Privacy Policy

Prosica GmbH Last updated: 26/11/2025

1. Introduction

Prosica GmbH (“Prosica”, “we”, “us”, “our”) is committed to protecting the personal data of candidates, website visitors, business partners, and all individuals whose data we process.
 This Privacy Policy explains how we collect, process, use, store, and protect personal data in accordance with:

  • the General Data Protection Regulation (GDPR),
  • the Bundesdatenschutzgesetz (BDSG),
  • the Telecommunications and Telemedia Data Protection Act (TTDSG), and
  • other applicable German and European data protection regulations.

This Privacy Policy applies to all processing activities carried out by Prosica GmbH, including processing through our website, our recruitment services, our application forms, our CRM system (Zoho), and our interactions on social media platforms.

Controller:
 Prosica GmbH
 Paulsborner Str. 50a
 14193 Berlin, Germany
 Commercial Register: HRB 280845 B
 Managing Director: Miriam Schnürer
 Email: info@prosica.de

2. Categories of Personal Data Processed

We process personal data of candidates, website visitors, employers, and partners.
 The categories of data processed may include:

2.1. Website Visitors

  • IP address
  • Browser information
  • Cookie identifiers
  • Device information
  • Pages visited, timestamps and interaction data
  • Consent preferences

2.2. Contact Form Users

  • Full name
  • info@prosica.de address
  • Telephone number
  • Message content
  • Attached documents (if any)

2.3. Job Applicants

We collect applicant data directly via online forms, by email, or manually imported into our CRM (Zoho).
 Categories include:

  1. a) General applicant data
  • Full name
  • Contact details (email, phone number)
  • Date of birth
  • Address
  • Nationality
  • Resume/CV details
  • Education and qualifications
  • Professional skills
  • Employment history
  • Language skills
  • Availability
  • Motivation statements
  • Document uploads (CV, passport copy, certificates)
  1. b) Special category data (Art. 9 GDPR, §26 BDSG)
     For certain job roles (e.g., care, driving, technical positions), we may process:
  • Health data relevant to work capacity (e.g., medical fitness certificates)
  • Disability information (if voluntarily disclosed or relevant to job suitability)
  • Criminal record information or police clearance certificates (where required by the employer or legal provisions)

We do not process:

  • Biometric data
  • Ethnicity (beyond nationality)
  • Religion
  • Union membership

2.4. Employer Partners

  • Contact names
  • Position / role
  • Work email and phone
  • Company information
  • Recruitment requirements
  • Candidate feedback and evaluation notes

3. Purposes of Processing and Legal Bases

We process personal data strictly in accordance with the GDPR lawful bases.
 Depending on the processing activity, the legal bases are as follows:

3.1. Recruitment and Placement of Candidates

Legal bases:

  • Art. 6(1)(b) GDPR — Processing necessary for performance of a contract or pre-contractual steps
  • §26(1) BDSG — Processing for employment-related purposes
  • Art. 6(1)(f) GDPR — Legitimate interests in connecting candidates with employers

3.2. Processing of Special Categories of Data

Legal bases:

  • Art. 9(2)(b) GDPR — Necessary for employment and social protection law
  • §26(3) BDSG — Processing for employment suitability
  • Art. 9(2)(a) GDPR — Explicit consent (where required)

3.3. Website Analytics & Cookies

Legal bases:

  • Art. 6(1)(a) GDPR — Consent for analytics and tracking cookies
  • Art. 6(1)(f) GDPR — Legitimate interest for security-related processing
  • TTDSG §25 — Consent for non-essential cookies

3.4. Communication (Contact Form)

Legal basis:

  • Art. 6(1)(b) GDPR — Necessary for responding to inquiries
  • Art. 6(1)(f) GDPR — Legitimate interest in customer support

3.5. CRM Usage (Zoho)

We process data in Zoho CRM to manage applications, recruitment projects, and employer relationships.

Legal bases:

  • Art. 6(1)(b) GDPR — Pre-contractual steps
  • Art. 6(1)(f) GDPR — Legitimate interests in organised applicant management
  • Art. 28 GDPR — Processor agreement with Zoho

4. Recipients of Personal Data

We may share personal data with:

4.1. Employers in the EU

For recruitment and placement purposes, applicant data is shared only with employers located within the European Union.

4.2. Service Providers

Including:

  • Zoho Corporation (CRM)
  • Google Ireland Ltd. (Analytics)
  • Hosting providers
  • IT, security, and communication tools

All processors are bound by Art. 28 GDPR data processing agreements.

4.3. Authorities

Where required for:

  • Visa applications
  • Employment contract verification
  • Legal compliance

4.4. Social Media Platforms

When interacting with our pages on LinkedIn, Instagram, Facebook, or TikTok.

5. International Data Transfers

Currently:
 Prosica does not transfer applicant data outside the EU.

Future transfers:
 Should Prosica later engage in recruitment for Japan, Vietnam, or non-EU partners, transfers will occur only in compliance with:

  • Adequacy decisions (Art. 45 GDPR), or
  • Standard Contractual Clauses (Art. 46 GDPR)

This Privacy Policy will be updated accordingly.

6. Retention Periods

Data is retained only for the period necessary for recruitment operations and legal compliance.

6.1. Applicants

  • If selected or awaiting placement: retained as long as necessary for ongoing recruitment
  • If not selected: deleted after 6 months (per §15 AGG & BDSG guidance)
  • With applicant consent: retention may extend to 2 years for future opportunities

6.2. Special Category Data

Retained only as long as strictly required for job suitability, and securely deleted immediately after decision-making.

6.3. Contact Form Data

Retained for up to 12 months if relevant to a business inquiry.

6.4. Website Analytics

Retention per provider specifications (e.g., Google Analytics standard retention: 14–26 months, depending on settings).

7. Cookies & Tracking Technologies

Cookies are processed under TTDSG §25.
 Non-essential cookies (analytics, ads, media embeds) require explicit consent.

A detailed Cookie Policy explains:

  • Types of cookies
  • Purposes
  • Storage periods
  • Revocation of consent
  • Third-party involvement

Prosica uses Google Analytics to analyse website usage. Social media embeds may set tracking cookies.

8. Automated Decision-Making & Profiling

Proscia does not use automated decision-making tools that produce legal effects on individuals (Art. 22 GDPR).

Screening within Zoho CRM is manual, based on recruiter evaluation.

9. Security Measures

Proscia implements technical and organisational measures under Art. 32 GDPR, including:

  • Access control
  • Encryption
  • Secure CRM environment
  • Regular audits
  • Data minimisation
  • Secure document handling
  • Applicant data segregation

10. Rights of Data Subjects

Individuals may exercise the following rights under GDPR:

  • Right of access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent at any time (Art. 7(3))

Requests can be submitted to: info@Proscia.de

11. Right to Lodge a Complaint

Individuals have the right to lodge a complaint with the relevant supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
 Alt-Moabit 59-61
 10555 Berlin, Germany
 Website: https://www.datenschutz-berlin.de/

12. Changes to this Privacy Policy

Proscia reserves the right to modify this Privacy Policy to reflect changes in processing activities or legal requirements.
 The most recent version will always be available on our website.

Scroll to Top