1) Introduction and Contact Information of the Data Controller
1.1 We are pleased that you are visiting our website and thank you for your interest. Below, we provide information about how we handle your personal data when you use our website. Personal data includes all information that can be used to identify you personally.

1.2 The data controller responsible for processing personal data on this website under the General Data Protection Regulation (GDPR) is:

Genillard & Co. GmbH
Ismaninger Str. 102
81675 München
Germany

Phone: +49 89 2060688-0
Fax: +49 89 206068888
Email: info@genillard-co.eu

The data controller is the natural or legal person who determines, alone or jointly with others, the purposes and means of processing personal data.

1.3 The controller has appointed a Data Protection Officer, who can be contacted as follows:

Nico Isenbeck, elb-BIT GmbH
Address: Junkersdamm 6, 22335 Hamburg
Phone: +49 40 238 329 10
Email: datenschutz@elb-bit.de

2) Data Collection When Visiting Our Website
2.1 When you use our website for informational purposes only, meaning you do not register or otherwise transmit information to us, we collect only the data your browser transmits to our server (so-called “server log files”). When you access our website, we collect the following data necessary to display the website:

The website you visited
Date and time of access
Amount of data sent in bytes
Source/referrer from which you arrived at the site
Browser used
Operating system used
IP address used (if applicable, anonymized)

The processing is carried out under Article 6(1)(f) GDPR based on our legitimate interest in improving the stability and functionality of our website. This data will not be disclosed or used for other purposes. However, we reserve the right to review server log files if there are concrete indications of unlawful use.

2.2 This website uses SSL or TLS encryption for security reasons and to protect the transmission of personal and confidential data (e.g., orders or inquiries). You can recognize an encrypted connection by the “https://” prefix and the lock symbol in your browser.

3) Cookies
To make our website more attractive and enable the use of certain functions, we use cookies, which are small text files stored on your device. Some cookies are deleted when you close your browser (“session cookies”), while others remain on your device and allow the website to remember your settings (“persistent cookies”). The storage duration can be found in your browser’s cookie settings.

If cookies process personal data, this processing occurs under:

Article 6(1)(b) GDPR for contract execution,
Article 6(1)(a) GDPR upon your consent,
Article 6(1)(f) GDPR to protect our legitimate interests in the optimal functionality of the website and user-friendly design.

You can configure your browser to notify you about cookies, decide individually whether to accept them, or generally refuse cookies. However, please note that refusing cookies may limit the functionality of the website.

4) Contacting Us
When you contact us (e.g., via contact form or email), personal data will be collected. The specific data collected depends on the form used. This data is stored and used exclusively to respond to your inquiry or for technical administration purposes.

The legal basis for this processing is our legitimate interest in responding to your inquiry under Article 6(1)(f) GDPR. If your inquiry aims at concluding a contract, Article 6(1)(b) GDPR also serves as a legal basis. Your data will be deleted after your inquiry has been processed, provided there are no statutory retention obligations.

5) Web Analytics Services
Matomo
This website uses a web analytics service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand (“Matomo”).

Pseudonymized user profiles may be created and analyzed for the same purpose. Cookies may be used for this purpose. Cookies are small text files stored locally in the browser cache of the website visitor. Cookies enable the recognition of the browser.

The pseudonymized data generated by cookies is not used to personally identify visitors and is not combined with personal data of the pseudonym’s holder.

If data is transmitted to the provider’s servers and the service is not locally hosted on our servers, we have entered into a data processing agreement with the provider to ensure data protection and prohibit unauthorized sharing with third parties.

All processing described above, especially the use of cookies, occurs only if you have provided your explicit consent under Article 6(1)(a) GDPR. Without your consent, Matomo will not be activated during your visit.

You can withdraw your consent at any time by disabling the service in the website’s cookie consent tool.

Data is transmitted to the provider only if the service is not hosted locally on our servers. If hosted locally, no data is transferred to the provider. For data transfers to New Zealand, the European Commission has issued an adequacy decision confirming compliance with European data protection standards.

 

 

6) Website Functionalities
6.1 LinkedIn Plugins

Our website uses plugins from the social network provided by the following entity: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

These plugins enable direct interaction with content on the social network. To protect your data during your visit to our website, the plugins are initially deactivated and embedded on the page using the so-called “2-click” or “Shariff” solution. This ensures that no connection to the provider’s servers is established when a page containing such plugins is loaded. Only after you activate the plugins and thus give your consent to data transmission in accordance with Article 6(1)(a) GDPR will your browser establish a direct connection to the provider’s servers.

In this process, information about your device (e.g., your IP address), your browser, and your browsing history may be transmitted to and processed by the provider regardless of whether you are logged into an existing user profile. If you are logged into an existing user profile on the social network, information about interactions via the plugins will also be published there and shared with your contacts. You can withdraw your consent at any time by deactivating the activated plugin by clicking again. The withdrawal will not affect data already transmitted to the provider. Data may also be transmitted to LinkedIn Inc., USA.

We have entered into a data processing agreement with the provider to ensure the protection of our website visitors’ data and prevent unauthorized disclosure to third parties. For data transfers to the USA, the provider relies on the European Commission’s Standard Contractual Clauses to ensure compliance with European data protection standards.
6.2 X-Plugins (Twitter)

Our website uses plugins from the social network provided by: Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland.

These plugins enable direct interaction with content on the social network. Similar to LinkedIn plugins, they are initially deactivated using the “2-click” or “Shariff” solution to protect your data. No connection to the provider’s servers is made until you activate the plugins and give your consent in accordance with Article 6(1)(a) GDPR.

When activated, your browser establishes a direct connection to the provider’s servers, transmitting data (e.g., IP address, browser details, browsing history) which may be processed regardless of login status to an existing user profile. If logged into your account, interaction details are published there and visible to your contacts. Consent can be revoked at any time by deactivating the plugin. Data transfers may also involve X Corp., USA.

We have entered into a data processing agreement with the provider to ensure compliance with data protection regulations, including safeguarding visitors’ data from unauthorized third-party access. The provider relies on the European Commission’s Standard Contractual Clauses for transfers to the USA.
6.3 hCaptcha

This website uses the CAPTCHA service from: Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA.

This service determines whether an input is made by a human or automated processing, protecting against spam, DDoS attacks, and other malicious activities. To ensure the action is performed by a human, the provider collects the IP address of the device, browser, and operating system identifiers, as well as visit date and duration. This information is evaluated by the provider’s servers.

The processing is based on our legitimate interest under Article 6(1)(f) GDPR in preventing misuse and ensuring secure internet interactions. A data processing agreement ensures compliance with data protection regulations, with data transfers to the USA adhering to the European Commission’s Standard Contractual Clauses.
6.4 Applications via Email

Job vacancies listed on our website can be applied for via email. Applicants must provide all necessary personal data (e.g., name, address, contact details) and, where applicable, health-related information.

Data is processed solely for application review purposes and is stored securely. Following the conclusion of the application process, unselected applicants’ data is deleted within six months unless further legal retention obligations apply.
6.5 Online Applications via Form

Applicants may also submit applications through an online form on our website. Data is securely transmitted and processed exclusively for application purposes, following similar principles as email applications.

7) Tools and Miscellaneous
Cookie Consent Tool

This website uses a cookie consent tool to obtain user consent for cookies and cookie-based applications. Consent is provided through an interactive interface where users can select their preferences. The tool only activates cookies upon user consent, ensuring compliance with applicable regulations.

Processing of personal data for storing cookie preferences is based on Article 6(1)(f) GDPR (legitimate interest in lawful consent management). Data processing agreements ensure compliance with data protection laws.

8) Data Subject Rights

Under GDPR, you have the following rights:

Right to access (Article 15 GDPR)
Right to rectification (Article 16 GDPR)
Right to erasure (Article 17 GDPR)
Right to restriction of processing (Article 18 GDPR)
Right to data portability (Article 20 GDPR)
Right to withdraw consent (Article 7(3) GDPR)
Right to lodge a complaint (Article 77 GDPR).

Right to Object: If we process your data based on legitimate interests, you can object at any time for reasons arising from your particular situation. For direct marketing purposes, you can object at any time without providing a reason.

9) Retention Period for Personal Data

Data retention depends on legal, contractual, and processing purposes. Personal data is deleted when no longer necessary for its purpose or when retention obligations end, unless overriding legitimate interests justify continued storage.