Privacy Statement Geniox

Privacy Statement Geniox

Privacy Statement Geniox
Version: 1.0
Date: December 9, 2025
  1. Who is Geniox?
    2. Geniox BV, Cavalier 8, 3897AA, Zeewolde (“we”, “us”) is the controller for the personal data we process in the context of our services, website and business operations, insofar as we do not qualify as a processor on behalf of our customers.
  2. What personal data do we process?
    3. Depending on the relationship you have with us, we process the following categories of personal data:
    1. Customers and website users
      • Name, contact details;
      • Email, phone number;
      • Log and usage data (IP address, browser information, times);
      • Payment and billing information; and
      • Content of communications with our customer service.
    2. Suppliers / business contacts
      • Contact details of business contact persons;
      • Correspondence; and
      • Contract and financial data.
    3. Job applicants / HR processing
      • Name, address, city, phone, email contactdetails;
      • CVs, cover letters and education information;
      • Job interview reports (if applicable); and
      • Assessment results (if applicable).
  3. For what purposes do we process personal data?
    4. We process personal data solely for specified and legitimate purposes, including:
    1. Services
      • Providing our products and services;
      • Account management; and
      • Customer service and communication.
    2. Website management and security
      • Functioning of the website;
      • Improving user experience; and
      • Logging for security and incident analysis.
    3. Contract and supplier management
      • Supplier, contract and invoicing management; and
      • Correspondence and business communication.
    4. Legal obligations
      • Fiscal retention obligation (art. 6(1)(c) GDPR).
    5. HR purposes
      • Processing of job applications (art. 6 (1)(f) GDPR);
      • Performance of employment contracts (art.6(1)(b) GDPR); and
      • HR administration (art.6(1)(c) GDPR).
  4. On what grounds do we base these processing operations?
    5. Our processing is based on the principles of Art. 6 GDPR, including:
    • Performance of a contract – Art. 6(1)(b) GDPR;
    • Legal obligation – art. 6(1)(c) GDPR;
    • Legitimate interest – Art. 6(1)(f) GDPR(such as cybersecurity, business operations, analytics); and
    • Consent – Art. 6(1)(a) GDPR(e.g. for marketing cookies).
  5. Cookies & Tracking
    6. We use cookies and similar technologies for the following purposes:
    1. Functional cookies - Necessary for the website to function. No consent is required for these.
    2. Analytical cookies - Preferably configured privacy-friendly . Consent is required if visitors can be identified.
    3. Marketing and tracking cookies - For advertising purposes or profiling . Your consent is required for this.
  6. Retention periods
    7. We do not store data for longer than necessary for the purposes for which it was collected (Art. 5(1)(e) GDPR). The following applies:
    • Customer data: duration of the customer relationship + 2 years.
    • Billing data: 7 years (legal tax retention obligation).
    • Website logs: 12–24 months, unless necessary for security.
    • Job application details: max. 4 weeks after end of hiring procedure (or 1 year with permission).
    • Supplier administration: duration of the agreement + 2 years.
  7. With whom do we share personal data?
    8. We share personal data only if necessary and permitted under the GDPR. We have a data processing agreement with processors (Article 28 GDPR).
    1. Processors
      • Hosting providers;
      • SaaS service providers;
      • Email and communication services;
      • HR systems; and
      • Accounting and invoicing software.
    2. Third parties
      3. We only share data with third parties when this is necessary for our services, in the context of a company acquisition, or when we are legally obliged to do so.
  8. International transfer
    9. If personal data is processed outside the EU, we do so only in accordance with a valid transfer mechanism as described in Chapter V of the GDPR, namely an Adequacy Decision by the European Commission, based on Standard Contractual Clauses (SCCs ) of the European Commission plus any additional security measures, such as encryption.
  9. Security measures
    10. We take technical and organizational measures to protect your personal data against unauthorized access, such as:
    • Encryption of data;
    • Access control and authorizations;
    • Logging and monitoring;
    • Backups and encrypted storage; and
    • Security policy and employee training.
  10. Rights of data subjects
    11. Data subjects have various rights:
    • Right of access;
    • Right to rectification;
    • Right to erasure;
    • Right to restriction;
    • Right to data portability;
    • Right to object; and
    • Right to withdraw consent.
    Requests can be submitted via privacy@geniox.com.
  11. Complaints
    12. If you have a complaint, please contact us first at privacy@geniox.com so we can resolve it. If your complaint is not resolved to your satisfaction, you can file a complaint with the Dutch Data Protection Authority via: www.autoriteitpersoonsgegevens.nl
  12. Changes to this privacy statement
    13. This privacy statement is dated December 2, 2025. We may amend this privacy statement. The most recent version is always available on our website.
  13. Contact
    14. For questions about this privacy statement or the processing of personal data:
    Geniox – Privacy Officer
    By email: privacy@geniox.com
    By post: Geniox BV, Cavalier 8, 3897AA, Zeewolde, for the attention of the Privacy Officer.