Privacy Policy of the GFOS Corporate Group

Responsible Authority

Responsible

GFOS mbH
Am Lichtbogen 9, 45141 Essen
+49 . 201 • 613000
info[at]gfos.com

You can reach our external data protection officer at the above-mentioned address by adding the words "Privacy Policy" or via email at: datenschutz[at]gfos.com

Which sources and data do we use at all?

We process personal data that we receive as part of the use of our website, e.g. by customers, applicants or interested parties.

Why do we process your data (purpose of processing) and on what legal basis?

We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (i.e. the German ‘Bundesdatenschutzgesetz’).

a) for the fulfillment of contractual obligations (Article 6, paragraph 1b GDPR)

The processing of data may take place in the context of the execution of contracts with you as our customer or for the implementation of pre-contractual measures.

b) in the context of the balancing of interests (Article 6, paragraph 1f GDPR)

If necessary, we can process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:

• Review and optimization of requirements analysis procedures for direct customer approach,
• Advertising or market- and opinion research as far as you have not objected to the use of your data,
• Asserting legal claims and defense in legal disputes,
• Ensuring the IT security and IT operations of the company,
• Measures for business control and further development of services and products,

c) on the basis of your consent (Article 6, paragraph 1a GDPR)

Insofar as you have given us consent to the processing of personal data for specific purposes (for example, for marketing purposes, newsletter delivery), the legality of this processing is based on your consent.

d) due to legal requirements (Article 6, paragraph 1c GDPR) or due to public interest (Article 6, paragraph 1e GDPR)

In addition, we are subject to various legal obligations, i.e. legal requirements (for example tax laws). The purposes of the processing include the fulfillment of tax control- and reporting obligations as well as other matters.

e) in the context of the establishment of an employment relationship Article 88 GDPR in combination with §26, paragraph 1 of the German Federal Data Protection Act.

If you apply for a job at GFOS, we may also process your personal data.
 

Provision of the website and creation of log files

Each time our website is accessed, our system automatically collects data and information from the computer system sending the request. The following data is collected here:

• information about the browser type and version used
• the operating system of the user
• the internet service provider of the user
• the IP address of the user
• date and time of access
• websites from which the user's system if referred to our website
• websites that are accessed from the user's system through our website

The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.

The legal basis for the temporary storage of data under log files is Article 6, paragraph 1f GDPR.

The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes constitute our legitimate interest in data processing Article 6, paragraph 1f (GDPR).

The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.

In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.

The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
 

Cookies

When visiting our website, we occasionally use cookies. Among other things, they serve to make our offer user-friendly, effective and secure.

The following data are stored and transmitted in the cookies: (for example)

• Login information
• Visitor information (e.g. cookie indications or contact information)
• In the context of the use of technically necessary cookies, we process your personal data in accordance with Article 6, paragraph 1f GDPR.

The use of technically necessary cookies is for the purpose of making the use of our website easier for you. Some features of our website cannot be offered without the use of cookies. For this, it is necessary that the browser is recognized even after a page break. We need your cookies for the following applications: (for example)

• Customer Login
• Visitor information

The user data collected through technically necessary cookies will not be used to create user profiles.

Cookies are stored on your computer and transmitted by it to our site. Therefore, as a user you have full control over the use of cookies. By changing the settings in your internet browser, you can disable or restrict the transmission of cookies. Already saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it may not be possible to use all of the functions of the website to the whole extent.

When you visit our website, you will be informed by an info banner about the use of cookies for analysis purposes and referred to this privacy policy. In this context, there is also an indication of how the storage of cookies in the browser settings can be prevented.
 

Use of web fonts

On these web pages external fonts (Google fonts) are used. Google Fonts is a service of Google Inc. ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. The information of which of our websites you have visited will be transmitted to the server. Also, the IP address of the browser on the user’s device used to visit this website is stored by Google.

For more information, see the Google Privacy Policy, which you can access here:

www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

Newsletter

On our website, you can subscribe to a free Newsletter. During the registration for the newsletter, the data from the input mask are transmitted to us.

We ask for the following data for this purpose:

• Salutation, last name, first name
• E-mail address
• Optional: company, department, function

In addition, the following data will be collected upon registration:

• IP address of the requesting computer
• Date and time of registration

In connection with the processing of data for the sending of newsletters, the data is not passed on to third parties - with the exception of the newsletter service provider mailingwork GmbH Chemnitz / Hubspot. The portal provided by Mailingwork / Hubspot is used by GFOS for sending newsletter mailings. The collected data will be sent to Mailingwork / Hubspot immediately before the newsletter is sent and will be deleted after dispatch within 24 hours. The data will be used exclusively for sending the newsletter.

Insofar as you have registered for the newsletter and thus have given your consent regarding the processing of your data, Article 6, paragraph 1a GDPR serves as legal basis for this.

The collection of your e-mail address is necessary to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.

The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your e-mail address will therefore be saved as long as the subscription to the newsletter is active. Other personal data collected during the registration process will normally be deleted after a period of 7 days.

Subscription to the newsletter may be terminated by you at any time. For this purpose, there is a corresponding link in each newsletter.

This also allows the revocation of the consent of the storage of the personal data collected during the registration process.

Contact form & e-mail contact

We use the HubSpot service to provide the following online forms. For this we forward your data to HubSpot, which process the data exclusively on our behalf. See privacy policy for "HubSpot".

On our website you will find a contact form, which can be used for electronic contact. If you choose to contact us via this form, the data entered in the input mask will be transmitted to us and saved. These data are:

• Name & e-mail address
• Optional: company, telephone

At the time of registration, the following data is also stored:

• The IP address of the user
• Date and time of registration

For the processing of your data, your consent is obtained during the process of sending in the form and reference is made to this privacy policy.

Alternatively, contact via the provided e-mail address is possible. In this case, the personal data transmitted with your e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.

Legal basis for the processing of the data in the case of your consent is Article 6, paragraph 1a GDPR.

The legal basis for the processing of the data transmitted in the course of sending an e-mail is formed by Article 6, paragraph 1f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is formed by Article 6, paragraph 1b GDPR.

The processing of the personal data on the input mask serves only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.

The data will be deleted if they are no longer necessary for the purpose of their collection. For the personal data processed in the input form of the contact form and for those sent by e-mail, this is the case when the respective conversation with you as a user has ended. This is the case when it can be inferred from the circumstances that the facts are finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of 7 days.

You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In this case, the conversation cannot continue.

All personal data stored in the course of contacting will be deleted in this case.
 

Application Management

Would you like to apply for a job at GFOS? We are looking forward to receiving your application via e-mail.

As part of the application management, we process the personal data you provide us for the purpose of initiating an employment relationship based on Article 88 GDPR in combination with §26, paragraph 1 of the German Federal Data Protection Act. Alternatively, collective agreements according to Article 88 GDPR in combination with §26, paragraph 4 of the German Federal Data Protection Act and consent (for example, when taking photos) according to Article 88 GDPR in combination with §26, paragraph 2 of the German Federal Data Protection Act can be adduced. 

In some cases, we process your data to obtain legitimate interests, e.g. in the case of intra-corporate data exchange for administrative purposes (Article 6, paragraph 1f of the GDPR in combination with recital 48).

Insofar as special categories of personal data (for example, severe disability) are processed, this is done on the basis of Article 88 GDPR in combination with §26, paragraph 3 of the German Federal Data Protection Act. In addition, the processing of health data for the assessment of your ability to work according to Article 9, paragraph 2h in combination with §22, paragraph 1b of the German Federal Data Protection Act can be required.

We process and store your personal data as long as it is necessary for the fulfillment of the purposes of data processing or of juridical, contractual or legal obligations. Thereafter, the data is deleted or its processing restricted. In the event that there is no employment relationship after the application process has been completed, we will delete your data no later than 6 months after the application process has been completed. If we want to save your application for more than 6 months in a so-called "applicant pool", we would for your consent at the end of the 6 months.

Of course, you are also free to withdraw your application at any time. In this case your data would also be deleted if they are no longer necessary for the purpose of their collection. Submitting an e-mail to us with appropriate content is sufficient. The revocation of any given consent is also possible at any time.

Google Tag Manager

Google Tag Manager is used on this website. The tool does not collect personal data, but is only there to trigger different tags. These may collect data, but Google Tag Manager does not access this data. If deactivation is carried out at the domain or cookie level, it remains in place for all tracking tags that have been implemented using the Google Tag Manager.

You can find Google's data protection information on this tool here: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/ 

Google Remarketing

On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6, paragraph 1f GDPR), we use the marketing and remarketing services ("Google Marketing Services") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").

Google was certified under the Privacy Shield Agreement and thus offered a guarantee of compliance with European data protection law. Now that the ECJ has invalidated the Privacy Shield Framework, it can no longer be relied upon as a guarantee of compliance. The standard contractual clauses in the valid version have been concluded.

The Google Marketing Services allow us to better target advertisements for and on our website so that we only present ads to users that potentially match their interests. If a user is shown e.g. ads for products that he or she has looked at on websites, this is called remarketing. For these purposes, upon access to our and to other websites that use Google Marketing Services, Google will immediately execute Google code and so-called (re-) marketing tags will be incorporated into the website. With their help, an individual cookie is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file documents which websites the user visited, which content he or she is interested in and what offers he or she has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer. The IP address of the users is also stored, whereby in the context of Google Analytics we announce that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases it is transferred to Google servers in the United States and shortened there. The IP address will not be merged with data of the user within other offers of Google. The above information may also be linked by Google with such information from other sources. If the user subsequently visits other websites, they may be shown the ads tailored to them according to their interests.

The data of the users are processed pseudonymized in the context of the Google marketing services. That means that Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant cookie-related data within pseudonymous user profiles. This means that from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google's servers in Ireland.

We can embed third-party ads based on Google's DoubleClick marketing service. DoubleClick uses cookies that enable Google and its affiliate websites to serve ads based on users' visits to this site or other websites on the Internet.

We can incorporate third-party ads based on the Google AdSense marketing service. AdSense uses cookies that enable Google and its affiliate websites to serve ads based on users' visits to this site or other websites on the Internet.

Also we can use the service "Google Optimizer". It allows us to understand how various changes to a website (such as changes to the input fields, the design, etc.) can take place in so-called "A / B testings". Cookies are stored on users' devices for these purposes. Only pseudonymous data of the users are processed.

In addition, we may use the "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.

For more information about Google's use of data for marketing purposes, see Google's summary page or privacy policy.

If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google's settings and opt-out opportunities.

Google Analytics

This website uses Google Analytics (Google Universal Analytics and Google Analytics 4) including Google Analytics advertising features. This is a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you.

Google Analytics is used exclusively with activated IP anonymization (so-called IP masking). This means that the IP address of the users of Google will be shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases, e.g. during technical breakdowns in Europe, the full IP address is transmitted to a Google server in the US and shortened there.

The IP anonymization method Google uses never writes the full IP address on a hard drive because all anonymization occurs almost immediately after the request is received in the memory.

The IP address submitted by the user's browser will not be merged with other data provided by Google.

On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage, including, but not limited to, display advertising and Google Analytics reports, in order to provide performance-based information on demographics and interests to the website operator.

Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. This will in no case be personal data.

The Google Analytics reports about performance is based on demographics and interests stemming from Google's interest-based advertising and third-party traffic data (such as age groups or interest groups).

You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use the complete functions of this website.

In addition, you may prevent the collection of cookie-related and website use-related data by Google (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link for your installation:

Download and install Google browser plugin

You can also prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Browser-Add-on zur Deaktivierung von Google Analytics

Deactivate Google Analytics plugin

For more information about Terms of Use and Privacy, please visit https://marketingplatform.google.com/about/analytics/terms/gb/ or https://www.google.de/intl/de/policies/ .

Facebook-, Custom Audiences and Facebook marketing services

Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, is used.

Facebook was certified under the Privacy Shield Agreement and thus offered a guarantee of compliance with European data protection law. Now that the ECJ has invalidated the Privacy Shield Framework, it can no longer be relied upon as a guarantee of compliance. 

With the help of the Facebook pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we have been sent only to those Facebook users who have also shown an interest in our online offer or certain features (e.g. interests in certain topics or products that were visited by them), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").

The Facebook pixel is integrated directly through Facebook when viewing our website and can save a so-called cookie on your device. If you subsequently log on to Facebook or visit Facebook in the logged-in state, the visit to our online offer will be noted in your profile. The data collected about you are anonymous to us. This means that we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should send data to Facebook for comparison purposes, they will be encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely with the purpose of establishing a comparison with the equally encrypted by Facebook data.

The processing of the data by Facebook is part of Facebook's data usage policy. Special information and details about the Facebook pixel and how it works can be found in the help section of Facebook.

You may object to the capture by the Facebook Pixel and use of your data to display Facebook Ads. To set which types of ads you see within Facebook, you can go to the page settings by Facebook and follow the instructions for user-based advertising settings. The settings are platform independent (desktop or mobile).

LinkedIn Conversion Tracking

Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6, paragraph 1f GDPR) we use the analysis and conversion tracking technology of the LinkedIn platform (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). LinkedIn's technology can help you see more relevant, interest-based advertising. We also receive aggregated and anonymous ad activity reports from LinkedIn and information about how you interact with our online offers.

See LinkedIn's privacy policy at https://www.linkedin.com/legal/privacy-policy for more information about data collection and use as well as ways to protect your privacy. If you are logged in to LinkedIn, you can disable it at any time by visiting the following link: https://www.linkedin.com/psettings/enhanced-advertising.

Rights of the data subject

Each data subject has the right to information according to Article 15 GDPR, the right to a correction according to Article 16 GDPR, the right to cancellation according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to object according to Article 21 GDPR and the right to data portability according to Article 20 GDPR. With regard to the right to information and the right to deletion, the restrictions under §§ 34 and 35 of the German Federal Data Protection Act apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR, in combination with § 19 of the German Federal Data Protection Act).

You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the validity of the GDPR, i.e. before May 25, 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
 

Do I have to provide my personal data?

As part of our business relationship, you must provide those personal data necessary to enter into a business relationship and to perform its contractual obligations, or those that are required to collect by us per law. Without this data, we will usually have to refuse the conclusion of a contract or the execution of a might have to end an existing contract as we are no longer able to fulfill it.

Is there an automated decision-making?

No. Currently, we do not use fully automated decision-making according to Article 22 GDPR in order to establish and conduct business relations. A "profiling" act does not take place.

Information about your right of objection according to Article 21 GDPR

Case-specific right of objection

You have the right to object to the processing of your personal data at any time and for reasons related to your particular situation, according to Article 6, paragraph 1e GDPR (data processing in the public interest) and Article 6, paragraph 1f GDPR (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4, No. 4 GDPR.

If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, pursuing or defending legal claims.

Right to object to the processing of data for direct marketing purposes

In individual cases, we process your personal data in order to operate direct mailings. You have the right to object at any time to the processing of your personal data with regard to such advertising; this also applies to profiling insofar as it is associated with such direct mailings. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.

Recipient of the objection

The objection can be form-free with the subject "objection" stating your name, your address and should be addressed to:

GFOS mbH
Am Lichtbogen 9
+49 . 201 • 61 30 00
info[at]gfos.com
 

Links to other websites

Our website may contain links to third-party websites. The contents of the linked websites are checked before linking and then at irregular intervals for illegal content. If necessary, the links are removed. GFOS therefore is not responsible for the privacy practices or the content of websites outside the GFOS group of companies.