Privacy Policy

Status: 29/10/2025
Provider/Controller within the meaning of Art. 4(7) GDPR:
Senior Connect GmbH, Obereichenrot 8, 74575 Schrozberg, Germany
Email: kontakt@senior-connect.de
(“Senior Connect”, “we”)

A. Scope & Purpose of this Notice

This privacy policy informs you about which personal data we process when you use our website, our platform (including “Senior Connect Premium”/“Premium Plus”/“Basic”/“Always Free”) and accompanying services (e.g., newsletters, video conferences, support), for what purposes, on what legal bases, how long we store it, and to whom we disclose data. You will also receive information about your rights as a data subject and about settings (e.g., cookie consents).

B. Key Terms

Personal data means any information relating to an identified or identifiable natural person (e.g., name, email, IP address).
Processing means any operation performed on data (collection, storage, transmission, etc.).
Processor (Art. 28 GDPR) processes data on our behalf.
Controller independently decides on the purposes and means of processing.
Profiling/“AI analysis” refers to the automated evaluation of personal data to assess certain personal aspects (e.g., fit with job profiles). No solely automated decision-making with legal effect takes place.

C. Controller, Privacy Contact & DPO

The controller is Senior Connect GmbH (see address above).
Please direct privacy-related questions to: kontakt@senior-connect.de.
A statutory data protection officer is not currently appointed.

D. Legal Bases (Art. 6 GDPR)

We process data based on:

  • Art. 6(1)(b) GDPR (contract/contract initiation) – e.g., registration, subscriptions, matching, document optimization, interview training, mentoring.
  • Art. 6(1)(a) GDPR (consent) – e.g., cookies/tracking, newsletters, social plugins, optional analytics.
  • Art. 6(1)(c) GDPR (legal obligations) – e.g., statutory retention for tax.
  • Art. 6(1)(f) GDPR (legitimate interests) – e.g., IT security, abuse prevention, simplified sign-up (LinkedIn login), product improvement (aggregated analyses).

To the extent we do not process special categories of data, we nevertheless point out that users should not transmit such content to us unless strictly necessary for an application.

E. Processing Activities in Detail

1) Provision of the website (server log files)
Data: IP address, date/time, URL/file accessed, referrer URL, user agent (browser/OS), data volume transferred, time zone, HTTP status.
Purpose/Legal basis: Operation/security of the website (Art. 6(1)(f) GDPR).
Storage period: Generally 30 days; longer in case of security incidents until clarification.
Hosting: see section “K. Recipients & international transfers”.

2) Contact (form, email, phone)
Data: Master data, contact data, communication content, metadata.
Purpose/Legal basis: Handling your inquiry (Art. 6(1)(b) or (f) GDPR).
Storage period: Generally until the matter is resolved; business correspondence up to 10 years (legal obligations).

3) Registration & account
Data: Mandatory information (name, email, password), optional profile data, preferences, usage data.
Purpose/Legal basis: Account creation, contract performance, support (Art. 6(1)(b) GDPR).
Storage period: Until account deletion; thereafter only statutory retention periods.

4) Payments & subscriptions (paid plans)
Data: Billing/payment data, plan/term, transaction IDs, where applicable billing address.
Purpose/Legal basis: Contract handling, billing, receivables management (Art. 6(1)(b), (c) GDPR).
Recipients: Depending on payment method, payment service providers (e.g., credit card/SEPA/PayPal via payment platform). The specific provider is named at checkout.
Storage period: Generally 10 years under commercial/tax law.

5) Career matching & document optimization
Data: Profile and preference data (e.g., location, desired field, work model), CV/qualifications, optional photo, answers to questions, usage data (e.g., interactions).
Purpose/Legal basis: Provision of contractual services, suggestions for suitable positions, creation/optimization of application documents (Art. 6(1)(b) GDPR).
Disclosure to employers: Only with your active consent per employer/position. Employers are independent controllers.
Storage period: Until account deletion or revocation of your consent to disclosure; thereafter only statutory obligations.

6) AI-supported analysis (profiling – without automated legal effect)
Data: Company requirement profiles, CV data, professional preferences, interests/hobbies (if voluntarily provided), answers regarding working style and personality.
Purpose: Assessing suitability and prioritizing suggestions (e.g., cultural/task fit).
Legal basis: Art. 6(1)(b) GDPR (contract) and—where voluntary additional details are provided—Art. 6(1)(f) GDPR (service optimization).
Core logic: Feature matching based on weighted criteria; ongoing quality control using anonymized/aggregated analyses.
Safeguards: Strict access controls, logging, no solely automated decision-making with legal effect (Art. 22 GDPR), ability to object to profiling for marketing purposes (see Rights).
Storage period: Until account deletion; training/benchmark data retained in aggregated/anonymous form on an ongoing basis.

7) Unlimited AI interview training (fair use)
Data: Audio/video/text content from the exercise, usage statistics, technical metadata.
Purpose/Legal basis: Provision of the training function (Art. 6(1)(b) GDPR).
Notes: Content is not used for our own model training outside the service.

8) Mentoring/sparring & video conferences
Data: Appointment/participant data, contact details, where applicable meeting content (chat/notes), technical metadata, IP address.
Tools: e.g., Google Meet.
Purpose/Legal basis: Conducting the sessions (Art. 6(1)(b) GDPR).
Storage period: Log data per tool specifications; content only if you actively provide it.

9) Newsletter (double opt-in)
Data: Email address; optionally name.
Purpose/Legal basis: Sending with your consent (Art. 6(1)(a) GDPR).
Withdrawal: At any time via unsubscribe link; if applicable, blacklist storage to prevent future mailings.
Storage period: Until unsubscribe/withdrawal; blacklist unlimited in time, purpose-bound.

10) Social login (LinkedIn)
Data: Basic data shared by LinkedIn (e.g., name, profile URL, email), login token.
Purpose/Legal basis: Simplified registration/profile maintenance (Art. 6(1)(f) GDPR).
Note: Observe the providers’ privacy policies; you control the scope of shared data in your LinkedIn account settings.

11) Analytics & tracking tools (only with consent)
Tools (examples): Google Analytics (with IP anonymization), Microsoft Clarity (heatmaps/session replays; inputs are masked), Meta Pixel (ad effectiveness measurement).
Purpose/Legal basis: Reach/usage analysis, marketing optimization—only with consent (Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TTDSG).
Withdrawal: At any time in the consent manager; you can change settings under “Cookie settings” on the website.
Storage period: Per tool specifications (e.g., Analytics generally up to 14 months); details in the consent manager.

12) Web fonts
Data: IP address, technical metadata.
Purpose/Legal basis: Consistent display (Art. 6(1)(f) GDPR).
Implementation: Preferably local hosting; if retrieved from providers (e.g., Google Fonts/Adobe Fonts), the retrieval is from the provider’s server. Details in the consent manager.

13) Presences on social networks (fan pages)
When accessing our profiles (e.g., Facebook/Instagram/LinkedIn/XING), we and the respective platform jointly process personal data for statistics/insights purposes. Further processing lies within the responsibility of the platform operators. You can assert your rights both against us and the platform. The platforms’ linked privacy notices contain details.

F. Cookies, Local Storage & Consent Management

We use cookies/similar technologies. Technically necessary cookies are required for operation (legal basis: Art. 6(1)(f) GDPR in conjunction with Sec. 25(2) TTDSG). Non-essential cookies (e.g., analytics/marketing) are used only with your consent (Art. 6(1)(a) GDPR in conjunction with Sec. 25(1) TTDSG).
You can change your settings at any time in the consent manager (IAB TCF-compatible): [Cookie settings].

G. Recipients, Categories of Recipients & Roles

Processors (Art. 28 GDPR): Hosting/cloud (e.g., Webflow, Google Cloud/Firebase – EU/EEA region), email/newsletter (e.g., HubSpot), support/communication (e.g., Google Meet), analytics/marketing (e.g., Google/Microsoft/Meta – only with consent), payment processing (PSP), identity/profile services (LinkedIn, Proxycurl). These service providers are contractually bound and carefully vetted.
Independent controllers: Employers (after your approval), payment service providers (depending on method), social networks when you use their platforms.
Authorities/institutions: Where legally required.

H. International Data Transfers

Where data is transferred to third countries (in particular the USA), we ensure an adequate level of data protection—e.g., via EU Standard Contractual Clauses (SCCs), adequacy decision (e.g., EU-US Data Privacy Framework) and additional safeguards (encryption, pseudonymization, access/purpose restrictions).

I. Storage Periods & Deletion

We delete personal data once the purpose has been achieved and no statutory retention obligations apply. Typical periods:

  • Account data/profile: Until account deletion, then restriction and deletion after expiry of statutory periods.
  • Application documents in client processes (employers): Access by employers generally up to 6 months after conclusion; employers decide independently beyond this.
  • Contract/billing data: Up to 10 years.
  • Log files: Generally 30 days.
  • Newsletter data: Until unsubscribe; blacklist unlimited in time, purpose-bound.
J. Your Rights (Arts. 15–22, 77 GDPR)

Subject to statutory conditions, you have the following rights: access, rectification, erasure, restriction, data portability, objection (Art. 21 GDPR, in particular against direct marketing/profiling for marketing purposes), and withdrawal of consent with effect for the future.
You also have the right to lodge a complaint with a data protection supervisory authority—e.g., the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg (LfDI BW) or your locally competent authority.
Contact to exercise your rights: kontakt@senior-connect.de
We respond to requests without undue delay, at the latest within one month.

K. Data Security

We implement technical and organizational measures (TOMs), including access/entry controls, encryption of data at rest and in transit (depending on the system), logging, role-based permissions, regular updates/backups, and staff awareness training.

L. Minors

Our services are aimed at adults (generally 18+). We do not intentionally process data of minors.

M. Changes to this Privacy Policy

We update this notice when laws, technologies, or our services change. The current version on our website always applies. In the event of material changes, we will provide appropriate notice (e.g., via email in the logged-in area).

N. Overview of Key Services/Tools (Short List)

Hosting/platform: Webflow (website), Google Cloud/Firebase (EU regions).
Communication/support: Email, Google Meet.
Newsletter/CRM: HubSpot.
Analytics/marketing (only with consent): Google Analytics (IP anonymization), Microsoft Clarity (masked), Meta Pixel.
Social login/profile: LinkedIn Login.
Payment service providers: Depending on the method chosen at checkout (details there).
Note: Specific providers, functionalities, storage periods, and cookie lifetimes are transparently described per tool in the consent manager (“Cookie settings”).

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
DenyAccept