Skip to main content

Privacy Policy | Datenschutzerklärung

How we process your data, and your rights.

Privacy Policy

Last updated: 09.04.2026

1. General Information

This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website www.generalyst.de.

The processing of personal data is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable German data protection laws, in particular the Bundesdatenschutzgesetz (BDSG) and the Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz (TDDDG).

2. Controller

The controller responsible for data processing on this website is:

Generalyst Recruiting UG (haftungsbeschränkt)

Represented by: Dominik Nitsch (Geschäftsführer)

Greifswalder Str. 208A, 10405 Berlin, Germany

Email: datenschutz@generalyst.de

3. Hosting

This website is hosted by Webflow. Webflow stores and processes data on servers that may be located within the European Union and/or the United States. Where data is transferred to the United States, the transfer is safeguarded by appropriate mechanisms such as the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).

A Data Processing Agreement (DPA) has been concluded with Webflow in accordance with Art. 28 GDPR.

4. Data Collection on This Website

a) Server Log Files

When you visit this website, information is automatically collected, including:

  • IP address
  • Browser type and version
  • Operating system
  • Referrer URL
  • Time of request

This data is used to ensure the stability and security of the website. It is not combined with other data sources.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest in the secure operation of the website)

b) Contact Forms

We use Typeform to collect data via forms on this website. Typeform is a service provided by TYPEFORM S.L., based in Spain (EU). If you contact us or submit information, we may collect:

  • Name
  • Email address
  • Message content
  • Any additional information you provide

This data is used solely to process your request.

Legal basis: Art. 6(1)(b) GDPR (contract performance or pre-contractual measures); Art. 6(1)(f) GDPR (legitimate interest)

5. Cookies

This website uses cookies. Cookies are small text files that are stored on your device when you visit a website.

We distinguish between:

  • Technically necessary cookies, which are required for the website to function properly. These are set without your consent on the basis of Art. 6(1)(f) GDPR.
  • Analytics and third-party cookies, which are only set after you have given your consent via our cookie banner, on the basis of Art. 6(1)(a) GDPR.

You can manage or revoke your cookie preferences at any time through the cookie settings on our website or through your browser settings.

6. Newsletter

If you subscribe to our newsletter:

  • We collect your email address and optionally your name
  • Subscription occurs via double opt-in
  • You can unsubscribe at any time via the link in each email

We use Kit (formerly ConvertKit), a service provided by Kit, Inc. (USA), to manage our newsletter. Your data will be transferred to the United States. This transfer is safeguarded by the EU-US Data Privacy Framework and/or Standard Contractual Clauses (SCCs). A Data Processing Agreement has been concluded with Kit.

Legal basis: Art. 6(1)(a) GDPR (consent)

7. Recruiting & Candidate Data

If you submit your profile or apply through our platform, we process personal data including:

  • CVs and employment history
  • Contact details
  • LinkedIn or other profile links
  • Salary expectations
  • Location preferences
  • Desired roles
  • Interview notes and evaluations
  • Free-text responses provided by you

This data is used to:

  • Match candidates with companies
  • Facilitate recruiting processes
  • Communicate with candidates and potential employers

Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures); Art. 6(1)(a) GDPR (consent, where applicable); Art. 6(1)(f) GDPR (legitimate interest in efficient recruiting processes)

Retention of candidate data: Candidate data is deleted 6 months after the conclusion of the respective recruiting process, unless you have given explicit consent to longer storage for future matching opportunities. You may withdraw this consent and request deletion at any time.

8. Company Data (Clients)

If companies submit hiring requests, we may process:

  • Contact details of company representatives
  • Company information
  • Hiring requirements and role descriptions

This data is used to provide recruiting services.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

9. Analytics

We use Google Analytics (GA4) to analyze website usage. Google Analytics uses cookies to collect information about how visitors interact with the website. This may include:

  • Pages visited
  • Time spent on the site
  • Technical information about your device

IP anonymization is enabled. Data processing only takes place after you have given your consent via the cookie banner.

Google Analytics is a service provided by Google Ireland Limited. Data may be transferred to the United States; this transfer is safeguarded by the EU-US Data Privacy Framework.

Legal basis: Art. 6(1)(a) GDPR (consent)

10. Third-Party Tools and Services

We use various third-party tools to operate our business and deliver our services. These providers may process personal data on our behalf. This includes:

  • Pipedrive (CRM system)
  • Notion (data management)
  • Slack (communication)
  • Google Workspace (email, documents, calendar)
  • Zapier (workflow automation)
  • Luma (event management)
  • Metaview (interview documentation)
  • Spott
  • AI tools such as ChatGPT (OpenAI), Gemini (Google), and Claude (Anthropic)

These tools are used for communication, data processing and automation, interview documentation and analysis, and internal workflows.

Data Processing Agreements (DPAs) have been concluded with all providers in accordance with Art. 28 GDPR.

11. International Data Transfers

Some of the third-party service providers listed above are based outside the European Economic Area (EEA), in particular in the United States. Where personal data is transferred to countries outside the EEA, we ensure that appropriate safeguards are in place, including:

  • The EU-US Data Privacy Framework, where the recipient is certified
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other appropriate safeguards as required under Art. 46 GDPR

You may request a copy of the relevant safeguards by contacting us at the email address provided above.

12. Events

We organize digital events and use Luma for registration and management. When registering, we may process:

  • Name
  • Email address
  • Participation data

This data is used solely for event organization and communication.

Legal basis: Art. 6(1)(b) GDPR (contract performance)

13. Data Retention

We retain personal data only as long as necessary for the purposes described above or as required by law. Specific retention periods include:

  • Candidate data: 6 months after conclusion of the recruiting process, unless explicit consent for longer storage has been given
  • Business records and invoices: retention as required by German commercial and tax law (typically 6–10 years under HGB and AO)
  • Newsletter data: until you unsubscribe
  • Analytics data: as configured in the analytics tool (typically 14 months for Google Analytics)

14. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15 GDPR)
  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to object to processing based on legitimate interest (Art. 21 GDPR)
  • Right to withdraw consent at any time (Art. 7(3) GDPR), without affecting the lawfulness of processing prior to withdrawal

Right to lodge a complaint: You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for our company is:

Berliner Beauftragte für Datenschutz und Informationsfreiheit

Friedrichstraße 219

10969 Berlin

https://www.datenschutz-berlin.de

15. Data Security

We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, or misuse, in accordance with Art. 32 GDPR.

16. Updates

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or legal requirements. The date of the most recent update is indicated at the top of this document.