Data Protection Policy

Prosica GmbH Last updated: 26/11/2025

1. Introduction

Proscia GmbH (“Proscia”, “we”, “us”, “our”) is committed to ensuring the security and protection of personal data in compliance with General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG), and other applicable data protection laws. We take the privacy of our applicants, website visitors, employees, and business partners seriously and adhere to the highest standards of data protection.

This Data Protection Policy outlines the types of personal data we collect, the purposes for which we process the data, and the measures we take to protect the data. It also informs individuals about their rights under the GDPR.

2. Data Controller

The data controller for processing personal data is:
 Proscia GmbH
 Paulsborner Str. 50a,
 14193 Berlin, Germany
 Commercial Register: HRB 280845 B
 Managing Director: Miriam Schnürer
 Email: info@proscia.de

3. Categories of Personal Data

We process personal data related to job applicants, website visitors, partners, and employees. The categories of personal data we collect include:

3.1. Personal Data of Job Applicants

  • Full name
  • Contact information (email address, phone number)
  • Date of birth
  • Address
  • Nationality
  • CV/Resume details
  • Education and qualifications
  • Work experience
  • Language skills
  • Employment history
  • Documents such as passport copies, certificates, etc.
  • Special category data (Art. 9 GDPR) when applicable, including:
    • Health data (medical certificates, fitness for work)
    • Disability information
    • Criminal background check data

3.2. Personal Data of Website Visitors

  • IP addresses
  • Browser information
  • Device information
  • Cookies (for analytics, preferences, and tracking)
  • Interaction data (pages visited, time spent on the site)

3.3. Personal Data of Employer Partners

  • Contact names
  • Professional titles
  • Company information
  • Email addresses
  • Recruitment requirements

3.4. Employee Data (if applicable)

  • Name, address, and contact information
  • Employment records
  • Salary and benefits details
  • Bank details for salary payments

4. Purposes of Processing and Legal Bases

We process personal data for specific purposes and ensure compliance with the applicable legal bases as outlined below:

4.1. Recruitment and Candidate Management

Legal bases:

  • Art. 6(1)(b) GDPR — Processing necessary for the performance of a contract (employment or pre-contractual steps)
  • §26 BDSG — Processing for employment-related purposes
  • Art. 6(1)(f) GDPR — Legitimate interest in connecting candidates with employers

4.2. Processing Special Categories of Data

Legal bases:

  • Art. 9(2)(b) GDPR — Necessary for employment and social protection law
  • §26(3) BDSG — Processing for employment suitability
  • Art. 9(2)(a) GDPR — Explicit consent (if required)

4.3. Website Functionality and Analytics

Legal bases:

  • Art. 6(1)(f) GDPR — Legitimate interest for website security and improvement
  • Art. 6(1)(a) GDPR — Consent for non-essential cookies (analytics, ads)
  • TTDSG §25 — Consent for cookies

4.4. CRM and Recruitment Management (Zoho)

Legal bases:

  • Art. 6(1)(b) GDPR — Necessary for recruitment and pre-employment processes
  • Art. 6(1)(f) GDPR — Legitimate interest for organizing applicant data

4.5. Communication

Legal basis:

  • Art. 6(1)(b) GDPR — Processing necessary for contract execution (email contact with candidates or employers)
  • Art. 6(1)(f) GDPR — Legitimate interest in responding to inquiries or business communications

5. Data Recipients

Personal data may be shared with the following recipients:

5.1. Employers in the EU

We share applicant data with employers located within the European Union for the purpose of recruitment and placement.

5.2. Service Providers (Processors)

We share personal data with third-party service providers who help us manage our recruitment process, including:

  • Zoho CRM (for managing recruitment and employer-client relations)
  • Google Analytics (for website analytics)
  • Hosting providers, IT services, and communication tools

We ensure that all third-party service providers are contractually bound under Art. 28 GDPR to handle personal data in accordance with GDPR requirements.

5.3. Authorities

We may disclose personal data to public authorities or governmental bodies when required by law, such as for visa processing or legal obligations related to employment.

6. International Data Transfers

Currently, Proscia GmbH processes personal data solely within the European Union (EU). If we engage in cross-border transfers of personal data (e.g., for recruitment outside the EU), we will ensure that these transfers comply with the GDPR by using:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions from the European Commission (Art. 45 GDPR)

Any changes to our data transfer practices will be updated in this policy.

7. Data Retention Periods

We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected and in compliance with legal obligations.

7.1. Job Applicants

  • If hired or awaiting placement: Retained for as long as necessary for ongoing recruitment activities
  • If not selected: Deleted after 6 months (unless candidate has consented to extended storage for future roles)
  • With consent: Data may be retained for up to 2 years for future recruitment purposes

7.2. Special Category Data

We retain special-category data only for as long as required to evaluate a candidate’s eligibility for a specific role. It is deleted as soon as the recruitment process is complete.

7.3. Website Analytics Data

We retain analytics data for up to 26 months in compliance with Google Analytics data retention policies.

8. Security Measures

Proscia GmbH implements appropriate technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of sensitive data
  • Regular IT security audits
  • Access control and user authentication
  • Data minimization
  • Secure storage of documents

We also ensure that our service providers (Zoho CRM, Google Analytics, etc.) implement similar security measures.

9. Rights of Data Subjects

Individuals whose data we process have the following rights under the GDPR:

  • Right to access (Art. 15)
  • Right to rectification (Art. 16)
  • Right to erasure (Art. 17)
  • Right to restriction of processing (Art. 18)
  • Right to data portability (Art. 20)
  • Right to object (Art. 21)
  • Right to withdraw consent (Art. 7(3))

If you wish to exercise any of these rights, please contact us at:
 info@Proscia.de

10. Complaints

If you believe that Proscia GmbH has violated your rights under the GDPR, you have the right to lodge a complaint with the relevant supervisory authority:

Berliner Beauftragte für Datenschutz und Informationsfreiheit
 Alt-Moabit 59-61
 10555 Berlin, Germany
 Website: https://www.datenschutz-berlin.de/

11. Updates to this Policy

Proscia reserves the right to modify this Data Protection Policy as necessary to comply with changes in data protection laws or internal practices. The most recent version will be available on our website.

12. Contact Information

For any questions regarding this Data Protection Policy or your personal data, please contact:

Proscia GmbH
 Paulsborner Str. 50a
 14193 Berlin, Germany
 Email: info@proscia.de

Scroll to Top