I come from the field of and I am interested in

Data Privacy of the Company Website and Portals of genua

The following data privacy information is to be provided pursuant to Art 13 et seq. GDPR when collecting personal data when visiting our website.

genua GmbH
Domagkstraße 7
85551 Kirchheim bei München
Germany

represented by its managing directors Matthias Ochs and Marc Tesch.

genua GmbH (hereinafter "genua") attaches particular importance to the protection of your personal data. We are glad to transparently explain what data we process when you visit our website and the genua partner portal (https://partner.genua.de/en/).

Personal data is individual information that makes a person directly or indirectly identifiable, such as a name or a postal address. Personal data may be processed in the following cases:

A) ACCESS DATA/ SERVER LOG FILES

For technical reasons, genua processes a limited amount of data (so-called connection data) each time the website is accessed. This data is technically necessary to establish and carry out a connection between your terminal device and our servers. The processing is based on Art. 6 para. 1 p. 1 lit. f) GDPR. The following data or data categories may be collected in the process:

  • Name of the website that is accessed

  • Time and date of access

  • Browser type and version

  • The user operating system

  • Referrer URL (the previously visited page)

  • IP address

This log data is only processed for statistical evaluations for the purpose of operation, security and optimization of the offer. However, we reserve the right to subsequently review the log data if there is a justified suspicion of unlawful use based on specific indications.

This data is deleted or anonymized after the end of the connection and is therefore not used to create user profiles.

B) NEWSLETTER (GENULETTER)

We would like to send you regular offers, news and other interesting information by e-mail. If you are interested, you can register for our newsletter. All you have to do is fill in the mandatory information marked with an asterisk and confirm that you want to subscribe to genuletter by checking the box. Subsequently, you will receive an activation link to the specified e-mail address, which you can confirm with one click. Alternatively, you can copy the link and access it via the address bar of your web browser. In this way you complete the registration and agree to receive the newsletter. (Double opt-in procedure)

Your data will be processed exclusively for sending the newsletter. The processing is based on Art. 6 para. 1 p. 1 lit. a) GDPR. The following personal data is processed during registration and when receiving and using the newsletter:

  • E-mail address

  • Title

  • Last name

  • First name (optional)

  • Company (optional)

You can revoke your consent at any time and without giving reasons. For this purpose, you have two options to choose from:

  1. You can unsubscribe from our newsletter by clicking on the "unsubscribe" link found in every newsletter.

  2. You can send an informal e-mail with your unsubscribe request to redaktion@genua.de.

  3. You can visit our unsubscribe page to unsubscribe from the mailing list.

Upon receipt of your revocation, genua will no longer send you newsletters in the future and, if necessary, delete your data collected during registration.

C) COOKIES

Cookies are text files that allow device-specific information to be stored on the end device used.

Cookies that are necessary to carry out the electronic communication process (necessary cookies) are stored on the basis of Art. 6 para. 1 p. 1 lit. f) GDPR. genua has a legitimate interest in storing cookies for the technically error-free and optimized provision of its services. The legal basis for storing information in the end user's terminal equipment is Section 25 para. 2 (2) TTDSG (German Telecommunications and Telemedia Data Protection Act). The use of session cookies is absolutely necessary so that we, as the provider of the genua websites (telemedia service), can provide this expressly requested telemedia service. If consent to the storage of cookies has been requested, the storage of the cookies in question will be based exclusively on this consent (Art. 6 para. 1 p. 1lit. a) GDPR and Section 25 para. 1 TTDSG); consent can be revoked at any time.

D) MATOMO

genua uses the privacy-friendly web analytics tool Matomo to learn more about user behavior on the website and to use this knowledge to continuously improve the website. Matomo uses cookies for this purpose in which device-specific information (IP address, browser type, operating system, country of origin) and information on user behavior are stored anonymously. As Matomo is operated directly on genua's servers, this process does not transmit personal data to third parties. The processing is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a) GDPR and Section 25 para. 1 TTDSG. The user can revoke his consent at any time via the cookie settings. Matomo is disabled when you visit our website. Only if you actively consent, your usage behavior will be recorded.

E) CONTACT FORMS

genua provides you with the option to make general contact within the framework of the company website. If you wish to use these offers, you will be asked to enter personal data that is required to process your request. In this context, genua collects your last name and e-mail address (mandatory information) and, if applicable, your title, first name, telephone number, company, postal address (optional information). It is your free decision whether you use these offers and enter your data. genua collects this data in order to be able to use a personal approach when communicating with you. The legal basis for data processing is Art. 6 para 1 p. 1 lit. f) GDPR. This results from the economic, conceptual and technical interest in the provision and use of a contemporary information medium as well as to answer your inquiry.

F) SOCIAL MEDIA ACTIVITIES – LINKEDIN AND XING/KUNUNU AND TWITTER AND YOUTUBE COMPANY WEBSITE

To ensure that we reach our potential future colleagues in the best possible way, we maintain a company page on popular business networks. The following data privacy information therefore applies to the processing of personal data within the portals.

Social networks are only integrated on our website as a link to the corresponding services. After clicking on the embedded text/image link, you will be redirected to the page of the respective provider. User information is only transmitted to the respective provider after forwarding. For information on the handling of your personal data when using these websites, please refer to the respective data privacy policies of the providers you use.

a) LinkedIn

When you visit our LinkedIn company page, follow our page or engage with the page, LinkedIn processes personal data about this interaction, which enables us to evaluate user behavior by means of statistics. This involves the so-called "Page Insights" function. For these statistical analyses, LinkedIn primarily processes data that you have provided to the platform via information within your profile. In addition, LinkedIn processes information about how you interact with our LinkedIn company page, such as whether you are a follower of our LinkedIn company page. When we organize so-called "polls", i.e. release topic-related surveys on our company website, we see evaluations of the voting behavior for this purpose.

LinkedIn does not provide us with any personal data via Page Insights. We only have access to summarized Page Insights that do not allow us to draw conclusions about individual members.

The processing of personal data in the context of Page Insights is carried out by LinkedIn and us. The evaluation of the actions on our LinkedIn company page supports the constant efforts to align our public relations with the needs of our users. The legal basis for this processing is Art. 6 para 1 lit. f) GDPR.

In principle, the company is solely responsible under data privacy law for the processing of personal data within the LinkedIn platform. You can obtain further information about the processing of personal data by LinkedIn here. Please note that LinkedIn processes personal data in the USA or other third countries. LinkedIn transfers personal data only to countries for which an adequacy decision has been issued by the European Commission in accordance with Art. 45 GDPR or on the basis of appropriate safeguards pursuant to Art. 46 GDPR.

b) Twitter

We make use of the option for corporate presence in the Twitter network (Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, Ireland).

On our company page, we provide information and offer Twitter users the opportunity to communicate. If you perform an action on our Twitter corporate presence (e.g. comments, posts, likes, etc.), you may thereby make public personal data such as the plain name or photo of your user profile. However, since we generally or to a large extent have no influence on the processing of your personal data by the companies jointly responsible for the Twitter corporate presence, we cannot provide any binding information on the purpose and scope of the processing of your data.

Our company presence in social networks is used for communication and information exchange with (potential) customers. In this context, publications about the corporate presence may include the following content:

  • Information about products

  • Information about services

  • Competitions

  • Advertising

  • Customer contact

Every user is free to publish personal data through activities. The legal basis for data processing is Art. 6 para. 1 p. 1 lit. a) GDPR.

The data generated by the corporate presence is not stored in our own systems. You can object at any time to the processing of your personal data that we collect in the course of your use of our Twitter corporate presence and exercise your data subject rights set out in Section 8 of this privacy policy. To do so, send us an informal e-mail to datenschutz@genua.de.

You can find more information on the processing of your personal data by Twitter and the corresponding objection options here:  https://twitter.com/en/privacy

c) XING and kununu

Our XING company page is provided on the platform of the company New Work SE, Dammtorstraße 30, 20354 Hamburg. If you visit our site and are logged into your XING account at the same time, XING can associate your visit to our website with your XING account. If you log out beforehand, such a link cannot be created by XING. The way in which XING collects and processes your data and the purposes for which this is done can be found in XING's privacy policy, which you can find here.

When you visit the service, cookies and similar technologies such as pixels may be used to collect information about your use of the service and to provide you with features. In addition, advertisers or other XING partners may provide cookies or similar technologies on your device. You have the option to restrict the processing of your data in the privacy settings of your profile. Information on the privacy settings can be found here.

Depending on the mobile device, you can restrict the service's access to contact and calendar data, photos, location data, etc. in the settings options. However, this depends on the operating system used.

We process data entered by you on XING via our company page on the XING platform, in particular your (user) name. We process the content published under your account by sharing your posts or when we respond to them. We could also write posts that link to your profile and your content, thereby drawing the attention of our "followers".

The legal basis for this data processing is Art. 6 para 1 lit. f) GDPR. Our legitimate interest is the interaction with potential employees and the presentation of genua within the network. You can object to this data processing at any time. For more information, see the heading "Data subject rights" below.

Kununu is also a brand operated by New Work SE. As a user of kununu, you can request the data that is stored about you in this application via the following link: https://www.kununu.com/user/inquiry. Further information on data processing within the scope of the entire XING service and its applications (such as kununu, among others) can be found in the XING Privacy Policy.

d) YouTube account

We make use of the option for corporate presence on YouTube (Google Ireland Limited, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland).

On our company page, we provide information and offer YouTube users the opportunity to communicate. If you perform an action on our YouTube corporate presence (e.g. comments, posts, likes, etc.), you may thereby make public personal data such as the plain name or photo of your user profile.

Our company presence in social networks is used for communication and information exchange with (potential) customers. In particular, we use the corporate presence to provide information about products and services.

If you are logged into your YouTube account during your visit, Google can associate your website visit with this account. This information is transmitted directly to Google and stored there.

The legal basis for this processing of personal data is Art. 6 para 1 p.1 lit. f) GDPR.

You can object at any time to the processing of your personal data that we collect in the course of your use of our YouTube corporate presence and exercise your data subject rights set out in Section 8 of this privacy policy. You can find more information on the processing of your personal data by YouTube and the corresponding objection options here: https://policies.google.com/privacy?gl=DE&hl=en

G) YOUTUBE VIDEO INTEGRATION

Our website links to YouTube videos. The provider of the video platform is Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland. The video will only be opened and played externally on YouTube when you click on the corresponding preview image. YouTube is independently responsible for data processing. We do not share any personal data with YouTube.

When using YouTube, personal data is usually transferred to a Google server in the USA and stored there. We therefore wish to point out that it cannot be ensured that the data processing will be carried out with the same level of protection as within the EU. In this respect, to our knowledge, there is in any case a risk that you will only be able to enforce your rights as a data subject with difficulty and that state security authorities will access data disproportionately. In addition, there is a lack of data privacy supervision. We expressly point this out. For more information on the handling of user data, please refer to the Google Privacy Policy.

H) WHISTLEBLOWER PORTAL

a) Purpose and legal basis of data processing

Through our whistleblower tool, genua ensures greater protection for whistleblowers who want to report violations of EU or German law. Through this tool, genua has established a secure channel for whistleblowing. The purpose of processing personal data is to manage genua's whistleblower system, including the detection of serious violations or potential violations of German or EU law or other serious matters.

The processing of personal data is necessary for compliance with a legal obligation to which genua is subject, cf. Art. 6 para. 1 p. 1 lit. c) DSGVO. This is the German Law for Better Protection of Whistleblowers and for the Implementation of the Directive on the Protection of Persons Reporting Breaches of Union Law, which transposes the EU Directive "Directive on the Protection of Persons Reporting Breaches of Union Law" (2018/0106 COD) into national law.

In addition, the processing is necessary to protect genua's legitimate interest in detecting serious violations or potential violations of German or EU law or other serious matters that override the interests or fundamental rights and freedoms of the data subject, cf. Art. 6 para. 1 p. 1 it. ) GDPR.

As far as the processing of special categories of personal data is concerned, the processing is necessary for reasons of substantial public interest on the basis of the Law for Better Protection of Whistleblowers and for the Implementation of the Directive on the Protection of Persons Reporting Breaches of Union Law, cf. Art. 9 para. 2 lit. g)GDPR. In addition, the processing of special categories of personal data is necessary for the establishment, exercise or defense of legal claims, see Art. 9 para. 2 lit. f) GDPR in conjunction with Art. 6 para. 1 p. 1 lit. f) GDPR.

The processing is also necessary for the performance of a task carried out in the public interest, cf. Art. 6 para. 1 p 1 lit. e) GDPR.

The data subjects are primarily the persons to whom the reporting relates, including employees, partners or other persons professionally associated with genua, depending on who is mentioned in the notification. Moreover, genua processes personal data about the reporting person if the reporting person submits his or her contact information or other information from which the reporting person can be directly or indirectly identified. As the reporting person, you must therefore be aware that genua may process personal data about you in connection with the processing of the reported case.

Reporting can be done 100% anonymously. In this case, no personal data of the reporting person will be processed.

The categories of personal data that are processed depend on the information reported. If the reporting person reports personal data about another person, including the reported person or persons, genua also processes this personal data. Which personal data are processed in this case depends on which personal data are included in the report. The following categories of personal data may be processed:

  • General personal data (name, address, e-mail address, telephone number, position, etc.)

  • Personal data on criminal convictions or the suspicion of such activity

  • Special categories of personal data (information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, data concerning health, and data concerning a person's sex life or sexual orientation)

genua advises the reporting person to report only information that is of specific relevance to the reported case and, in particular, not to report information about criminal offenses and special categories of personal data unless this is of central importance to the processing of the reported case.

b) Obligation to provide personal data

There is no obligation to provide the personal data listed under Section 3, as reports can also be made anonymously. However, it may not be possible for genua to process the report without providing the personal data.

c) Recipients of personal data

The reports are created in the Internal Audit department of Bundesdruckerei Gruppe GmbH as a ticket in the WhistleB system, made available as a system message to genua's management and evaluated by them. After the assessment, the system messages are passed on internally to genua's Compliance Officer, who processes them. The reason for this being forwarded is that only the respective management can decide on any follow-up measures, not the Internal Audit department of Bundesdruckerei Gruppe GmbH. In this context, personal data is only passed on for a specific purpose and in accordance with the principle of data minimization, i.e. only the personal data that is absolutely necessary to process the report is passed on.

genua discloses personal data about the reporting person to public authorities if this is necessary to deal with serious violations or serious matters or to ensure the right of defense of the data subjects. In other cases, genua discloses personal data about the reporting person only with the consent of the reporting person. genua will only disclose personal data about persons other than the reporting person as part of the follow-up of a reported case or to deal with serious violations or serious matters.

genua uses the tool from Bundesdruckerei Gruppe GmbH, which in turn cooperates with the Swedish software manufacturer WhistleB, Whistleblowing Centre AB. As this involves order processing within the meaning of Art. 28 GDPR by Bundesdruckerei Gruppe GmbH, we have concluded an order processing agreement in accordance with the statutory provisions. For more information on WhistleB, Whistleblowing Centre AB, please visit: report.whistleb.com/content/documents/whistleb_terms_of_use.pdf

d) Storage period

Personal data that proves to be irrelevant to genua's processing of a reported case, as well as reports that genua deems to be unfounded or that do not fall within the scope of the whistleblower regu

relevant" and any existing personal reference (unless it is already an anonymous report) is removed. In order to ensure the legally required documentation obligation or legal deletion period from Section 11 para. 1, para. 5 HinSchG (the German Whistleblower Protection Act), this report is then initially archived (without personal reference), but not yet deleted. Archived cases are used exclusively to fulfill documentation obligations and can therefore no longer be called up by the system for processing.

Reports and personal data that genua collects in the course of processing a report that forms the basis for further processing will be anonymized as soon as possible. However, should the need arise for follow-up measures within the meaning of Section 3 (8), 18 HinSchG, it is possible that the anonymization must be deviated from, for example, due to an official order or to secure legal claims. In this case, pseudonymization is generally aimed for and implemented, unless otherwise specified (e.g., by a court order). Once the processing of the information is complete, either anonymization or pseudonymization is performed and the reports are archived and deleted two years after the case is closed, i.e., on the date genua made a decision in the case, unless special circumstances or legal as well as regulatory requirements require a shorter or longer period.

Personal data may be transferred to the following categories of recipients:

  • Public bodies, due to legal regulations.

  • Affiliated companies, for the purpose of fulfilling the contract or providing the offers of the information society.

  • Processor within the meaning of Art. 28 GDPR in the course of order processing.

  • Other third parties in the course of the transfer of functions.

Personal data is not transferred to countries outside the European Union or the EEA, unless otherwise stated.

Your personal data will not be processed for the purpose of making automated individual decisions, including profiling, according to Art. 22 para. 1 and 4 GDPR.

genua takes the legally required technical and organizational measures to protect personal data from loss, destruction, manipulation and unauthorized access.

Personal data will only be stored for as long as is necessary to fulfill the purposes stated here or as defined by the retention periods stipulated by the legislator. After the respective purpose ceases to apply or after the retention periods have expired, the data will be deleted in accordance with the statutory provisions.

You have the option to make use of your "data subject rights" at any time:

  • Right of access pursuant to Art. 15 GDPR.
  • Right to rectification pursuant to Art. 16 GDPR.
  • Right to erasure pursuant to Art. 17 GDPR.
  • Right to restriction of processing pursuant to Art. 18 GDPR.
  • Right to data portability pursuant to Art. 20 GDPR.
  • Right to object pursuant to Art. 21 GDPR.
  • Right to revoke consent at any time with effect for the future. In this context, the revocation applies only for the future and does not affect the lawfulness of the processing of personal data until the revocation.

If you wish to exercise your rights, please send your request by e-mail to datenschutz@genua.de or by letter to the address given in Section 1. In addition, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 para. 1 GDPR. For further information, please contact your local supervisory authority.

Christian Volkmer

Projekt 29 GmbH & Co. KG
Ostengasse 14
93047 Regensburg (Germany)
Phone: + 49 941 2986930
E-Mail: anfrage@projekt29.de

As at: December 2022