Last update: September 2024
Below, you will find our ‘General Data Protection Policy for our website, as well as the ‘Data Protection Policy for Headhunting and Recruitment Services‘ applicable if you utilize our recruitment services.
Controller as per GDPR is the following legal entity:
GENIC Direct GmbH & Co KG
Schönbichlstrasse 90d
82211 Herrsching
+49 8152 9886 0
E-Mail-Adresse: info@genic.de
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer. The following data is logged:
This data is processed in order to be able to present the website, to ensure the security, availability and integrity of the website (e.g., detection and defense against DoS attacks or access by bots), to improve the quality and presentation of the website, to be able to identify and correct errors and for statistical purposes.
This data is regularly deleted after 7 days at the latest.
Our website is hosted by a service provider in the EU on the basis of a data processing agreement pursuant to Art. 28 GDPR.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the above purposes.
If you contact us, e.g. by e-mail, via a contact form or via live chat, the information you provide will be stored for the purpose of processing the request.
The legal basis for this data processing is Art. 6 (1) lit. f) GDPR. Our overriding legitimate interest is the communication with prospects, visitors, and customers. If the purpose of the contact is to conclude a contract, the legal basis for processing is Art. 6 (1) lit. b) GDPR.
We process the data of our customers, service providers and suppliers as part of the provision of our contractual services. In this context, inventory data (for example, surname and first name of the contact person(s), address), contact data (for example, e-mail address, telephone number), contract data (for example, subject matter of the contract, term), payment data and data collected in the context of the provision of services and/or required for the provision of services are processed, if applicable.
We offer the option to contact us via WhatsApp, a service operated by WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“WhatsApp”), a subsidiary of Facebook. When you communicate with us through WhatsApp, both we and WhatsApp receive your phone number and the information that you have contacted us.
WhatsApp forwards this data to Facebook servers in the USA, where it is processed by both WhatsApp and Facebook in accordance with the WhatsApp Privacy Policy, which includes processing for their own purposes. Please note that WhatsApp also accesses the address book of the device used, along with the contact data stored therein. For more details on the purpose and scope of data collection, further data processing by WhatsApp and Facebook, your rights, and privacy protection settings, please refer to WhatsApp’s privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.
The legal basis for this data processing is Article 6(1)(f) GDPR, reflecting our legitimate interest in communicating with interested parties, visitors, and customers. If the contact is made with the intention of entering into a contract, the legal basis for processing is Article 6(1)(b) GDPR.
You can subscribe to our email newsletter through our website. During registration, the data you provide in the input form, along with the IP address of the device used and the date and time of registration, will be transmitted to us. We will obtain your consent for processing this data during registration and direct you to our Privacy Policy.
To ensure that the subscription is made by the rightful owner of the email address, we use a “double opt-in” process. After registration, a confirmation email is sent to the provided email address. Your subscription is only finalized once you activate the confirmation link within that email. The IP address of the device used, and the date and time of link activation are also recorded.
You can unsubscribe from the newsletter at any time by using the unsubscribe link in each email or by contacting us directly through the provided contact details.
The legal basis for processing your data after newsletter registration is your consent under Article 6(1)(a) GDPR.
Please note that if you withdraw your consent, we will retain the data related to your consent until the statutory limitation period expires (according to Section 195 of the German Civil Code (BGB), three calendar years after the last email newsletter was sent). This retention is necessary to ensure we can defend ourselves legally if needed. During this period, the obligation to demonstrate compliance with GDPR (Article 17(3)(e)) takes precedence over the obligation to delete the data. The legal basis for retaining this consent data is Article 6(1)(c) in conjunction with Article 5(1)(a), (2), Article 7(1) GDPR, and Article 6(1)(f) GDPR.
A statistical analysis of usage data may be carried out for our newsletters. For this purpose, we may record both the openings of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the newsletter content more relevant to our target group.
The legal basis for this analysis is your consent pursuant to Art. 6 (1) lit. a) GDPR.
We use an external service provider as a data processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection.
In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies may be small files or other types of information storage. Information is stored in cookies that is related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain immediate knowledge of your identity.
When visiting our website, only cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are required for the display of the website and for recognizing language settings.
When using essential cookies, the legal is our legitimate interest, Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation and provision of our website.
6.2 Non-Essential Cookies
Our website does not use any non-essential cookies. We neither employ web analytics nor any marketing tools that set such cookies. Additionally, all web fonts are integrated locally on our website.
Social media buttons of various social media networks (e.g. Linkedin and XING) are integrated on our website.
If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile with the respective social media network or are not logged in there. This information (including your IP address) is transmitted by your browser directly to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account with the social media network.
For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection, please refer to the respective privacy policy of the providers of the social media networks.
We maintain publicly accessible profiles on various social media platforms (e.g., LinkedIn).
When you visit our social media pages and are logged into the respective platform, the provider of that social media network may analyze your usage behavior, link the information collected to your account, and enrich it with additional data. Even if you are not logged in or do not have an account with the respective platform, the provider may still collect personal data, such as your IP address or information gathered through cookies.
Social media providers may use this data to create user profiles. These profiles can then be utilized to display interest-based advertisements both on the social media platform and on other websites.
When you visit one of our social media pages, we share joint responsibility with the respective platform provider for the collection and processing of your personal data. For more details on how your personal data is collected and processed, we direct you to the privacy policy of the respective social media platform.
You have the right to exercise your data subject rights in accordance with Chapter III of the GDPR (including rights to access, rectification, deletion, restriction of processing, and data portability) both with us and with the provider of the social media platform. However, please note that our ability to influence the processing of your personal data and the implementation of these rights is limited to the functionalities provided by the respective platform provider.
Our use of social media pages is based on Article 6(1)(f) GDPR. Our legitimate interests include the online presence and marketing of our products and services.
We collect and process personal data from applicants for the purpose of managing the application process.
If an employment contract is concluded with an applicant, the transmitted data will be processed to manage the employment relationship in accordance with statutory provisions. If no employment contract is concluded, the application documents will be deleted immediately upon completion of the application process, unless there is an overriding legitimate interest in retaining the data. Such interests may include the defense of legal claims or the preservation of evidence in accordance with the General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz – AGG).
The legal basis for this storage and processing is the performance of the contract or the implementation of pre-contractual measures pursuant to Art. 6 (1) lit. b) GDPR, in Germany § 26 BDSG.
8.2 Talent Pool
If the applicant has consented to a longer storage of his/her data, we will store the data submitted as part of the application in our talent pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, contact the applicant in this regard. After this period, the data will be deleted.
Such consent to the storage of application data in our talent pool can be withdrawn at any time for the future. To do so, please send us an email to the contact details provided above.
The legal basis for the storage of application documents in our talent pool is, if applicable, the applicant’s consent pursuant to Art. 6 (1) lit. a) GDPR.
8.3 VIDEO CONFERENCES AND WEBINARS
If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter “video conferences”) organized by us, we process your personal data in the course of your participation.
When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.
If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.
To enable participation in the video conference, data from your terminal’s microphone and any terminal video camera and, if you share your screen, information from this “screenshare” is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.
Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained.
You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them.
Insofar as personal data of our employees is processed, Art. 6 (1) lit. b) GDPR in conjunction with § 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing, insofar as German law is applicable to the processing of employee data.
If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our overriding legitimate interest pursuant to Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases, our overriding legitimate interest is in the effective implementation of video conferences.
Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar).
Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences.
We use one or more service providers as data processors for the implementation of video conferences on the basis of a data processing agreement pursuant to Art. 28 GDPR.
This may involve the transfer of personal data to a third country without an adequate level of data protection. In this case, we ensure that appropriate safeguards are provided for the transfer in accordance with Art. 46 GDPR. We will provide you with proof of the appropriate safeguards (Standard Contractual Clauses) at any time upon request.
This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.
Within our company, your data is accessed only by the internal departments or organizational units that require it to perform their tasks, fulfill contracts with you, process data based on your consent, or safeguard our overriding legitimate interests.
Data will only be shared with third parties in compliance with legal requirements. We will only transfer your data to third parties if it is necessary for contractual purposes under Article 6(1)(b) GDPR or to protect our overriding legitimate interests in the effective operation of our business pursuant to Article 6(1)(f) GDPR.
When we engage service providers for the operation of our website, platform, or other services, we implement appropriate legal safeguards and technical and organizational measures to ensure the protection of your personal data.
You have the rights explained below with regard to the personal data processed by us concerning you:
You can request information in accordance with Art. 15 GDPR about your personal data that we process.
If the information concerning you is not (or no longer) accurate, you may request a correction in accordance with Art. 16 GDPR. If your data is incomplete, you may request that it be completed.
You may request the erasure of your personal data in accordance with Art. 17 GDPR.
In accordance with Art. 18 GDPR you have the right to request restriction of processing of your personal data.
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6(1)(e) or (f) GDPR, in accordance with Article 21(1) GDPR. If you raise such an objection, we will cease processing your data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or if the processing is necessary for the establishment, exercise, or defense of legal claims (Article 21(1) GDPR).
Additionally, under Article 21(2) GDPR, you have the right to object at any time to the processing of your personal data for direct marketing purposes. This right also applies to any profiling related to such direct marketing.
12.6 Right to Withdraw Consent
Insofar as you have given your consent for processing, you have a right to withdraw your consent pursuant to Art. 7 (3) GDPR.
You have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format (“data portability”) as well as the right to have this data transferred to another controller if the conditions of Art. 20 (1) lit. (a) and (b) GDPR are met.
You can exercise your rights by notifying the above contact details for the data controller or the data protection officer.
If you believe that our processing of your personal data violates data protection law, you also have the right to complain to a data protection supervisory authority of your choice pursuant to Article 77 GDPR.
The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data, although the provision of personal information is required for the conclusion of a contract to the extent that certain details are required in order to conclude (and perform) a contract.
We do not perform automated decision making, including profiling.
We follow the principles of data minimization and storage limitation, retaining your personal data only for as long as necessary to fulfill the purposes for which it was collected or as required by legal retention periods.
Once the purpose for storing your data no longer applies, or if a legally mandated storage period expires, your personal data will be routinely anonymized or deleted in compliance with statutory provisions.
We implement appropriate technical and organizational measures, in line with current best practices (state of the art), to ensure that the level of protection for the personal data we process is commensurate with the risks associated with the processing. These measures protect the data we handle from accidental or intentional manipulation, loss, destruction, or unauthorized access.
For security reasons and to protect the transmission of confidential information, such as inquiries, or payment data you send to us, our website uses SSL encryption.
We reserve the right to amend this Privacy Policy as needed to comply with current legal requirements or to reflect changes in our services, such as the introduction of new offerings. The version of the Privacy Policy in effect at the time of your visit to our website or use of our services will apply.
This privacy policy outlines how your personal data is processed when you use our headhunting and recruitment services.
Controller as per GDPR is the following legal entity:
GENIC Direct GmbH & Co KG
Schönbichlstrasse 90d
82211 Herrsching
+49 8152 9886 0
E-Mail-Adresse: info@genic.de
We process your personal data for the following purposes:
The processing of your personal data is based on the following legal bases:
We collect your personal data directly from you and through other sources, such as professional social media platforms like Xing and LinkedIn.
During the registration process, we collect data from your CV and any additional information you provide, including certificates and references.
The categories of personal data processed include:
Your personal data may be shared with the following categories of recipients:
Your personal data will only be transferred to third countries if you have given your consent, if the transfer is necessary for the performance of a contract, or if it is otherwise permitted under legal provisions.
We retain your personal data only for as long as necessary to fulfill the purposes outlined above or as required by statutory retention periods. Once these periods expire, your data will be deleted in accordance with legal requirements.
For further details, including your rights, please refer to our General Data Protection Policy. You may also contact us via email at info@genic.de.
GENIC Direct GmbH & Co KG
Schönbichlstrasse 90d
82211 Herrsching
GENIC Direct GmbH & Co KG
Bahnhofstraße 2
82211 Herrsching
