definitions
Any terms not defined in this Privacy Policy shall have the meaning given to such terms in the Data Protection Legislation.
changes to our privacy statements
We may need to change this privacy notice from time to time. In that event, we will post an updated version of our privacy notice on this page that will apply to all of your information that we hold at that time.
note
If you choose not to provide us with certain information, we may not be able to (continue to) provide you with the products or services you request.
third party websites and services
Our website and services may contain links to third party websites. When you use our Services, you may be directed to third-party websites. Your use of these websites and services is subject to the terms of use, privacy policies, and cookie policies of those third parties. Please read the privacy policies and terms of use of those websites, as we are not responsible for them.
content
A. privacy policy
B. privacy policy for persons applying (recruiting)
C. privacy policy for social media
A. privacy policy
The protection of your data is important to us. We place the highest value on the protection of your data. That is why we respect your privacy. We always inform you about it transparently, what we need your data for and whether or how long we store it.
content
- general information
1.1. processing of personal data
1.2. responsible company
1.3. data subject rights
1.4. recipients of personal data (general information)
1.5. information on data transfer to the USA and other non-EU countries
1.6. SSL and/or TLS encryption - collection and processing of personal data when visiting our website
2.1. hosting and Content Delivery Networks (CDN)
2.2. cookies / tools
2.2.1. consent with Usercentrics
2.2.2. form.taxi
2.2.3. Font Awesome (local embedding)
2.2.4. LinkedIn
2.2.5. XING
2.2.6. TuCalendi - other functions and offers (within and outside the website)
3.1. contacting / communicating / collaborating
3.2. mailing
3.3. privacy policy for persons applying (recruiting) - objection or revocation to the processing of your data
1. general information
With this privacy policy, we would like to inform you about the collection of personal data when using of our website and related services. This privacy policy applies to all websites or services that refer to this privacy statement.
1.1. processing of personal data
Personal data (in short: data) in the sense of § 4 EU General Data Protection Regulation (GDPR) are all information, relating to an identified or identifiable natural person, e.g. name, address, e-mail address etc.
1.2. responsible company
The company responsible for the processing of personal data within the meaning of § 4 (7) GDPR is: generatum GmbH, Amselweg 4, 54306 Kordel, e-mail@generatum.lu (see our legal notices).
We have not appointed a data protection officer, as
- we do not employ 20 or more employees who regularly process personal data automatically (company size / number of employees).
- we do not process sensitive data revealing race, ethnic origin, political opinion, religious beliefs, trade union membership, health or sex life of an individual (level of detail of data).
- our core activity does not consist in the transfer of personal data (business area).
- we do not process any data that requires a data protection impact assessment (processing risk).
Certain processing operations may be carried out under the responsibility of other companies. This is indicated below in the respective description of the processing, if this is the case.
1.3. data subject rights
You have the following rights as a data subject of the data processing in accordance with the legal provisions with regard to the personal data concerning you:
- right to information,
- right to rectification or cancellation,
- right to restriction of processing,
- right to object to processing,
- right to data portability.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
When processing your rights, we may ask you for proof of identity. For more information on how we process your data in this process, please see 3.1.
1.4. recipients of personal data (general information)
In the course of our business activities, we cooperate with various external bodies. In some cases, this also requires the transfer of personal data to these external bodies. We only disclose personal data to external bodies if this is necessary in the context of the performance of a contract, if we are legally obliged to do so (e.g. disclosure of data to tax authorities), if we have a legitimate interest in the disclosure pursuant to Art. 6 (1) lit. f GDPR or if another legal basis permits the disclosure of data. When using processors, we only disclose personal data of our customers on the basis of a valid contract on commissioned processing. In the case of joint processing, a joint processing contract is concluded.
In addition to the listed receiving parties in each section below, we transmit the collected data for processing to the appropriate internal departments and to other affiliated companies within the vidulus group or to external service providers, data processors according to the required purposes. In addition, we forward the data to the following recipients:
-
Platform / hosting service providers have access to personal data from a third country (countries outside the European Economic Area). So-called standard contractual clauses pursuant to § 46 GDPR have been concluded as suitable guarantees. For third countries / companies for which a adequacy decision exists, the adequacy decision shall also apply. Further information can be found here: “international dimension of data protection”.
-
Analysis service providers will have access to personal data from a third country (countries outside the European Economic Area). So-called standard contractual clauses pursuant to § 46 GDPR were concluded as suitable guarantees. For third countries / companies for which an adequacy decision exists, the adequacy decision also applies. Further information can be found here: “international dimension of data protection”.
-
IT support service providers will have access to personal data from a third country (countries outside the European Economic Area). So-called standard contractual clauses pursuant to § 46 GDPR have been concluded as suitable guarantees. For third countries / companies, for which an appropriateness resolution exists, the appropriateness resolution shall also apply. Further information can be found here: “international dimension of data protection”.
-
Authorities: In the event of a legal obligation, we reserve the right to disclose information about you, if we are obliged to transmit them to competent authorities or law enforcement agencies, according to § 6 (1) c GDPR (legal obligation).
For more information, see the corresponding paragraphs in each section.
1.5. information on data transfer to the USA and other non-EU countries
Among other things, we use tools of companies domiciled in the United States or other from a data protection perspective non-secure non-EU countries. If these tools are active, your personal data may potentially be transferred to these non-EU countries and may be processed there. We must point out that in these countries, a data protection level that is comparable to that in the EU cannot be guaranteed. For instance, U.S. enterprises are under a mandate to release personal data to the security agencies and you as the data subject do not have any litigation options to defend yourself in court. Hence, it cannot be ruled out that U.S. agencies (e.g., the Secret Service) may process, analyze, and permanently archive your personal data for surveillance purposes. We have no control over these processing activities.
1.6. SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line.
If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.
2. collection and processing of personal data when visiting our website
When visiting and using our website, we already collect personal data. In this section you will find more information about website-specific processes and tools, especially from external partners. For more information about processes that can also take place in an offline context, see section 3.
2.1. hosting and Content Delivery Networks (CDN)
Purpose / Information:
In the case of merely informational use of the website, i.e. if you do not otherwise transmit information to us, e.g. via a contact form,
we only collect the personal data that your browser transmits to servers and that are required for the presentation of our website and
are technically necessary to ensure stability and safety.
Cookies / tools used: Type A. For more information, see “cookies / tools”.
Receiver:
We are hosting the content of our website at the following provider:
2.1.1. Amazon Web Services (AWS)
The provider is the Amazon Web Services EMEA SARL, 38 Avenue John F. Kennedy, 1855 Luxembourg (hereinafter referred to as “AWS”).
When you visit our website, your personal data will be processed on AWS servers. This may also result in the transfer of personal data to the parent company of AWS in the United States. The transfer of data to the US is based on the EU’s standard contractual clauses. For details please consult: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
For more information, please see the AWS Data Privacy Policy: https://aws.amazon.com/privacy/.
AWS is used on the basis of Art. 6(1)(f) GDPR. We have a legitimate interest in a depiction of our website that is as reliable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees
that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
2.1.2. Amazon CloudFront CDN
We use the Content Delivery Network Amazon CloudFront CDN. The provider is Amazon Web Services EMEA SARL, 38 avenue John F. Kennedy, L-1855, Luxembourg (hereinafter referred to as “Amazon”).
Amazon CloudFront CDN is a globally distributed Content Delivery Network. During these transactions, the information transfer between your browser and our website is technically routed via the Content Delivery Network. This enables us to boost the global availability and performance capabilities of our website.
The use of Amazon CloudFront CDN is based on our legitimate interest in keeping the presentation of our web services as error free and secure as possible (Art. 6(1)(f) GDPR).
The data transfer to the United States is based on the Standard Contract Clauses of the EU Commission. You can find the details here: https://aws.amazon.com/de/blogs/security/aws-gdpr-data-processing-addendum/.
For more information on Amazon CloudFront CDN please follow this link: https://aws.amazon.com/privacy/.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees
that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
For more receivers, see the section 1.4. on general receivers.
2.2. cookies / tools
We only use technically necessary cookies. Functionality, tracking, performance, targeting and advertising cookies are not used. Cookies are small text files that are placed on your end device by your browser to store certain information. The next time you visit our website with the same end device, the information stored in cookies will subsequently be passed on either to our website (“first party cookie”) or to another website to which the cookie belongs (“third party cookie”).
Through the stored and returned information, the respective website can recognize that you have already called up and visited it with the browser of your end device. We use this information to optimally design and display the website according to your preferences. Only the cookie itself is identified on your end device. Any further storage of personal data only takes place with your express consent or if this is absolutely necessary in order to be able to use the service offered and accessed by you accordingly.
This website uses the following types of cookies / tools, the scope and functionality of which are explained below:
Type A: Technical / Range Measurement - to ensure that the requested service can be provided, including basic analysis (no consent required under the Data Protection Directive 2002/58/EC).
Please note that the tools listed in the following subsection may not be in use all the time.
2.2.1. consent with Usercentrics
This website uses the consent technology of Usercentrics to obtain your consent to the storage of certain cookies on your device or for the use of specific technologies, and to document the former in a data protection compliant manner. The party offering this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 München, Germany, website: https://usercentrics.com (hereinafter referred to as “Usercentrics”).
Whenever you visit our website, the following personal data will be transferred to Usercentrics:
- your declaration(s) of consent or your revocation of your declaration(s) of consent
- your IP address
- information about your browser
- information about your device
- the date and time you visited our website
Moreover, Usercentrics shall store a cookie in your browser to be able to allocate your declaration(s) of consent or any revocations of the former. The data that are recorded in this manner shall be stored until you ask us to eradicate them, delete the Usercentrics cookie or until the purpose for archiving the data no longer exists. This shall be without prejudice to any mandatory legal retention periods.
Usercentrics uses cookies to obtain the declarations of consent mandated by law. The legal basis for the use of specific technologies is Art. 6(1)(c) GDPR.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees
that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
2.2.2. form.taxi
Our website uses form.taxi, a web service provided by the https://form.taxi website (hereinafter “form.taxi”). In order to provide you with the functionality of the form, we send the data you provide to form.taxi. This data is processed and stored there and passed on to us by e-mail. In addition, form.taxi collects, among other things, other data such as your IP address, your type of browser, the domain of the website, the date and time of access in order to provide the desired functionality of the form. Legal basis for the use of form.taxi is § 6 para. 1 p. 1 lit. f GDPR (legitimate interest). The data processing and storage takes place within the European Union. For more information, please refer to the privacy policy of form.taxi: https://form.taxi/de/privacy.
Receivers: The main service provider is wrkt*biz Reinhard Söllradl, 4070 Eferding, Austria, support@form.taxi
Deletion: We delete the data accruing in this context after storage is no longer required, or processing is restricted if there are legal retention obligations. The contents of the form submissions are stored for a maximum of 1 year.
Legal basis: § 6 (1) f GDPR (for processing in accordance with the above-mentioned legitimate interest)
2.2.3. Font Awesome (local embedding)
This website uses Font Awesome to ensure the uniform use of fonts on this site. Font Awesome is locally installed so that a connection to Fonticons, Inc.’s servers will not be established in conjunction with this application.
For more information on Font Awesome, please and consult the Data Privacy Declaration for Font Awesome under: https://fontawesome.com/privacy.
2.2.4. LinkedIn
This website uses elements of the LinkedIn network. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland.
Any time you access a page of this website that contains elements of LinkedIn, a connection to LinkedIn’s servers is established. LinkedIn is notified that you have visited this website with your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your LinkedIn account at the time, LinkedIn will be in a position to allocate your visit to this website to your user account. We have to point out that we as the provider of the websites do not have any knowledge of the content of the transferred data and its use by LinkedIn.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/help/linkedin/answer/a1343190/datenubertragung-aus-der-eu-dem-ewr-und-der-schweiz?lang=en.
For further information on this subject, please consult LinkedIn’s Data Privacy Declaration at: https://www.linkedin.com/legal/privacy-policy.
2.2.5. XING
This website uses elements of the XING network. The provider is the New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany.
Any time one of our sites/pages that contains elements of XING is accessed, a connection with XING’s servers is established. As far as we know, this does not result in the archiving of any personal data. In particular, the service does not store any IP addresses or analyze user patterns.
If your approval (consent) has been obtained the use of the abovementioned service shall occur on the basis of Art. 6 (1)(a) GDPR and § 25 TDDDG (German Telecommunications Act). Such consent may be revoked at any time. If your consent was not obtained, the use of the service will occur on the basis of our legitimate interest in making our information as comprehensively visible as possible on social media.
For more information on data protection and the XING share button please consult the Data Protection Declaration of Xing at: https://privacy.xing.com/en/privacy-policy.
2.2.6. TuCalendi
You can make appointments with us on our website. We use TuCalendi for booking appointments. The provider is Appload Solutions S.L., C. Bethencourt Alfonso, 38002 Santa Cruz de Tenerife, Spain (hereinafter “TuCalendi”).
To book an appointment, you enter the requested data and the desired date in the screen provided for this purpose. The data entered will be used for the planning, implementation and, if necessary, a follow-up appointment. The appointment data is stored for us on the servers of TuCalendi, whose privacy policy can be viewed here: https://www.tucalendi.com/en/privacy.
The data you have entered, will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Mandatory legal provisions, in particular retention periods, remain unaffected.
The legal basis for data processing is Art. 6 (1)(f) GDPR. The website operator has a legitimate interest in making it as uncomplicated as possible to arrange appointments with potential customers and existing clients. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.
Data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.
3. other functions and offers (within and outside the website)
In addition to the online use of our website, we offer various other services for which we also process your personal data in an offline context.
Deviating from 1.2., in some cases the company of the vidulus group is the responsible company for the functions and offers listed below, which has already been named to you in the course of the communication. Therefore, if sections of this privacy policy are referred to, e.g. via link, and a responsible company has already been named to you in the course of the communication, e.g. in the footer / signature of an email, this company is the responsible company according to. § 4 No. 7 GDPR.
3.1 contact / communication / cooperation
Purpose / Information: When communicating and/or cooperating with us, e.g. by e-mail, via a contact form on our website, via a data exchange platform, whether as a business partner or customer, the data you provide (your e-mail address, your name and telephone number, if applicable, or the specified personal data within the communication) will be stored by us, e.g. in order to answer your questions or to comply with the communication required for our business purposes.
When processing the data generated in the course of communication, we have a legitimate interest in processing the data in accordance with legal requirements, for internal review or in accordance with the respective communication request.
Receivers and Sources: In order to combat money laundering and terrorism, we are required by law to carry out a comparison with sanctions lists. Therefore, we also process your data to comply with legal requirements to match against these lists. Furthermore, we process your data in the vidulus group for the prevention and investigation of criminal offenses and other misconduct, assessment and management of risks, for internal communication and for related administrative purposes.
If an affiliated company reports working with you, we will share our experience of working with the affiliated company.
If you are a business partner, we will cross-check your data with published lists of misleading sellers (e.g., World Intellectual Property Organization warning lists and Bundesanzeiger Verlag GmbH) to make an informed decision about any payments.
If you are a business customer or partner, it may be necessary to transfer your personal data to prospective buyers as part of a corporate transaction. As a rule, anonymized data is processed as part of the due diligence process. If necessary, however, it may also be necessary to process personal data in a specific individual case. Our legitimate interest is based on the execution of the corporate transaction.
In addition, we transmit the data to the following recipients:
- Platform / hosting service providers.
Transfers to third countries are possible. As appropriate guarantees, so-called standard contractual clauses have been concluded in accordance with § 46 GDPR. For third countries/companies for which an adequacy decision exists, the adequacy decision also applies. Further information can be found here: “international dimension of data protection”.
Additional receiving parties can be found in section 1.4. on general receiving parties.
Deletion/objection: We delete the data accrued in this context again after the storage is no longer required, unless there are legal retention obligations or statutes of limitations must be observed.
Legal basis:
§ 6 (1) b GDPR (for processing in connection with a contract or a situation similar to a contract)
§ 6 (1) c GDPR (for processing in connection with a legal obligation)
§ 6 (1) f GDPR (for processing operations in accordance with the above-mentioned legitimate interest)
3.2 Mailing
Purpose/Information: As a selected customer or business partner, you will also receive individual product information, news notices and offers from us by mail (letter).
This is a special form of direct marketing, which is also our legitimate interest and intensifies the bond with the above-mentioned persons by providing them with exclusive information.
Receivers:
- platform / hosting service providers
- communication service providers
- shipping service providers
Transfers to third countries are possible. So-called standard contractual clauses pursuant to § 46 GDPR have been concluded as suitable guarantees. For third countries/companies for which an adequacy decision exists, the adequacy decision also applies. Further information can be found here: “international dimension of data protection”.
Additional receiving parties can be found in section 1.4. on general receiving parties.
Deletion/objection: Your provided data will be deleted as soon as you have unsubscribed, unless this conflicts with legal retention obligations or statutes of limitations. You can unsubscribe or object according to the process as described in the letter or in the Objection section below.
Legal basis: § 6 (1) f GDPR (legitimate interest).
3.3 Privacy policy for persons applying (recruiting)
For more information on the application process, please refer to the separate privacy policy for persons applying (recruiting).
4. objection or revocation against the processing of your data
If you have given your consent to the processing of your data, you may revoke it at any time. Such revocation will affect the permissibility of processing your personal data after you have expressed it to us.
Insofar as we base the processing of your personal data on the balance of interests, you can object to the processing. This is the case if the processing is not necessary, in particular, for the performance of a contract with you, which is presented by us in each case in the description of the functions and offers. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the situation and either discontinue or adjust the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us of your advertising objection using the contact details provided under „responsible company“.
B. privacy policy for persons applying (recruiting)
This privacy policy informs you about how we process your personal data when you apply for a job we have advertised. It also describes your data protection rights, including the right to object to some of the processing we do. For more information about your rights and how to exercise them, please see the “your rights” section.
This privacy policy applies in addition to our existing general privacy policy, which provides you with specific information on how we process your personal data in the context of website visits or non-application specific topics.
content
- responsible
- data collection
- type and purposes of the processing of personal data
- legal bases
- recipients of the data
- your rights
6.1. right to information
6.2. right to rectification or erasure
6.3. right to restriction of processing
6.4. right to data portability
6.5. right to object to processing - retention period
- admission to the applicant pool
- objection or revocation of your consent to the processing of your data
1. persons responsible
The person responsible for the processing of personal data within the meaning of § 4 (7) GDPR is the company named in the job advertisement.
The contact details of the person(s) responsible for data protection can be found
here.
2. data collection
As part of the selection process, we collect and process the following categories of personal data:
- contact details in your application profile (e.g. first and last name, e-mail, telephone number);
- information from the application form (this includes e.g. salary requirements, your motivation, information on disability (only if relevant for the advertised position);
- application documents (including e.g. CV, cover letter, career development data, qualifications and language skills);
- results of (video) interviews;
- if applicable, references that you provide to us.
We may also obtain the above data about you from other sources, including external business partners, e.g. recruitment companies. We may also receive data that you have made public on job-related social networks, such as LinkedIn, or that you submit to us through other websites, such as Monster Job Board, or from other publicly available sources (only if the data has relevance to your professional life). The purpose is to contact you about job offers or to verify the accuracy of your information from the application documents.
3. nature and purposes of the processing of personal data
Your personal data will be processed exclusively for the following purposes:
- to initiate and establish the employment relationship;
- to contact you should you be considered for an alternative position;
- if you have given us your consent, to ask you about your satisfaction with the application process;
- to contact you based on your unsolicited application;
- to send you personalized information about job openings in accordance with the consent you have given.
4. legal basis
We collect and process your personal data in order to offer advertised positions and to carry out the selection process. Providing your personal data as part of the application process is voluntary. However, the provision of personal data is necessary for the processing of your application or the conclusion of an employment contract with us.
If we obtain information from your public profile on professional social networks, we base the processing on our legitimate interest in forming a decision-making basis for establishing an employment relationship with you. The legal basis is § 6 (1) f) GDPR in conjunction with § 9 (2) e) GDPR.
If we invite you to participate in a survey about your satisfaction with the application process with us, the relevant legal basis is your consent pursuant to Section 26 BDSG in conjunction with § 7 GDPR.
Furthermore, we may process personal data about you insofar as this is necessary to defend asserted legal claims against us arising from the application process. The legal basis for this is § 6 (1) b) and f) GDPR. The legitimate interest is, for example, a duty to provide evidence in proceedings under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG).
5. recipients of the data
We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the framework of the purposes and legal bases set out above. For data processing in our online application for job applications, we have jointly determined the purposes and means of data processing. Therefore, the companies are jointly responsible for the processing of personal data. You can also request the deletion of your profile, as described in the section „retention period“”.
Furthermore, personal data may be processed on our behalf on the basis of contracts pursuant to § 28 GDPR, this in particular by providers of systems for applicant management and applicant selection procedures. There is no transfer of personal data to third parties if it is not related to the applicant management and applicant selection process or in addition to the purposes described in the section „type and purposes of the processing of personal data“.
Transfers may involve the transfer of personal data to recipients outside the European Union / European Economic Area. Standard contractual clauses have been concluded with these external service providers, unless they are based in countries with an adequacy decision pursuant to Art 45 GDPR.
For more information, see see “international dimension of data protection”.
We reserve the right, in the event of a legal obligation, to disclose information about you if the disclosure is required of us by lawful authorities or law enforcement bodies. The legal basis is § 6 (1) c) GDPR.
6. your rights
6.1 right to information
You have the right to information about the personal data stored about you in our company. To do so, please contact the responsible person named above.
6.2 right to correction or erasure
You can correct your personal data by sending an e-mail to e-mail@generatum.lu. You can also request the deletion of your data under certain conditions.
6.3 right to restriction of processing
Under certain conditions, you can request the restriction of the processing of your data, e.g. if the accuracy of your data is disputed and should be verified by us.
6.4 right to data portability
Under certain conditions, we will provide you with the data in a structured, common and machine-readable format.
6.5 right to object to processing
You may object to the processing of your data on the basis of our legitimate interests. Further information can be found in the section „objection or revocation of your consent to the processing of your data“.
In addition, you have the right to lodge a complaint with a supervisory authority at any time.
7. retention period
We store your personal data for a period of 6 months. This is necessary for the obligation to provide evidence in proceedings under the German General Equal Treatment Act (Allgemeines Gleichbehandlungsgesetz, AGG). Furthermore, we store your data for this duration in case of an alternative job advertisement for which you are a suitable person. You can request the deletion of your application profile or the withdrawal of your application by contacting us at e-mail@generatum.lu.
If your application is successful, we will retain your personal data throughout the duration of your employment in accordance with the Employee Privacy Policy, which we will provide to you upon acceptance of employment.
8. admission to the applicant pool
If we do not make you a job offer, you may be able to join our applicant pool. In case of admission, all documents and information from the application will be transferred to the applicant pool in order to contact you in case of suitable vacancies.
Admission to the applicant pool is based exclusively on your express agreement (Art. 6(1)(a) GDPR). The submission agreement is voluntary and has no relation to the ongoing application procedure. The affected person can revoke his agreement at any time. In this case, the data from the applicant pool will be irrevocably deleted, provided there are no legal reasons for storage.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been granted.
9. objection or revocation of your consent to the processing of your data
If you have given your consent (§ 6 (1) a GDPR) to the processing of your data (e.g. if you participate in a survey about your satisfaction with the application process), you may revoke this consent at any time. Such revocation will affect the permissibility of the processing of your personal data after you have expressed it to us.
Insofar as we base the processing of your personal data on the balance of interests (§ 6 (1) f GDPR), you may object to the processing. This is the case if the processing is in particular not necessary for the performance of a contract with you, which is described by us in the chapter „type and purposes of the processing of personal data“. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will review the merits of the case and either discontinue or adapt the data processing or show you our compelling legitimate grounds on the basis of which we will continue the processing.
C. privacy policy for social media
our social media appearances
This privacy policy applies to the following social media presence
Freelancer Community and Job Board DACH+L: https://www.linkedin.com/groups/13030040/
content
- data processing through social networks
- legal basis
- responsibility and assertion of rights
- storage time
- your rights
- individual social networks
1. data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.
Social networks such as Facebook, X etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered. In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.
Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.
Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.
2. legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).
3. responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.
4. storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions - in particular, retention periods - remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
5. your rights
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.
6. individual social networks
LinkedIn We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you want to disable LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
For details on how they handle your personal information, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.