Data privacy and GDPR compliance of PitchYou

Applications must be thoroughly considered in terms of data protection, especially if external messenger tools are to be used. The applicant's personal data is highly protected. Your company can rely on us as a service provider; 100% guaranteed. Below we have summarised all the measures we take to handle personal data responsibly.

If you have any questions, please do not hesitate to contact our data protection officer Ms Joelle Hirsch of LGD Datenschutz GmbH, Rogätzer Straße 8, 39106 Magdeburg, Tel.: 0391 55686325, e-mail:

Please download the official statement on GDPR compliance here (german language).

1. Application process

With PitchYou you can offer your applicants two ways to hold interview and apply:

  • via WhatsApp messenger and
  • via Webchat.

The initial step is the same for both options. An interested person sees your job advertisement and clicks on the Apply Button or scans the job’s QR code using their mobile phone to start the application process.

1.1 Application via WhatsApp

No application without consent

Before we get started, we obtain the applicant's consent:

  • the consent to apply via WhatsApp
  • consent to process his/her personal data as part of the application.

This includes forwarding the data to your company. The consent is given separately from WhatsApp, through another channel (website). It is mandatory for the applicant to provide his/her mobile phone number through which the WhatsApp communication will take place. When he or she clicks on the "Let's go" button:

  • the WhatsApp app is automatically opened
  • a Whats-App chat with the PitchYou number 0800 998 1000 is initiated
  • the previously entered mobile phone number is compared with the number stored in WhatsApp.

If the mobile phone numbers do not match, the communication via WhatsApp is terminated immediately. This ensures that the mobile phone number entered is correct and is actually assigned to the applicant. An application without consent or "under a different number" is thus ruled out.

Total control for the Applicant

The applicant is always in total control over the dialogue with the PitchYou bot. If he or she does not agree to the use of WhatsApp, we offer the possibility to switch to the webchat and to initiate the interview there.

The applicant starts the WhatsApp dialogue by sending a first message, which is conveniently pre-written once WhatsApp is opened. The initiation of the dialogue by sending the message must be done by the applicant. During the interview, the applicant has the option to cancel the dialogue at any time. A simple stop instruction is sufficient. All data collected up until this point will be deleted. If the applicant does not continue with the interview, we consider it to have finalised 24 hours after the last message has been sent. In this case, the data will also be deleted automatically.

How do we prevent that people under 16 apply via WhatsApp?

After the applicant enters his or her date of birth, their age is calculated and checked. If the applicant is under 16, the interview is cancelled and deleted.

PitchYou - Application via Messenger

1.2 Application via webchat

The web browser on the applicant's device opens up. The dialogue is immediately initiated.

No application without consent

Before the first substantive questions are asked, we obtain the applicant's consent for the processing of personal data as part of the application. This includes forwarding the data to your company. If the consent question is not answered with "I agree", the interview will be terminated, and the data collected up to that point will be deleted.

Total control for the applicant

During the interview, the applicant has the option to cancel the dialogue at any time. A simple stop instruction is sufficient. All data collected up until this point will be deleted. If the applicant does not continue with the interview, we consider it to have finalised 24 hours after the last message has been sent. In this case, the data will also be deleted automatically.

PitchYou - Applications via messenger apps go directly to the dashboard

2. Recruiting process

Once an application has been completed, it goes to your company's PitchYou recruiting app. The app runs entirely in the web browser. There is no need for software to be installed. Access to the application is encrypted via https protocol and protected by login (username and password). The applicants and their interviews can only be viewed by authorised users.

No profiling - total control for the Recruiter

PitchYou qualifies each applicant based on the criteria you set beforehand and creates matching assessment (0% - 100%). Important: No profiling is performed, i.e. the matching percentage is an indication for the recruiter. No automated decisions (rejection or acceptance) are made on the basis of the matching. The decision as to whether an applicant is interesting or not is left to the recruiter.

Internal transfer of data

Obviously, you can pass on applicant data within your company. You can export your applicants' data via PDF or share it directly in the system.

We recommend the sharing functionality. This ensures that the data remains within the PitchYou system. The recipient receives an email with a link to the application in PitchYou. He or she will also receive a PIN. Only with this PIN can the recipient view the (single) application.

This saves you the trouble of distributing applications by e-mail in your company, which is often impossible to get on top of from a GDPR point of view.

Deleting data

The deletion of applications in PitchYou takes place in several stages.

Stage 1: Rejection area

An area for rejections is available. You can move applications to this area by selecting "Rejections" in the applicant profile.

Stage 2: Deletion and rejection

You can permanently delete applications from the rejection area. You can choose whether you want to “permanently delete” or “permanently delete with rejection”.

Companies are not obliged to send rejection letters. Nevertheless, it is good manners to do so. The system can do it for you.

What happens after the permanent deletion?

The application is no longer visible to recruiters. But we do not delete it from the database just yet. This means that technically PitchYou can still access the data. It is recommended to keep applicant data for at least 6 months from the date of rejection in order to still have the possibility to recover data in case of complaints and lawsuits under the General Equal Treatment Act.

Stage 3: Final deletion

6 months after permanent deletion, PitchYou irretrievably deletes all applicant data from the database.

PitchYou - From the traditional application process to the digital application via Messenger.

3. Order processing and external service providers

None of your company’s employees have to use WhatsApp

As a service, we handle all communication via WhatsApp. For the storage and transfer of the personal data collected with this service, we will sign a GDPR-compliant processing agreement with you.

This also means that you only have one contractual partner, namely PitchYou.

WhatsApp Business API

Communication between the PitchYou Bot and the applicant takes place via the WhatsApp Business API, which is intended precisely for communication between businesses and consumers (in our case, applicants).

We adhere to all the regulations set by WhatsApp:

  • Consent of the user via a website
  • Communication is initiated exclusively by the user

For the usage of the WhatsApp Business API, we have signed a contract with a WhatsApp-certified provider of the Business API based in Germany (MessengerPeople GmbH, Munich).

In the interests of data economy, all messages and media files are deleted from MessengerPeople immediately after they have been processed and stored in PitchYou.

Using a mobile phone in your company to communicate via WhatsApp would not be GDPR-compliant due to the all-inclusive transfer of all phone book entries. The WhatsApp Business API, on the other hand, does not run on an end device and therefore does not have a phone or contact book. A transfer is therefore technically impossible.

Data storage and development in Germany

We only use servers that are operated in Germany. Our hosting partner is the company Hetzner in Ansbach.

The software has been fully developed in Germany. All employees who might have access to personal data (e.g. through support tasks) are sworn to secrecy in writing.

WhatsApp uses servers outside the EU. Communication via WhatsApp is end-to-end encrypted. The contents of the communication are therefore protected. Only the information that a connection between the applicant's number and the number of the PitchYou Bot has taken place is transferred to WhatsApp. The candidate has already agreed to this by accepting the WhatsApp terms and conditions when installing WhatsApp.

The storage of communication metadata in the USA was previously regulated by the Privacy Shield agreement between the USA and the EU. This agreement was declared insufficient by a new EU Court of Justice ruling. In order to be on the safe side in terms of data protection law, until a new political agreement is achieved, we also obtain explicit consent from WhatsApp for the storage of data in the USA and third countries for each application.

What other external services do we use?

We use the Google Maps API to determine the distance between the applicant and the potential job location. The applicant's postcode is transferred, without any reference to personal data.

For the automatic translation of messages from other languages into German and vice versa, we use the Google Translate API. Only texts are transferred, without reference to a person or a conversation thread.

PitchYou - Digitalised matching brings applicants and companies together
Navigation Schließen Suche E-Mail Telefon Kontakt Pfeil nach unten Pfeil nach oben Pfeil nach links Pfeil nach rechts Standort Externer Link Startseite Facebook LinkedIn Instagram