Privacy Policy Applicants


Version: April 2023 

We as Impossible Cloud GmbH („Impossible Cloud“, „we“ or „us“)  take data protection in general quite serious. In the following we will inform you about the personal data Impossible Cloud is processing and for what purpose we are processing your personal data when you apply for a job. Additionally, it explains your rights under the GDPR, including the right to object certain processing activities executed by Impossible Cloud. If additional information can be voluntarily shared, these are indicated as being “optional“.

This privacy policy applies in addition to our standard privacy policy where you will find general information on data processing relating to your visit on our website and our Impossible Cloud application. 

Table of Contents

  1. Information regarding the Data Controller
  2. Definitions
  3. Categories of personal data and purposes of processing
  4. Your rights
  5. Data Transfer in-/outside the European Union or the European Economic Area
  6. Data Security
  7. Retention Period
  8. Updates and Changes


1. Information on the Data Controller 

Data controller under Art. 4 (7) GDPR for your personal data is

Impossible Cloud GmbH

Jürgen-Töpfer-Str. 48

22763 Hamburg



The easiest way to reach our data protection officer is by sending an email to or writing to the above address with the subject “Data Protection Officer”. 

Legal Information

Trade Register: HRB 170423

District Court: Hamburg


2. Definitions

“Personal Data“ are all information which relates to an identified or identifiable natural person. This includes, e.g., items like the name, postal address, e-mail address or telephone number, but also usage data like your IP address.

“Processing“ is every process carried out with or without automated assistance or every sequence of such processes in connection with personal data, e.g. obtaining, capturing, organizing, ordering, saving, adjusting or modifying, sorting, accessing, using, disclosing by transmission, distributing or any other form of making available, comparing or connecting, limiting, deleting or destroying.


3. Categories of personal data and purposes of processing 

When you apply for a job at Impossible Cloud, we process the data you provided us with. This data will solely be processed in order to enter an employment relationship with you. In the following paragraphs we will explain the purposes, the legal basis of the processing and which exact data is processed during the application process.


3.1. Lever

Impossible Cloud is using Lever as application management tool where internal/ external applicants upload their application documents and Impossible Cloud recruiters as well as hiring managers can view the applications. If you apply internally you may be forwarded to the internal job board of Lever to hand in your application documents. The personal data will be processed during the Impossible Cloud application process are the following:

your contact details (name, address, phone number and email-address), your application documents (resume, cover letter,  former professional experience, information on education, certificates), salary expectations, motivation to apply, the job title of the vacancy, the possible entrance date and as the case may be health data (like information about a disability) and for internal applications the current position at Impossible Cloud and information if your supervisor is informed about your application. 

Impossible Cloud will process your data in order to enter an employment relationship with you and therefore do this on the basis of Sec. 26 Abs. 1 German Federal Data Protection Act in connection with Sec. 8 German Federal Data protection Act (new) as well as Sec. 22 Abs. 1 b) German Federal Data Protection Act. Lever is incorporated in the United States of America (US). As this is a data transfer to a country outside the European Union, Impossible Cloud took all necessary measures to secure your data (e.g. EU standard contractual clauses) pursuant to Art. 46 GDPR to safeguard the data transfer. 

Additionally, Impossible Cloud offers a so-called Referral Program to their employees. This means that Impossible Cloud employees can refer applicants and will receive a reward if the referred person is employed. There are two ways how you can get referred: Firstly, one of our employees will enter the above-mentioned applicant data in our Lever tool for you after you gave your consent to do that or secondly, he or she will send you a special link to the application where you can enter all the information yourself. As a result of this, we will make a connection between you and the referrer to be able to reward the referrer when you are hired. 

Further information on data privacy at Lever can be found at:

3.2. Relocation Service

Impossible Cloud works together with a relocation service provider to offer our employees a service which helps them with everything that is connected to the relocation to Germany. The service provider is bound by our instructions and we have obtained information about their technical and organizational measures for the secure processing of personal data. Impossible Cloud may forward your name, email-address and your pass, ID or visa to the provider for the relocation service. We will only transfer the data if you have given the explicit consent in writing. You have the right to withdraw the consent at any time. Please just contact us at the address given in section 1 of this Privacy Policy. The legal basis for processing your data is based on Art. 6 (1) (a) GDPR.


3.3. Social Media

Impossible Cloud may also obtain data from other sources, websites and other publicly accessible data on the internet. This includes data you manifestly made public in a social media online account like LinkedIn or Xing or when getting in touch with us via the social media platforms. This data may be your contact details (name, address, phone number and email-address), your application documents (resume, cover letter,  former professional experience, information on education, certificates), your salary expectations, the job title of the vacancy, the possible entrance date and as the case may be certain skills you provided via the social media platform.  We process for the initiation of an employment relationship according to Sec. 26 (1) German Federal Data Protection Act. 


3.4. Defense against legal claims 

Additionally, Impossible Cloud may process your data, if this is necessary for defense against legal actions against us resulting from the recruiting process pursuant to Art. 6 (1) (b) & (f) GDPR and restrict your data for half a year after your application has been rejected. 


4. Your Rights

You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by us. Where this is the case, we will be pleased to give you access to the personal data and the information listed in Art. 15 GDPR. 

In addition, you have the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR), the right to restriction of processing (Art. 18 GDPR) and the right to data portability (Art. 20 GDPR), subject to the relevant legal requirements. In addition, you have the right to object to the processing under the statutory conditions (Art. 21 GDPR) or to withdraw any consent you have given at any time with effect for the future (Art. 7 (3) GDPR).

In order to assert your rights against us, it is sufficient to send an e-mail to or a postal letter to the address mentioned under “1. Information on the Data Controller”. 

In addition, you may at any time lodge a complaint with a competent supervisory authority if you consider that the processing of your personal data infringes data protection regulations (Art. 77 GDPR).


5. Data transfer in-/outside the European Union or the European Economic Area 

In some cases, we contract external service providers to process data (e.g. management of applications or personality analysis). Therefore, it is necessary to transfer your personal data to our contractors who process your data strictly bound to the respective reason we contracted them for. Our contractors are chosen with special care and instructed in writing. They are bound by our instructions and we assessed their technical and organisational measures to secure the security of any personal data that is transferred to them.

When the service providers are incorporated inside the EU and European Economic Area (EEA) we sign data processing agreements according to Art. 28 (3) GDPR with them. 

Whenever personal data is processed by a service provider incorporated in a country outside the EU or EEA, this is only done, on the basis of decisions of the EU commission according to Art. 45 GDPR or data protection is guaranteed by other measures such as EU standard contractual clauses or binding corporate rules. Impossible Cloud has taken all necessary and appropriate measures to ensure the safety and privacy of your data when working with external service providers necessitates the special protection of your data. 


6. Data Security 

We have taken appropriate technical and organizational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction. Such measures are reviewed periodically and adapted in line with the state of the art. 


7. Retention periods 

The data provided by you to us is only stored for as long as is required (up to 12 months) to perform the respective purpose for which you have transmitted your data, or inasmuch as it is required for conformity with statutory or official requirements.

If you have given your consent to store the data for example for our internal talent pool, we may process them until you withdraw your consent for this processing. 

If we enter a relationship of employment with you, your data will be processed by the means set forth in the privacy policy available on the internal Impossible Cloud ClickUp page.


8. Updates and Changes

We retain the right to modify this privacy policy at any time in the future in accordance with the applicable data protection regulations.


Get in touch to switch to Impossible Cloud