Unverified List
