🔐 Privacy Policy
Last updated: December 2025
🔐 Your Data. Your Control.
At ReferMich, we believe you should always know exactly how your data is used. Here's a simple summary:
How We Protect Your Data
- ✓Your profile is shared only after you request a referral
- ✓Referrers cannot see your data unless you approve
- ✓No CV or personal data is sold or shared with third parties
- ✓All data is hosted on EU servers (Germany)
- ✓You can delete your data anytime from your account
Your GDPR Rights
- →Access: Request a copy of your data
- →Correction: Fix any inaccurate information
- →Deletion: Remove your data completely
- →Withdraw Consent: Change your mind anytime
Questions? Contact us at privacy@refermich.de
Full Privacy Policy
1. Introduction
ReferMich ("ReferMich", "we", "us", "our") respects your privacy and is committed to protecting your personal data.
This Privacy Policy explains how we collect, use, store, and protect personal data when you use our platform at https://www.refermich.de (the "Platform"), in accordance with the EU General Data Protection Regulation (GDPR) and German data protection laws.
2. Data Controller
ReferMich is the data controller within the meaning of Article 4(7) GDPR.
3. Scope of This Policy
This Privacy Policy applies to:
- Job seekers ("Candidates")
- Employees acting as referrers ("Referrers")
- Website visitors
It does not apply to employer systems, third-party websites, or hiring decisions made by employers.
4. Personal Data We Collect
4.1 Account & Profile Data
- Full name
- Email address
- Profile photo (optional)
- Location
- Skills and experience
- LinkedIn profile URL (mandatory)
- Resume / CV link (mandatory)
4.2 Referral & Communication Data
- Referral requests
- Messages exchanged after referral approval
- Referral status and timestamps
4.3 Technical & Usage Data
- IP address
- Browser type
- Device information
- Log files
- Usage analytics
4.4 Cookies & Tracking Data
- Essential cookies
- Functional cookies
- Analytics cookies (only with consent)
5. Purposes & Legal Basis for Processing (GDPR Art. 6)
| Purpose | Legal Basis |
|---|---|
| Creating and managing user accounts | Art. 6(1)(b) – Contract |
| Processing referral requests | Art. 6(1)(b) – Contract |
| Sharing profiles with referrers after request | Art. 6(1)(b) – Contract |
| Enabling chat after approval | Art. 6(1)(b) – Contract |
| Platform security & abuse prevention | Art. 6(1)(f) – Legitimate interest |
| Analytics & platform improvement | Art. 6(1)(f) or Art. 6(1)(a) (consent) |
| Marketing communications | Art. 6(1)(a) – Consent |
| Legal obligations | Art. 6(1)(c) – Legal obligation |
6. Profile Visibility & Data Sharing Logic
- Profiles are private by default
- Profiles are shared only when a user requests a referral
- Referrer identity is revealed only after approval
- Chat is enabled only after referral approval
- Profiles are never publicly searchable
ReferMich does not share data with employers or recruiters.
7. Recipients of Personal Data
Personal data may be shared with:
- Other users (only through explicit referral requests)
- Hosting and infrastructure providers
- Email and notification service providers
- Analytics providers (with consent)
We do not sell personal data.
8. International Data Transfers
We aim to process data within the EU/EEA.
If data is transferred outside the EU/EEA, we ensure appropriate safeguards such as:
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions by the European Commission
9. Data Retention
| Data Type | Retention Period |
|---|---|
| User account & profile | Until account deletion |
| Referral requests | Up to 24 months after resolution |
| Chat messages | Up to 24 months |
| Logs & security data | Up to 12 months |
| Legal records | As required by law |
Users may delete their account at any time.
10. Automated Decision-Making
ReferMich does not perform automated decision-making or profiling within the meaning of Article 22 GDPR.
All referral decisions are made manually by human users.
11. Data Security
We implement appropriate technical and organizational measures, including:
- Access controls
- Encrypted communication (HTTPS)
- Role-based permissions
- Secure infrastructure providers
12. User Rights (GDPR Arts. 15–21)
You have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
📧 Requests can be sent to: privacy@refermich.de
13. Right to Lodge a Complaint
You have the right to lodge a complaint with a supervisory authority.
For users in Bavaria, Germany:
Bavarian Data Protection Authority (BayLDA)
14. Cookies & Consent
We use cookies for:
- Essential functionality
- User preferences
- Analytics (only with consent)
You can manage cookie preferences via our cookie banner.
15. Children's Privacy
ReferMich is not intended for users under 18 years of age. We do not knowingly process data of minors.
16. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via the Platform.
17. Contact
For privacy-related questions: