Zum Hauptinhalt springen

Privacy Policy

1. Data protection at a glance

General information

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to personally identify you. For detailed information, please refer to the subsequent sections of this privacy policy.

Data Collection on this website

Who is responsible for data collection on this website?

Data processing on this website is carried out by the website operator. You can find the operator’s contact details in the section “Information on the Controller” in this privacy policy.

How do we collect your data?

Your data is collected, on the one hand, when you provide it to us (e.g. data entered into a form).

Other data is collected automatically or with your consent by our IT systems when you visit the website (e.g. technical data such as browser type, operating system, or time of the page request).

What do we use your data for?

Some of the data is collected to ensure the error-free provision of the website. Other data may be used to analyse your user behaviour or to process enquiries, pre-contractual measures, and contract performance.

What rights do you have regarding your data?

You have the right to obtain information, rectification, erasure, restriction of processing, data portability, and to object to certain types of processing free of charge at any time. You may revoke any consent you have given at any time with effect for the future.

2. Hosting

We host the contents of our website with the following provider:

Mittwald

The provider is Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp.

The use of Mittwald is based on Art. 6(1)(f) GDPR (legitimate interest in a reliable presentation of our website). Where a corresponding consent has been requested (e.g. for cookies or similar technologies), processing is additionally based on Art. 6(1)(a) GDPR and Section 25(1) TDDDG. A data processing agreement has been concluded.

3. General information and mandatory disclosures

Data protection

We treat your personal data confidentially and in accordance with the applicable data protection regulations. Please note that data transmission over the Internet may be subject to security vulnerabilities.

Information on the controller

The controller responsible for data processing on this website is:

Xenagos GmbH
Rennbahnstraße 72–74
60528 Frankfurt am Main

Phone: +49 69 204 563 0
Email: info@xenagos.de

Data protection officer

Datenschutz Mitte
Emilienstraße 15
99817 Eisenach

Phone: +49 152 292 837 97
Email: info@dsb-mitte.de

Storage duration

Unless a more specific storage period has been stated within this privacy policy, your personal data will remain with us until the purpose for the data processing no longer applies or you submit a legitimate request for deletion. Statutory retention periods remain unaffected.

Legal bases for data processing

Depending on the purpose, we process your data on the basis of Art. 6(1)(a) GDPR (consent), Art. 6(1)(b) GDPR (contract/pre-contractual measures), Art. 6(1)(c) GDPR (legal obligation) or Art. 6(1)(f) GDPR (legitimate interest). Where consent is given to access terminal device information, Section 25(1) TDDDG additionally applies. Consent may be revoked at any time.

Recipients of personal data

In the course of our business activities, we may transfer data to external service providers (e.g. IT, hosting, communications) where this is necessary or where a legal basis exists. Data processing agreements pursuant to Art. 28 GDPR have been concluded with data processors.

Right to lodge a complaint, data portability, SSL/TLS

You have the right to lodge a complaint with a supervisory authority. You have the right to data portability insofar as the processing is based on consent or a contract and is carried out by automated means. This website uses SSL/TLS encryption to protect confidential content.

4. Data collection on this website

Cookies

Our pages use cookies. Session cookies are automatically deleted at the end of your visit; persistent cookies remain until you or your browser delete them. Depending on their type, cookies are used on the basis of Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest).

Consent management with Borlabs Cookie

We use Borlabs Cookie to manage your consents. The provider is Borlabs GmbH, Germany. A technically necessary cookie is stored to document your consents. The legal basis is Art. 6(1)(c) GDPR in conjunction with Section 25 TDDDG and Art. 6(1)(f) GDPR.

Server log files

The provider of this website automatically collects information in server log files (browser type, referrer URL, time of request, IP address, etc.). The legal basis is Art. 6(1)(f) GDPR (technical provision and security).

Contact form / enquiries by Email or phone

When you contact us, we process the data you provide to handle your enquiry. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) or Art. 6(1)(f) GDPR (legitimate interest).

5. Analytics tools and advertising

Google Tag Manager

We use Google Tag Manager (provider: Google Ireland Ltd.). The service does not set cookies itself and is used to manage tags. The legal basis is Art. 6(1)(a) GDPR insofar as consent-dependent tags are managed.

Google Analytics

We use Google Analytics (provider: Google Ireland Ltd.) for reach measurement. Cookies and similar technologies are used. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG. Data transfers to the USA are based on the Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework (DPF).

Google AdSense / Google Ads Remarketing

We use Google AdSense and Google Ads Remarketing. The provider is Google Ireland Ltd. The use is based on your consent (Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG). You can adjust personalised advertising settings in your Google account.

LinkedIn

We use advertising features of the LinkedIn platform (provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland). These include, in particular, Sponsored Content, Sponsored Messaging, and Lead Gen Forms within the LinkedIn Campaign Manager.

Joint Controllership (Art. 26 GDPR)

For certain processing activities – in particular the analysis of campaign performance and page statistics – we and LinkedIn are joint controllers within the meaning of Art. 26 GDPR. The essential content of the joint controllership arrangement is available at https://legal.linkedin.com/pages-joint-controller-addendum. The central contact point for the exercise of data subject rights vis-à-vis LinkedIn is LinkedIn Ireland.

Lead Gen Forms

If you complete a Lead Gen Form via a LinkedIn ad, data stored in your LinkedIn profile (e.g. name, email address, company, position) will be transmitted to us. The legal basis is your consent pursuant to Art. 6(1)(a) GDPR, which you grant by actively submitting the form. You may revoke this consent at any time with effect for the future.

Purpose and Legal Basis

The processing serves the targeted approach of potential candidates and clients as part of our business activities as a recruitment consultancy. Where no consent has been given, we base the processing on our legitimate interest in effective marketing pursuant to Art. 6(1)(f) GDPR.

Storage duration

Data collected via Lead Gen Forms will be deleted once it is no longer required for the purpose for which it was collected, but no later than 6 months after collection, unless a business relationship is established or you have consented to longer storage.

Data Transfers to the USA

LinkedIn may transfer data to the USA. LinkedIn is certified under the EU-US Data Privacy Framework. In addition, the EU Standard Contractual Clauses apply. Further information on data protection at LinkedIn can be found at https://www.linkedin.com/legal/privacy-policy.

6. Plugins and Tools

Google Fonts (local hosting)

For the uniform display of fonts, we use locally hosted Google Fonts. No connection is made to Google servers.

Google Maps

This website uses Google Maps (Google Ireland Ltd.). When the map is accessed, data (including your IP address) may be transferred to Google in the USA. The legal basis is Art. 6(1)(f) GDPR (interest in an appealing presentation) or, where consent has been given, Art. 6(1)(a) GDPR in conjunction with Section 25(1) TDDDG.

7. Audio and video conferencing

Data processing, purpose, legal bases

For communication with customers and prospective clients, we use online conferencing tools (e.g. Google Meet), among others. Contact data, metadata and – depending on usage – content data are processed. The legal basis is Art. 6(1)(b) GDPR (contract/pre-contractual measures) or Art. 6(1)(f) GDPR (communication efficiency). Where consent has been requested, it may be revoked at any time.

Storage duration / data processing agreements

Data collected directly by us will be deleted once the purpose ceases to apply or you object; statutory retention periods remain unaffected. Data processing agreements pursuant to Art. 28 GDPR have been concluded with the tool providers where required.

8. Own services

Handling of candidate and applicant data

a) Filling positions on behalf of clients

The controller collects and processes personal data of candidates solely for the purpose of carrying out recruitment procedures on behalf of its clients. Processing may also be carried out electronically, in particular when documents are submitted by email or via a provided web form.

In addition, data may be stored in a candidate pool in order to consider candidates for future suitable positions. Such data is stored only for as long as necessary to achieve this purpose and in compliance with data protection requirements.

When data is transmitted, candidates are informed about this privacy policy and asked for their consent. This consent may be revoked at any time with effect for the future.

Disclosure to third parties is made only after prior information about the position concerned and only if the data subject has given their express consent. This consent may also be revoked at any time.

b) Internal positions

For internal positions, the controller collects and processes personal data solely for the purpose of conducting the application procedure. Processing may also be carried out electronically, in particular for applications submitted by email or via a web form.

If an employment relationship is established, the data will be further processed for the purposes of that relationship in accordance with statutory requirements. If no contract is concluded, the data will be deleted after the completion of the selection process as soon as its further storage is no longer required. Continued storage may take place where necessary to safeguard legitimate interests – for example in connection with statutory documentation or defence obligations.

Contact for data protection matters

For questions or to exercise your rights, please contact us at:

Email: info@xenagos.de | Phone: +49 69 204 563 0