We welcome you to our website and are happy about your interest in our company and our products. The protection of your personal data while processing or collecting it during your visit to our website is very important to us. Your data will be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (i.e. the German ‘Bundesdatenschutzgesetz’) and all other relevant laws. The following information, is meant to give you an overview of the processing of your personal data by us and your rights under the data protection law. Which data is processed in detail and how it is used depends largely on the requested or agreed services. Therefore, not all parts of this information will apply to you.
Am Lichtbogen 9, 45141 Essen
+49 . 201 • 613000
Which sources and data do we use at all?
We process personal data that we receive as part of the use of our website, e.g. by customers, applicants or interested parties.
Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (i.e. the German ‘Bundesdatenschutzgesetz’).
a) for the fulfillment of contractual obligations (Article 6, paragraph 1b GDPR)
The processing of data may take place in the context of the execution of contracts with you as our customer or for the implementation of pre-contractual measures.
b) in the context of the balancing of interests (Article 6, paragraph 1f GDPR)
If necessary, we can process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:
- Review and optimization of requirements analysis procedures for direct customer approach,
- Advertising or market- and opinion research as far as you have not objected to the use of your data,
- Asserting legal claims and defense in legal disputes,
- Ensuring the IT security and IT operations of the company,
- Measures for business control and further development of services and products,
c) on the basis of your consent (Article 6, paragraph 1a GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (for example, for marketing purposes, newsletter delivery), the legality of this processing is based on your consent.
d) due to legal requirements (Article 6, paragraph 1c GDPR) or due to public interest (Article 6, paragraph 1e GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements (for example tax laws). The purposes of the processing include the fulfillment of tax control- and reporting obligations as well as other matters.
e) in the context of the establishment of an employment relationship Article 88 GDPR in combination with §26, paragraph 1 of the German Federal Data Protection Act.
If you apply for a job at GFOS, we may also process your personal data.
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the computer system sending the request. The following data is collected here:
- information about the browser type and version used
- the operating system of the user
- the internet service provider of the user
- the IP address of the user
- date and time of access
- websites from which the user's system if referred to our website
- websites that are accessed from the user's system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data under log files is Article 6, paragraph 1f GDPR.
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes constitute our legitimate interest in data processing Article 6, paragraph 1f (GDPR).
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
The following data are stored and transmitted in the cookies: (for example)
- Login information
- Visitor information (e.g. cookie indications or contact information)
- In the context of the use of technically necessary cookies, we process your personal data in accordance with Article 6, paragraph 1f GDPR.
- Customer Login
- Visitor information
The user data collected through technically necessary cookies will not be used to create user profiles.
In order to obtain your valid consent to use and store cookies in the browser you use to access our website and to properly document this, we use a consent management platform: CookieFirst. This technology is provided by Digital Data Solutions BV, Plantage Middenlaan 42a, 1018 DH, Amsterdam, The Netherlands. Website: https://cookiefirst.com referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst's server to allow us to obtain valid consent from you to use certain cookies. CookieFirst then stores a cookie in your browser to enable only those cookies to which you have consented and to properly document this. The processed data will be stored until the specified storage period expires or you request the deletion of the data. Deviating from this, certain legal retention periods may apply.
Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
- Your consent status or revocation of consent.
- Your anonymized IP address
- Information about your browser
- Information about your device
- the date and time of your visit to our website
- The URL of the website where you saved or updated your consent form
- The approximate location of the user who saved their consent preferences
- A universally unique identifier (UUID) of the website visitor who clicked on the banner cookie
Use of web fonts
On these web pages external fonts (Google fonts) are used. Google Fonts is a service of Google Inc. ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. The information of which of our websites you have visited will be transmitted to the server. Also, the IP address of the browser on the user’s device used to visit this website is stored by Google.
On our website, you can subscribe to a free Newsletter. During the registration for the newsletter, the data from the input mask are transmitted to us.
We ask for the following data for this purpose:
- Salutation, last name, first name
- E-mail address
- Optional: company, department, function
In addition, the following data will be collected upon registration:
- IP address of the requesting computer
- Date and time of registration
In connection with the processing of data for the sending of newsletters, the data is not passed on to third parties - with the exception of the newsletter service provider mailingwork GmbH Chemnitz / Hubspot. The portal provided by Mailingwork / Hubspot is used by GFOS for sending newsletter mailings. The collected data will be sent to Mailingwork / Hubspot immediately before the newsletter is sent and will be deleted after dispatch within 24 hours. The data will be used exclusively for sending the newsletter.
Insofar as you have registered for the newsletter and thus have given your consent regarding the processing of your data, Article 6, paragraph 1a GDPR serves as legal basis for this.
The collection of your e-mail address is necessary to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your e-mail address will therefore be saved as long as the subscription to the newsletter is active. Other personal data collected during the registration process will normally be deleted after a period of 7 days.
Subscription to the newsletter may be terminated by you at any time. For this purpose, there is a corresponding link in each newsletter.
This also allows the revocation of the consent of the storage of the personal data collected during the registration process.
Contact form & e-mail contact
On our website you will find a contact form, which can be used for electronic contact. If you choose to contact us via this form, the data entered in the input mask will be transmitted to us and saved. These data are:
- Name & e-mail address
- Optional: company, telephone
At the time of registration, the following data is also stored:
- The IP address of the user
- Date and time of registration
Alternatively, contact via the provided e-mail address is possible. In this case, the personal data transmitted with your e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
Legal basis for the processing of the data in the case of your consent is Article 6, paragraph 1a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is formed by Article 6, paragraph 1f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is formed by Article 6, paragraph 1b GDPR.
The processing of the personal data on the input mask serves only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted if they are no longer necessary for the purpose of their collection. For the personal data processed in the input form of the contact form and for those sent by e-mail, this is the case when the respective conversation with you as a user has ended. This is the case when it can be inferred from the circumstances that the facts are finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of 7 days.
You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In this case, the conversation cannot continue.
All personal data stored in the course of contacting will be deleted in this case.
Would you like to apply for a job at GFOS? We are looking forward to receiving your application via e-mail.
As part of the application management, we process the personal data you provide us for the purpose of initiating an employment relationship based on Article 88 GDPR in combination with §26, paragraph 1 of the German Federal Data Protection Act. Alternatively, collective agreements according to Article 88 GDPR in combination with §26, paragraph 4 of the German Federal Data Protection Act and consent (for example, when taking photos) according to Article 88 GDPR in combination with §26, paragraph 2 of the German Federal Data Protection Act can be adduced.
In some cases, we process your data to obtain legitimate interests, e.g. in the case of intra-corporate data exchange for administrative purposes (Article 6, paragraph 1f of the GDPR in combination with recital 48).
Insofar as special categories of personal data (for example, severe disability) are processed, this is done on the basis of Article 88 GDPR in combination with §26, paragraph 3 of the German Federal Data Protection Act. In addition, the processing of health data for the assessment of your ability to work according to Article 9, paragraph 2h in combination with §22, paragraph 1b of the German Federal Data Protection Act can be required.
We process and store your personal data as long as it is necessary for the fulfillment of the purposes of data processing or of juridical, contractual or legal obligations. Thereafter, the data is deleted or its processing restricted. In the event that there is no employment relationship after the application process has been completed, we will delete your data no later than 6 months after the application process has been completed. If we want to save your application for more than 6 months in a so-called "applicant pool", we would for your consent at the end of the 6 months.
Of course, you are also free to withdraw your application at any time. In this case your data would also be deleted if they are no longer necessary for the purpose of their collection. Submitting an e-mail to us with appropriate content is sufficient. The revocation of any given consent is also possible at any time.
Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the United States.
The use of Google Tag Manager is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
This website uses the functions of Google Analytics Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Remarketing analyzes your user behavior on our website (e.g. clicking on certain products) in order to classify you in certain advertising target groups and subsequently play suitable advertising messages to you when you visit other online offers (remarketing or retargeting).
Furthermore, the advertising target groups created with Google Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalized advertising messages that have been adapted to you depending on your previous usage and surfing behavior on one end device (e.g. cell phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have a Google account, you can object to personalized advertising at the following link: https://myadcenter.google.com/. The use of Google Remarketing is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in marketing its products as effectively as possible. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Target group formation with customer matching
For target group formation, we use, among other things, the customer matching of Google Remarketing. In this process, we transfer certain customer data (e.g. e-mail addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown suitable advertising messages within the Google network (e.g. on YouTube, Gmail or in the search engine).
This website uses functions of the web analytics service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics enables the website operator to analyze the behavior of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data may be summarized by Google in a profile that is assigned to the respective user or their end device.
Google Analytics uses technologies that enable the recognition of the user for the purpose of analyzing user behavior (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is usually transferred to a Google server in the USA and stored there.
The use of this analysis tool is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 para. 1 lit. a DSGVO; the consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.
We have activated the IP anonymization function on this website. This means that your IP address will be truncated by Google within member states of the European Union or in other states party to the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout.
We have concluded an order processing agreement with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.
Demographic characteristics with Google Analytics
This website uses the "demographic characteristics" function of Google Analytics to display suitable advertisements to website visitors within the Google advertising network. This allows reports to be generated that include statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google as well as from visitor data from third-party providers. This data cannot be assigned to a specific person. You can deactivate this function at any time via the ad settings in your Google account or generally prohibit the collection of your data by Google Analytics as shown in the item "Objection to data collection".
Data stored by Google at user and event level that is linked to cookies, user identifiers (e.g. User ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) is anonymized or deleted after 50 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196
The website operator uses Google Ads. Google Ads is an online advertising program of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
Google Ads enables us to play advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analyzing, for example, which search terms have led to the display of our advertisements and how many ads have resulted in corresponding clicks.
The use of Google Ads is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in marketing its service products as effectively as possible.
The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://policies.google.com/privacy/frameworks and https://privacy.google.com/businesses/controllerterms/mccs/.
Google Conversion Tracking
This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
The use of Google conversion tracking is based on Art. 6 (1) lit. f DSGVO. The website operator has a legitimate interest in analyzing user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested (e.g. consent to store cookies), the processing is based exclusively on Art. 6 (1) lit. a DSGVO; the consent can be revoked at any time.
Facebook-, Custom Audiences and Facebook marketing services
Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, is used.
Facebook was certified under the Privacy Shield Agreement and thus offered a guarantee of compliance with European data protection law. Now that the ECJ has invalidated the Privacy Shield Framework, it can no longer be relied upon as a guarantee of compliance.
With the help of the Facebook pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we have been sent only to those Facebook users who have also shown an interest in our online offer or certain features (e.g. interests in certain topics or products that were visited by them), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook pixel is integrated directly through Facebook when viewing our website and can save a so-called cookie on your device. If you subsequently log on to Facebook or visit Facebook in the logged-in state, the visit to our online offer will be noted in your profile. The data collected about you are anonymous to us. This means that we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should send data to Facebook for comparison purposes, they will be encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely with the purpose of establishing a comparison with the equally encrypted by Facebook data.
The processing of the data by Facebook is part of Facebook's data usage policy. Special information and details about the Facebook pixel and how it works can be found in the help section of Facebook.
You may object to the capture by the Facebook Pixel and use of your data to display Facebook Ads. To set which types of ads you see within Facebook, you can go to the page settings by Facebook and follow the instructions for user-based advertising settings. The settings are platform independent (desktop or mobile).
LinkedIn Conversion Tracking
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6, paragraph 1f GDPR) we use the analysis and conversion tracking technology of the LinkedIn platform (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). LinkedIn's technology can help you see more relevant, interest-based advertising. We also receive aggregated and anonymous ad activity reports from LinkedIn and information about how you interact with our online offers.
This website uses the YouTube service to embed videos on the website. The operator of the necessary software for the necessary plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with an embedded YouTube video, the YouTube plugin establishes a connection with YouTube’s servers. It tells YouTube which pages you visit.
On this website, we use HubSpot CRM (henceforth "HubSpot") for our online marketing activities. This is an integrated software solution that covers various aspects of our online marketing. These include:
E-mail marketing (newsletters and automated mailings, e.g. for the provision of downloads), social media publishing & reporting, reporting (e.g. traffic sources, access, etc.), contact management (e.g. user segmentation & CRM), content management (website and Blog, landing pages).
HubSpot is a US-based software company (HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) with diverse offices in Europe. The contractual partner for GFOS is HubSpot Germany GmbH. HubSpot, Inc. participated in the EU-US Privacy Shield Agreement and Swiss-U.S. Privacy Shield and was certified for compliance. Now that the ECJ has invalidated the Privacy Shield Framework, it can no longer be relied upon as a guarantee of compliance. The standard contractual clauses in the valid version have been concluded.
As we are a customer of the HubSpot European Economic Area ("EEA"), HubSpot Ireland Limited is responsible for the processing of your personal information. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
In accordance with Article 28 GDPR, we have concluded an order processing contract with HubSpot Inc. and fully implement the resulting requirements. The Hubspot Privacy Officer can be contacted via privacy@HubSpot.com.
Customer Relations Management and Customer Support
We collect the information from you through pre-contractual and contractual contacts in HubSpot for the following reasons:
- to keep a company register
- to organize internal tasks
- to organize the general customer service (inquiries, callbacks etc.),
- to optimize and control internal processes (for example, reporting etc.)
- to organize, control and optimize our inbound marketing.
We collect this information because it is necessary to fulfill a contract with you or to carry out pre-contractual actions that are performed on your request, within the meaning of Article 6, paragraph 1b GDPR, or because the processing is necessary to fulfill a legal obligation based on Article 6, paragraph 1c of the GDPR; GFOS is subject to this obligation.
In addition, we collect and use this data based on our legitimate interest within the meaning of Article 6, paragraph 1f GDPR in order to contact our customers, if desired, in order to determine which services of our company are of interest to our customers and for individualized promotional targeting, as far as this is legally permissible.
Contact form / E-mail
You can contact us online via e-mail or via a contact form. Form checkboxes that definitely need to be filled in by you in order for us to contact you are marked with an asterisk
(*) as a mandatory checkbox.
When you submit the form to us, HubSpot will process the information you provide and your IP address, date and time, and then provide it to us via our HubSpot system. This processing of your personal data is necessary so that we can process and answer your request via the contact form, Article 6, paragraph 1b GDPR.
If you contact us directly via e-mail, phone or for example at exhibitions, we will also store, process, and maintain the information you provide to us in our HubSpot system, provided that you have given us your consent. This processing of your personal data is necessary so that we can process and answer your request, Article 6, paragraph 1b GDPR.
In addition, we store and process the data collected by the contact form and by e-mail, by phone or for example at trade fairs in HubSpot in order to understand why you have contacted us based on our legitimate interest within the meaning of Article 6, paragraph 1f GDPR. This serves to determine the products or services of our company that you are interested in. In addition, we use this data for the individualized information of our contacts about the services offered by us, as far as this is legally permissible.
We will delete the data collected in this way, as long as they are no longer required and any statutory retention requirements have expired. We check annually if there are any data to be deleted. In the context of the legal storage obligations (according to HGB, i.e. the German Commercial Code, 6 years, according to AO, i.e. the German revenue code, 10 years) the deletion takes place after the end of the year, in which this expires. Furthermore, you can inform us at any time if you wish the deletion of your personal data. We will fulfill your request immediately.
Contact form for e-mail marketing / blog updates
You will find various contact forms that you can use to request free information material (e.g. whitepapers etc.), trade fair tickets and / or a newsletter (for example blog updates etc.) on various areas of our services. In order to receive this information material from us, a form must be completed and sent to us. Form checkboxes that definitely need to be filled in by you in order for us to send you the information requested are marked with an asterisk (*) as a mandatory checkbox.
The information collected through the contact information forms, at events and via subscriptions to newsletters is provided to us in HubSpot as well as stored and processed there. In addition to the data you enter, your IP address and the time you filled in and sent out the form will be saved. In addition to the form data, HubSpot evaluates the data collected about you through cookies by submitting the form data. With the help of HubSpot, we can provide you with individualized and custom-made information about our services. This not only has the advantage for us that we only purposefully provide you with information that we assume will really interest you, but we also monitor whether you have any interest in the information provided by us or whether we only bother you with unnecessary e-mails. If we discover this, we will decide not to provide you with any further information. After all, we too have no interest in sending you e-mails that you do not read or delete immediately, or in the worst case, have you create negative connotations with us, i.e. GFOS. You have provided us with your consent for this type of data processing, according to Article 6, paragraph 1a GDPR. You can of course revoke this consent at any time. Furthermore, you can inform us at any time if you wish the deletion of your personal data. We will fulfill your request immediately.
If you request informational material, we will also obtain your consent to e-mail you with customized information about our services.
If you subscribe to our newsletter, we will also obtain your consent to e-mail you with personalized information about our services.
If you decide to register for an event, we will also obtain your consent to e-mail you with personalized information about our services.
In addition, we provide you with informational material about our services via e-mail before and after the event.
- Evaluation of clicks
- Reading habits
- Behavior on particular sites
- Rating of landing pages
- Use of links
In general, if you do not want to be registered by HubSpot, you can prevent the storage of cookies by your browser settings at any time or use the following opt-out link: Hubspot Opt-Out..
We partner with Microsoft Clarity and Microsoft Advertising to capture how you use and interact with our website through behavioral metrics, heatmaps, and session replay to improve and market our products/services. Website usage data is captured using first and third-party cookies and other tracking technologies to determine the popularity of products/services and online activity. Additionally, we use this information for site optimization, fraud/security purposes, and advertising. For more information about how Microsoft collects and uses your data, visit the Microsoft Privacy Statement.
Rights of the data subject
Each data subject has the right to information according to Article 15 GDPR, the right to a correction according to Article 16 GDPR, the right to cancellation according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to object according to Article 21 GDPR and the right to data portability according to Article 20 GDPR. With regard to the right to information and the right to deletion, the restrictions under §§ 34 and 35 of the German Federal Data Protection Act apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR, in combination with § 19 of the German Federal Data Protection Act).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the validity of the GDPR, i.e. before May 25, 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
Do I have to provide my personal data?
As part of our business relationship, you must provide those personal data necessary to enter into a business relationship and to perform its contractual obligations, or those that are required to collect by us per law. Without this data, we will usually have to refuse the conclusion of a contract or the execution of a might have to end an existing contract as we are no longer able to fulfill it.
Is there an automated decision-making?
No. Currently, we do not use fully automated decision-making according to Article 22 GDPR in order to establish and conduct business relations. A "profiling" act does not take place.
Information about your right of objection according to Article 21 GDPR
Case-specific right of objection
You have the right to object to the processing of your personal data at any time and for reasons related to your particular situation, according to Article 6, paragraph 1e GDPR (data processing in the public interest) and Article 6, paragraph 1f GDPR (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4, No. 4 GDPR.
If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, pursuing or defending legal claims.
Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to operate direct mailings. You have the right to object at any time to the processing of your personal data with regard to such advertising; this also applies to profiling insofar as it is associated with such direct mailings. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
Recipient of the objection
The objection can be form-free with the subject "objection" stating your name, your address and should be addressed to:
Am Lichtbogen 9
+49 . 201 • 61 30 00
Links to other websites
Our website may contain links to third-party websites. The contents of the linked websites are checked before linking and then at irregular intervals for illegal content. If necessary, the links are removed. GFOS therefore is not responsible for the privacy practices or the content of websites outside the GFOS group of companies.
The gfos.App is available to gfos.Mobile users using the release gfos 4.8. The respective licensee is responsible for the workforce management software gfos.Workforce. If the licensee uses the gfos.KnownCloud to provide gfos.Workforce, GFOS is the order processor for the respective licensee. In such a case, GFOS processes the data exclusively on behalf of the respective data controller and not for its own purposes. The data processing is thus carried out in the interest of the responsible party (Art. 6 para. 1 lit. f EU-GDPR). The communication between the gfos.KnownCloud and your smartphone is encrypted.
When installing the gfos.App on your smartphone, your mail address and password or the general login "client, plant, personnel number and password" is required, depending on the configuration. The data in the gfos.App may vary depending on the functionality of gfos.Workforce, but it corresponds to the data in gfos.Workforce. Thus, transaction data such as: absences, requests, balances and time data (time arrives/leaves) can be processed in gfos.App. Depending on the release, project time recording data and various extensions for the calendar function can also be processed. The gfos.App additionally creates a database on your smartphone for offline capability.
The subjects of push notifications are sent from the licensee's gfos.Workforce system to your smartphone via our GFOS servers. GFOS uses Firebase Cloud Messaging and Apple Push Notifications (APN) for this purpose. The subject does not contain any personal data by default, but is editable by the licensee. The message text of the push notification ("Your application has been approved ..." etc.) is downloaded directly from the licensee's gfos.Workforce system to your smartphone.
The licensee can activate the geo-coordinates for location determination during time booking, but this must be explicitly activated by the licensee during the configuration of gfos.Mobile and is subject to the regulations of your respective company agreement. The geo-coordinates are only processed during a time booking. The use of the geo-coordinates as well as the settings "Send crash report" and "Send performance metrics", you can confirm or reject during the installation of the gfos.App. The settings for the crash reports and performance metrics can also be edited later in the gfos.App settings under the menu item Privacy. We use Google's Firebase services for this purpose. Location tracking can be disabled and also re-enabled in the smartphone settings at any time.
Die in der Datenbank auf Ihrem Smartphone gespeicherten Daten können aktiv durch das Deinstallieren der gfos.App gelöscht werden. Die übrigen Löschfristen richten sich nach dem Löschkonzept des Lizenznehmers für das Workforce Management System, gfos.Workforce.
The data stored in the database on your smartphone can be actively deleted by uninstalling the gfos.App. The other deletion periods are based on the licensee's deletion concept for the workforce management system, gfos.Workforce.
In order to improve the stability and reliability of our apps, we rely on anonymized crash reports. For this purpose, we use "Firebase Crashlytics", a service of Google Ireland Ltd, Google Building Gordon House, Barrow Street, Dublin 4, Ireland.
In case of a crash, anonymous information is transferred to Google's servers in the USA (state of the app at the time of the crash, installation UUID, crash trace, manufacturer and operating system of the cell phone, last log messages). This information does not contain any personal data.
Crash reports are only sent with your explicit consent.
The legal basis for the data transfer is Art. 6 para. 1 lit. a EU-GDPR.
You can revoke your consent at any time by editing in the settings under the menu item Privacy.
Firebase Cloud Messaging & Apple Push Notifications
We use the services Firebase Cloud Messaging from Google (Android) and Apple Push Notifications (iOS) for push notifications. In the process, Firebase and Apple generate a calculated key, which is composed of the identifier of the app and its device identifier. This pseudonymized push reference is stored on our push platform by with your chosen settings. The Firebase or Apple servers cannot draw any conclusions about the requests of users or determine any other data related to a person. Firebase or Apple serve solely as intermediaries, but there may still be a third party transmission. The push messages can be deactivated in the settings of the end device at any time, but can also be reactivated.