Datenschutz | GENUI

Privacy Policy

Scope of Application

At GENUI GmbH (hereinafter “GENUI” or “we”), the protection of your privacy and personal data is of particular importance. With this privacy policy, we would like to provide you with comprehensive information on how we handle your personal data.

This privacy policy applies to the processing of your personal data when you visit our websites at www.genui.de and when you contact us by email or telephone. For our investors, we have prepared a separate privacy policy, which we will be happy to provide to you at any time upon request, if not already provided.

Who is responsible and whom can I contact?

GENUI GmbH, Neuer Wall 80, 20354 Hamburg, is responsible for the processing of personal data described in this privacy policy.

You can address all data protection inquiries to the following contact:

GENUI GmbH
Neuer Wall 80
20354 Hamburg
Germany
Tel. +49 (0) 40 320 08669 0
Fax +49 (0) 40 320 8669 80
Email: info@genui.de

You can reach our external data protection officer at:

VIVACIS Consulting GmbH
Jochen Geck
Data Protection Officer
Horexstraße 1
Alter Güterbahnhof
61352 Bad Homburg
Germany
Email: jochen.geck@vivacis.de

Which data do we process about you?
Depending on the specific processing situations, we collect and process various personal data about you. Below you will find a list of the data with reference to each respective processing situation:

Which data do we process when you visit our websites?

In principle, you can visit our websites without disclosing your identity. If you use the services provided by GENUI on the websites without registering, we process, among other things:

When visiting our websites, we collect, among other things, the following data: usage data such as the browser used, operating system, referrer URL, time of the server request, content accessed, duration of use, as well as your IP address. Other technical data required for the use of our services are also recorded;
IP address;
Other technical data comparable to the aforementioned.

Which data do we process when you contact us?

Depending on your inquiry, you can contact us via our websites by email or, outside the internet, by telephone or in writing. In doing so, we only store and process your email address, telephone number, address, and any other information you have provided to us.

From whom do we collect your personal data?

Personal data is collected exclusively from you directly, for example when you visit our websites or use the services offered, such as the option to contact us by email.

For what purposes do we process your data and on what legal basis?

We process your personal data exclusively in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and the German Federal Data Protection Act (“BDSG”). In certain situations, we also process your personal data to fulfill other legal obligations or on the basis of your explicit consent.

To fulfill contractual obligations

We process your personal data to fulfill contractual or quasi-contractual obligations, or to establish a contract - for example, for the provision of our services as an investor, for existing customer support, or when responding to inquiries.

To comply with legal obligations

Where we are subject to legal obligations that require the processing of your personal data for compliance, we process your personal data on the basis of those legal obligations.

Based on legitimate interests

We also process your personal data to safeguard our legitimate interests, provided that your interests or fundamental rights and freedoms requiring the protection of your personal data do not outweigh them. Subject to a case-by-case balancing of interests, we regularly assume that our legitimate interests prevail in the following, non-exhaustive processing situations:

Optimization of our offerings and services;
Analysis of the use of our websites;
Ensuring the confidentiality and integrity of our IT systems;
Cooperation with government authorities.

Based on your consent

If you have separately given us consent to process your personal data, we will process your personal data within the scope of and on the basis of this consent. Consent may relate, for example, to the transfer of data to partner companies, the analysis of your data for targeted advertising measures, or the sending of newsletters.

Giving consent is always voluntary. Refusal to give consent or the withdrawal of consent will not have any negative consequences for you.

To whom do we disclose your data?

If necessary for the establishment, performance, or termination of a contract or a quasi-contractual relationship, we generally disclose your personal data only to companies affiliated with us.

Disclosure to business partners and external advisors

We disclose your personal data to our business partners when this is necessary for the performance of existing contracts or when, within the scope of our existing business relationship, we believe that the disclosure of your personal data is in your interest - for example, to introduce new business contacts.

Disclosure to our external advisors regularly takes place in connection with fundraisings, investments, or the establishment and administration of funds as part of the performance of existing contractual relationships.

Disclosure to processors

We also use external service providers to process your data, to whom we transfer your personal data and who, under contractual safeguards, process the data only on our behalf. Processors are also, for example, contractually obliged to either delete or return the data upon termination of their engagement.

Disclosure due to legal obligations or to safeguard legitimate interests

Where we are obligated by law, by court order, or pursuant to an enforceable official directive, we will disclose your personal data to entities entitled to receive such information.

Other disclosures

If you have given us a separate declaration of consent for the use and disclosure of personal data, your personal data may be transferred to the recipients named therein. As part of the provision of third-party services on our websites, personal data may in some cases be forwarded to third parties. Detailed information on this can be found in Section 12. Beyond this, no personal data will be transferred to third parties unless, in individual cases, there is a separate legal basis for the transfer and your interests or fundamental rights and freedoms do not prevail.

Disclosure of personal data to third parties

Links to external websites:
This website contains links to external pages. We are responsible for our own content. We have no influence over the content of external links and are therefore not responsible for them; in particular, we do not adopt their content as our own. If you are redirected to an external page, the privacy policy provided there applies. If you notice unlawful activities or content on this page, you are welcome to inform us. In that case, we will review the content and respond accordingly (notice-and-takedown procedure).

Use of script libraries (Google Web Fonts)

Type and purpose of processing:
To display our content correctly and in a visually appealing manner across browsers, we use “Google Web Fonts” by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereinafter “Google”) on this website for font display. You can find the privacy policy of the library operator, Google, here: https://www.google.com/policies/privacy/

Legal basis

The legal basis for the integration of Google Web Fonts and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

Recipients

Calling script libraries or font libraries automatically triggers a connection to the library operator. In theory - although it is currently unclear whether and, if so, for what purposes - the operator, in this case Google, may collect data.

Storage period

We do not collect personal data through the integration of Google Web Fonts. For further information on Google Web Fonts, please visit https://developers.google.com/fonts/faq and Google’s privacy policy: https://www.google.com/policies/privacy/.

Data transfers to third countries

If we transfer personal data to third countries (i.e., countries outside the European Economic Area – EEA), this will only take place if

there is an adequacy decision by the European Commission for the relevant country pursuant to Art. 45 GDPR,
appropriate safeguards are in place pursuant to Art. 46 GDPR (e.g., EU Standard Contractual Clauses), or
you have given us your explicit consent pursuant to Art. 49(1)(a) GDPR.

Data transfers to the USA are generally based on the EU-U.S. Data Privacy Framework (DPF), provided the respective recipient is certified under the DPF. You can find an up-to-date list of certified companies at: https://www.dataprivacyframework.gov.

If no DPF certification is in place, we rely on the European Commission’s Standard Contractual Clauses (Decision 2021/914/EU) and, where appropriate, additional technical and organizational measures to ensure an adequate level of data protection.

How long do we store your personal data?

We process and store personal data only for as long as is necessary to fulfill the respective purposes or as long as statutory retention obligations exist. If the purpose of processing ceases to apply or a statutory retention period expires, the personal data will be deleted or blocked in accordance with legal requirements.

Server log files are generally automatically deleted after 14 days.
Data from contact inquiries (e.g., via email or contact form) are stored for the duration of processing and for possible follow-up queries, and are deleted no later than six months, provided no further communication is required.
Application documents are deleted no later than six months after the conclusion of the application process, provided no employment has taken place or no consent for longer retention has been given.

We generally retain contract and business data for six to ten years in accordance with statutory obligations under commercial and tax law (§ 257 HGB, § 147 AO).

After the respective periods have expired or the purpose of processing no longer applies, personal data will be deleted unless statutory or contractual retention obligations prevent this.

Your rights

Below is a summary of your rights regarding the processing of your personal data by us:

Rights to access, erasure, rectification, restriction of processing, and data portability.

Under Art. 15 GDPR, you have the right of access, allowing you to request confirmation as to whether we process your personal data. If this is the case, you have the right to request comprehensive information about this personal data from us.

You may demand under Art. 16 GDPR that inaccurate data concerning you be rectified without delay.

Under Art. 17 GDPR, you have the right to request the erasure of your personal data if (i) the data are no longer necessary for the purposes for which they were collected, (ii) you have withdrawn your consent to processing, (iii) you have objected to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for continued processing, (iv) your personal data have been unlawfully processed, (v) the erasure of the personal data is required to comply with a legal obligation under Union law or the law of the Member States to which GENUI is subject, or (vi) the personal data were collected in relation to the offer of information society services in accordance with Art. 8(1) GDPR.

Under Art. 18 GDPR, you have the right to request the restriction of processing under the following conditions. This right exists if (i) you contest the accuracy of your personal data, (ii) the processing is unlawful and you oppose the erasure of the personal data and instead request the restriction of their use, (iii) the data are no longer needed for the purposes of processing, but you require them for the establishment, exercise, or defense of legal claims, or (iv) you have objected to the processing pursuant to Art. 21(1) GDPR, pending verification of whether we have compelling legitimate grounds for the processing that override yours.

Under Art. 19 GDPR, you have the right to obtain information about the recipients to whom a rectification or erasure of your personal data or a restriction of processing has been communicated.

Under Art. 20 GDPR, you have the right to receive the personal data concerning you from us in a structured, commonly used, and machine-readable format and to transmit those data to another controller.

Where the processing or transmission of your personal data is based on consent you have given, you may withdraw that consent at any time with effect for the future.

Under Art. 21(1) GDPR, you have the right, on grounds relating to your particular situation, to object at any time to the processing of your personal data when such processing is carried out for the purposes of our legitimate interests, including profiling based on those interests (e.g., for creditworthiness assessment).

Your personal data will then no longer be processed unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims.

Under Art. 21(2) GDPR, you have the right to object at any time to the use of your personal data for direct marketing purposes. This also applies to profiling insofar as it is related to such direct marketing.

If you object to processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Contact options

You can submit your objection informally by post, fax, or email. Please address it to:

GENUI GmbH
Neuer Wall 80
20354 Hamburg
Germany
Tel.: +49 (0) 40 320 8669 0
Fax: +49 (0) 40 320 8669 80
Email: info@genui.de

Complaint right under Art. 77 GDPR

If you believe that the processing of your personal data violates the General Data Protection Regulation, you have the right to lodge a complaint with a data protection supervisory authority.

Typically responsible for us

The Hamburg Commissioner for Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22, 7th floor
20459 Hamburg
Germany
Phone: +49 (0)40 42854-4040
Email: mailbox@datenschutz.hamburg.de
Website: https://www.datenschutz-hamburg.de

You also have the right to lodge a complaint with a data protection supervisory authority of your choice, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement.

Do you have an obligation to provide personal data?

There is neither a contractual nor a legal obligation to provide us with your personal data for the use of our websites. However, if you wish to contact us, certain information may be required so that we can process your request.

Does the processing rely on automated decision-making or profiling?

You have the right not to be subject to a decision based solely on automated processing, including profiling, if the decision is not necessary for entering into or performing a contract, not required by mandatory legal provisions, or not based on your explicit consent.

GENUI does not use automated decision-making, including profiling, unless we have explicitly informed you otherwise.

Cookies and tracking

Our website uses cookies and similar tracking technologies to analyze the use of our website, provide certain features, and improve the user experience.

For managing consents, we use a consent management tool (Consentik GDPR Cookie Banner). This tool displays a notice banner when you first visit our website, informing you about the type, scope, and purposes of the cookies used.

Via the consent management tool, you can individually choose which categories of cookies you wish to allow (e.g., essential, functional, statistical, or marketing cookies). You can withdraw or change your consent at any time with effect for the future by accessing the cookie settings via the corresponding link in the footer of our website.

The processing of personal data on the basis of your consent is carried out pursuant to Art. 6(1)(a) GDPR. Further information on the cookies used, their storage duration, and providers can be found in the cookie settings of the consent tool.

Legal basis: Art. 6(1)(a) GDPR (consent)

What types of cookies and tracking technologies do we use?

To provide, maintain, and analyze our websites and their usage, we use various software tools from third parties and ourselves that regularly rely on the use of cookies, Flash cookies (also called Flash Local Shared Objects), web beacons, or similar technologies (collectively referred to as “tracking technologies”). Tracking technologies can help us understand how you use our services (e.g., the pages you view or the links you click and other actions you take within the services), provide us with information about your browser and online usage patterns (e.g., IP address, log data, browser type, browser language, referring/exit pages and URLs, pages viewed, whether you opened an email, links clicked, etc.), as well as information about the devices you use to access our services. Tracking technologies enable us to link the devices you use to access our services in such a way that we can recognize you across the different devices you use and, where appropriate, contact you.

You can limit the use of tracking technologies by changing your browser settings. You can determine what access you grant us to your devices and whether and for how long cookies may be stored on your device. You can also delete cookies that have already been stored at any time. Please note that the functionality of our websites may be impaired after deactivating all cookies. Similar functions (such as Flash cookies) that are used by so-called browser add-ons can be disabled or deleted by changing the settings of the browser add-on or via the website of the browser add-on’s manufacturer.

What are cookies?

A cookie is a small file that is transferred by the host server of a website during the use of that website and stored on the user’s device (desktop computer, laptop, tablet, smartphone, or other internet-enabled devices) by the browser used. Cookies are used to store information about the user and to retrieve it when the website is accessed again.

What are cookies used for?

Cookies help us understand how our websites are used, analyze trends, administer the sites, track user movements on our pages, collect demographic information about our user base as a whole, let you navigate efficiently between pages, remember your preferences and settings on our websites, and generally improve your browsing experience. We process the data collected via tracking technologies in order to (i) remember information so you don’t have to re-enter it during your visit or on a return visit, (ii) recognize you across multiple devices, (iii) monitor the functionality and performance of our websites, (iv) capture aggregated metrics regarding total number of visitors, overall traffic, usage, and demographic patterns on our websites, (v) diagnose and fix technical problems, and (vi) carry out other planning measures and improvements to our website.

What types of cookies are used on our websites?

The cookies used on our websites can generally be classified into one of the following categories: strictly necessary cookies, analytics cookies, and functional cookies.

Strictly necessary cookies

These cookies are essential for the functioning of our websites and enable you to navigate our pages and use their features. Without these cookies, certain services required for the full use of our website cannot be provided. The legal basis for processing these cookies is our legitimate interest in ensuring the functionality of our website pursuant to Art. 6(1)(f) GDPR.

Analytics cookies

With these cookies, we collect information about how users use our websites—for example, which pages are accessed and read most frequently, or how users move from one link to the next. All information collected by this type of cookie does not relate to an individual user but is aggregated and compiled together with data from other users. These cookies provide us with analytical insights into how our websites perform and how we can improve them. The legal basis for processing these cookies is your consent pursuant to Art. 6(1)(a) GDPR.

Functional cookies

These cookies allow us to store certain choices you have made and adapt our websites to provide you with enhanced features and content. For example, these cookies can be used to remember your language or country selection. The legal basis for processing these cookies is your consent pursuant to Art. 6(1)(a) GDPR.

How long are cookies stored on my devices?

The storage duration largely depends on whether the cookie is “persistent” or “session-based.” Session-based cookies are deleted after you leave the websites that set the cookie. Persistent cookies remain on your device even after you finish browsing, until they are deleted or expire.

Email hosting providers

Salesforce SPF, Sophos, SPF, Microsoft Exchange Online, Office 365 Mail.

We use various email hosting services, including Salesforce SPF, Sophos, SPF, Microsoft Exchange Online, and Office 365 Mail, to manage our communications. These providers store and process the emails you send to us and the associated personal data in accordance with their respective privacy policies. The legal basis for processing this data is the performance of a contract pursuant to Art. 6(1)(b) GDPR, as well as our legitimate interests in the communication and administration of emails pursuant to Art. 6(1)(f) GDPR.

Web hosting providers

Our website is hosted on servers operated by Hetzner. Hetzner is responsible for the technical provision and operation of the servers on which our website is hosted. Your data is stored on these servers and handled in accordance with Hetzner’s privacy policies. The legal basis for processing this data is the performance of a contract pursuant to Art. 6(1)(b) GDPR, as hosting our website is necessary to fulfill our contractual obligations to you.

Web servers

Our website uses the web server ‘nginx’ to efficiently manage traffic and deliver our content. The web server may store technical data such as IP addresses and access times to ensure the functionality and security of our website. The legal basis for processing this data is our legitimate interest in ensuring the security and stability of our website pursuant to Art. 6(1)(f) GDPR.

Links to our LinkedIn profile are integrated on our website. When you click these links, you will be redirected to the LinkedIn platform. LinkedIn is responsible for processing the personal data you provide on the LinkedIn platform. For more information on data processing by LinkedIn, please refer to LinkedIn’s privacy policy. The legal basis for embedding these links is consent pursuant to Art. 6(1)(a) GDPR.

Stock.adobe

Videos from stock.adobe are embedded on our website. When you play these videos, a connection to stock.adobe is established, and data about your usage may be transmitted to stock.adobe. Stock.adobe is responsible for processing the personal data you provide on the stock.adobe platform. For more information on data processing by stock.adobe, please refer to stock.adobe’s privacy policy. The legal basis for embedding these videos is consent pursuant to Art. 6(1)(a) GDPR.

Use of Artificial Intelligence (AI)

Our company has regulated the use of AI systems internally through a binding policy that defines responsibilities, permissible use cases, and safeguards. In addition, all affected employees have been trained to ensure the responsible and GDPR-compliant use of AI-powered tools.

Microsoft Copilot

We use AI-powered features, particularly Microsoft Copilot, to support internal work processes and increase efficiency. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, which offers AI-driven suggestions and automations based on Microsoft 365 data.

Microsoft Copilot processes only the data that is already processed as part of using Microsoft 365. Processing is based on Art. 6(1)(f) GDPR (legitimate interest) in designing our workflows efficiently and in a modern way. Where Copilot is used to fulfill contractual obligations, processing is additionally based on Art. 6(1)(b) GDPR.

Microsoft processing and safeguards

Microsoft processes personal data on behalf of our company under a data processing agreement (DPA) pursuant to Art. 28 GDPR. Data processing outside the European Union may occur. In such cases, Microsoft ensures an adequate level of data protection through the conclusion of EU Standard Contractual Clauses and additional technical and organizational measures.

Copilot only accesses data for which the corresponding access rights exist. There is no independent disclosure of data by Copilot to third parties for training purposes outside the Microsoft environment.

For more information on Microsoft’s data processing, see: https://privacy.microsoft.com/de-de/privacystatement

Technical safeguards

For security reasons and to protect the transmission of confidential content that you send to us as the site operator, we use SSL/TLS encryption. You can recognize an encrypted connection by the fact that the address bar of the browser changes from “http://” to “https://” and by the lock symbol in your browser’s address bar.

When SSL/TLS encryption is enabled, the data you transmit to us cannot be read by third parties. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, we use SSL/TLS encryption. These technologies ensure that the data transmitted between your browser and our server is secure and protected from unauthorized access by third parties.

How to recognize an encrypted connection

You can recognize an encrypted connection by the fact that your browser’s address bar changes from “http://” to “https://”. In addition, a lock symbol is displayed in the browser bar, confirming the secure status of the connection.

If SSL/TLS encryption is enabled, it means that the data you transmit to us cannot be read or manipulated by unauthorized third parties. This ensures that your confidential information - such as personal data, login details, or other sensitive information - remains protected during transmission.

This privacy policy is current and valid as of October 2025.