Country-specific privacy addendum for users and operations in Germany
Last updated: January 15, 2026
This addendum supplements the ZhiYin global privacy policy with requirements specific to Germany. Where this addendum conflicts with the global policy, this addendum takes precedence for users located in Germany.
Federal Commissioner for Data Protection and Freedom of Information (BfDI), State Data Protection Authorities
Applicable legislation: EU GDPR, Bundesdatenschutzgesetz (BDSG)
GDPR governs. Adequate protection required for transfers outside EEA. Standard contractual clauses commonly used.
GDPR requires notifying the competent supervisory authority within 72 hours of becoming aware of a reportable breach, and affected individuals without undue delay where the breach is likely to result in a high risk to them.
ZhiYin aligns its incident-response process with these requirements and will notify the relevant regulatory authority and affected individuals within the timeframe required by applicable law.
Strict purpose limitation. Employee data subject to additional protections under BDSG. Works council involvement may be required.
In addition to the rights outlined in our global privacy policy, users in Germany have the following specific rights under local law:
For privacy inquiries related to your region, please contact our Data Protection Officer.
Email: privacy@talentbridge.com