We welcome you to our website and are happy about your interest in our company and our products. The protection of your personal data while processing or collecting it during your visit to our website is very important to us. Your data will be processed in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the German Federal Data Protection Act (i.e. the German ‘Bundesdatenschutzgesetz’) and all other relevant laws. The following information, is meant to give you an overview of the processing of your personal data by us and your rights under the data protection law. Which data is processed in detail and how it is used depends largely on the requested or agreed services. Therefore, not all parts of this information will apply to you.
Am Lichtbogen 9, 45141 Essen
+49 . 201 • 613000
Which sources and data do we use at all?
We process personal data that we receive as part of the use of our website, e.g. by customers, applicants or interested parties.
Why do we process your data (purpose of processing) and on what legal basis?
We process personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Federal Data Protection Act (i.e. the German ‘Bundesdatenschutzgesetz’).
a) for the fulfillment of contractual obligations (Article 6, paragraph 1b GDPR)
The processing of data may take place in the context of the execution of contracts with you as our customer or for the implementation of pre-contractual measures.
b) in the context of the balancing of interests (Article 6, paragraph 1f GDPR)
If necessary, we can process your data beyond the actual fulfillment of the contract for the protection of legitimate interests of us or third parties. Examples:
- Review and optimization of requirements analysis procedures for direct customer approach,
- Advertising or market- and opinion research as far as you have not objected to the use of your data,
- Asserting legal claims and defense in legal disputes,
- Ensuring the IT security and IT operations of the company,
- Measures for business control and further development of services and products,
c) on the basis of your consent (Article 6, paragraph 1a GDPR)
Insofar as you have given us consent to the processing of personal data for specific purposes (for example, for marketing purposes, newsletter delivery), the legality of this processing is based on your consent.
d) due to legal requirements (Article 6, paragraph 1c GDPR) or due to public interest (Article 6, paragraph 1e GDPR)
In addition, we are subject to various legal obligations, i.e. legal requirements (for example tax laws). The purposes of the processing include the fulfillment of tax control- and reporting obligations as well as other matters.
e) in the context of the establishment of an employment relationship Article 88 GDPR in combination with §26, paragraph 1 of the German Federal Data Protection Act.
If you apply for a job at GFOS, we may also process your personal data.
Provision of the website and creation of log files
Each time our website is accessed, our system automatically collects data and information from the computer system sending the request. The following data is collected here:
- information about the browser type and version used
- the operating system of the user
- the internet service provider of the user
- the IP address of the user
- date and time of access
- websites from which the user's system if referred to our website
- websites that are accessed from the user's system through our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
The legal basis for the temporary storage of data under log files is Article 6, paragraph 1f GDPR.
The temporary storage of the IP address by the system is necessary to allow delivery of the website to the computer of the user. To do this, the user's IP address must be kept for the duration of the session. Storage in log files is done to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes constitute our legitimate interest in data processing Article 6, paragraph 1f (GDPR).
The data will be deleted as soon as it is no longer necessary to achieve the purpose of its collection. In the case of collecting the data for providing the website, this is the case when the respective session is completed.
In the case of storing the data in log files, this is the case after no more than seven days. An additional storage is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
The collection of data for the provision of the website and the storage of the data in log files is essential for the operation of the website. There is consequently no contradiction on the part of the user.
The following data are stored and transmitted in the cookies: (for example)
- Login information
- Visitor information (e.g. cookie indications or contact information)
- In the context of the use of technically necessary cookies, we process your personal data in accordance with Article 6, paragraph 1f GDPR.
- Customer Login
- Visitor information
The user data collected through technically necessary cookies will not be used to create user profiles.
Use of web fonts
On these web pages external fonts (Google fonts) are used. Google Fonts is a service of Google Inc. ("Google"). The integration of these web fonts is done by a server call, usually a Google server in the USA. The information of which of our websites you have visited will be transmitted to the server. Also, the IP address of the browser on the user’s device used to visit this website is stored by Google.
On our website, you can subscribe to a free Newsletter. During the registration for the newsletter, the data from the input mask are transmitted to us.
We ask for the following data for this purpose:
- Salutation, last name, first name
- E-mail address
- Optional: company, department, function
In addition, the following data will be collected upon registration:
- IP address of the requesting computer
- Date and time of registration
In connection with the processing of data for the sending of newsletters, the data is not passed on to third parties - with the exception of the newsletter service provider mailingwork GmbH Chemnitz / Hubspot. The portal provided by Mailingwork / Hubspot is used by GFOS for sending newsletter mailings. The collected data will be sent to Mailingwork / Hubspot immediately before the newsletter is sent and will be deleted after dispatch within 24 hours. The data will be used exclusively for sending the newsletter.
Insofar as you have registered for the newsletter and thus have given your consent regarding the processing of your data, Article 6, paragraph 1a GDPR serves as legal basis for this.
The collection of your e-mail address is necessary to deliver the newsletter. The collection of other personal data as part of the registration process is intended to prevent misuse of the services or the e-mail address used.
The data will be deleted as soon as it is no longer necessary for the purpose of its collection. Your e-mail address will therefore be saved as long as the subscription to the newsletter is active. Other personal data collected during the registration process will normally be deleted after a period of 7 days.
Subscription to the newsletter may be terminated by you at any time. For this purpose, there is a corresponding link in each newsletter.
This also allows the revocation of the consent of the storage of the personal data collected during the registration process.
Contact form & e-mail contact
On our website you will find a contact form, which can be used for electronic contact. If you choose to contact us via this form, the data entered in the input mask will be transmitted to us and saved. These data are:
- Name & e-mail address
- Optional: company, telephone
At the time of registration, the following data is also stored:
- The IP address of the user
- Date and time of registration
Alternatively, contact via the provided e-mail address is possible. In this case, the personal data transmitted with your e-mail will be stored. There is no disclosure of data to third parties in this context. The data is used exclusively for processing the conversation.
Legal basis for the processing of the data in the case of your consent is Article 6, paragraph 1a GDPR.
The legal basis for the processing of the data transmitted in the course of sending an e-mail is formed by Article 6, paragraph 1f GDPR. If the e-mail contact aims to conclude a contract, then additional legal basis for the processing is formed by Article 6, paragraph 1b GDPR.
The processing of the personal data on the input mask serves only to process the contact. In the case of contact via e-mail, this also includes the required legitimate interest in the processing of the data. The other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
The data will be deleted if they are no longer necessary for the purpose of their collection. For the personal data processed in the input form of the contact form and for those sent by e-mail, this is the case when the respective conversation with you as a user has ended. This is the case when it can be inferred from the circumstances that the facts are finally clarified. The additional personal data collected during the sending process will be deleted at the latest after a period of 7 days.
You have the option to revoke your consent to the processing of personal data at any time. If you contact us by e-mail, you may object to the storage of your personal data at any time. In this case, the conversation cannot continue.
All personal data stored in the course of contacting will be deleted in this case.
Would you like to apply for a job at GFOS? We are looking forward to receiving your application via e-mail.
As part of the application management, we process the personal data you provide us for the purpose of initiating an employment relationship based on Article 88 GDPR in combination with §26, paragraph 1 of the German Federal Data Protection Act. Alternatively, collective agreements according to Article 88 GDPR in combination with §26, paragraph 4 of the German Federal Data Protection Act and consent (for example, when taking photos) according to Article 88 GDPR in combination with §26, paragraph 2 of the German Federal Data Protection Act can be adduced.
In some cases, we process your data to obtain legitimate interests, e.g. in the case of intra-corporate data exchange for administrative purposes (Article 6, paragraph 1f of the GDPR in combination with recital 48).
Insofar as special categories of personal data (for example, severe disability) are processed, this is done on the basis of Article 88 GDPR in combination with §26, paragraph 3 of the German Federal Data Protection Act. In addition, the processing of health data for the assessment of your ability to work according to Article 9, paragraph 2h in combination with §22, paragraph 1b of the German Federal Data Protection Act can be required.
We process and store your personal data as long as it is necessary for the fulfillment of the purpose of data processing or of juridical, contractual or legal obligations. Thereafter, the data is deleted or its processing is restricted. In the event that there is no employment relationship after the completion of the application process, we delete your data no later than 3 years after completing the application process. After the expiration of the regular 3-year limitation period under §195 BGB (German Code of Federal Regulations), this is the time when any claims under the General Equal Treatment Act (German AGG) are statute-barred. Should we wish to save your application for a period longer than 3 years in a so-called "applicant pool", we would ask you for your consent at the end of the three years.
Of course, you are also free to withdraw your application at any time. In this case your data would also be deleted if they are no longer necessary for the purpose of their collection. Submitting an e-mail to us with appropriate content is sufficient. The revocation of any given consent is also possible at any time.
On the basis of our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6, paragraph 1f GDPR), we use the marketing and remarketing services ("Google Marketing Services") of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google").
Google is certified under the Privacy Shield Agreement, providing a guarantee to comply with European privacy legislation.
The Google Marketing Services allow us to better target advertisements for and on our website so that we only present ads to users that potentially match their interests. If a user is shown e.g. ads for products that he or she has looked at on websites, this is called remarketing. For these purposes, upon access to our and to other websites that use Google Marketing Services, Google will immediately execute Google code and so-called (re-) marketing tags will be incorporated into the website. With their help, an individual cookie is stored on the user's device (instead of cookies, comparable technologies can also be used). The cookies can be set by different domains, including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file documents which websites the user visited, which content he or she is interested in and what offers he or she has clicked, as well as technical information about the browser and operating system, referring websites, visit time and other information on the use of the online offer. The IP address of the users is also stored, whereby in the context of Google Analytics we announce that the IP address is shortened within member states of the European Union or other parties to the Agreement on the European Economic Area and only in exceptional cases it is transferred to Google servers in the United States and shortened there. The IP address will not be merged with data of the user within other offers of Google. The above information may also be linked by Google with such information from other sources. If the user subsequently visits other websites, they may be shown the ads tailored to them according to their interests.
The data of the users are processed pseudonymized in the context of the Google marketing services. That means that Google stores and processes e.g. not the name or e-mail address of the users, but processes the relevant cookie-related data within pseudonymous user profiles. This means that from the perspective of Google, the ads are not managed and displayed to a specifically identified person, but to the cookie owner, regardless of who that cookie owner is. This does not apply if a user has explicitly allowed Google to process the data without this pseudonymization. The information collected about users through Google Marketing Services is transmitted to Google and stored on Google's servers in Ireland.
Also we can use the service "Google Optimizer". It allows us to understand how various changes to a website (such as changes to the input fields, the design, etc.) can take place in so-called "A / B testings". Cookies are stored on users' devices for these purposes. Only pseudonymous data of the users are processed.
In addition, we may use the "Google Tag Manager" to integrate and manage the Google Analytics and Marketing Services on our website.
If you wish to opt-out of interest-based advertising through Google Marketing Services, you can take advantage of Google's settings and opt-out opportunities.
This website uses Google Analytics including Google Analytics advertising features. This is a web analysis service of Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you.
Google Analytics is used exclusively with activated IP anonymization (so-called IP masking). This means that the IP address of the users of Google will be shortened within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases, e.g. during technical breakdowns in Europe, the full IP address is transmitted to a Google server in the US and shortened there.
The IP anonymization method Google uses never writes the full IP address on a hard drive because all anonymization occurs almost immediately after the request is received in the memory.
The IP address submitted by the user's browser will not be merged with other data provided by Google.
On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage, including, but not limited to, display advertising and Google Analytics reports, in order to provide performance-based information on demographics and interests to the website operator.
Google may also transfer this information to third parties if required by law or as far as third parties process this data on behalf of Google. This will in no case be personal data.
The Google Analytics reports about performance is based on demographics and interests stemming from Google's interest-based advertising and third-party traffic data (such as age groups or interest groups).
You can prevent the storage of cookies by a corresponding setting of your browser software; however, we point out that in this case you may not be able to use the complete functions of this website.
In addition, you may prevent the collection of cookie-related and website use-related data by Google (including your IP address) and the processing of this data by Google by downloading the browser plug-in available under the following link for your installation:
Download and install Google browser plugin
You can also prevent the collection of data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent the future collection of your data when you visit this website: Browser-Add-on zur Deaktivierung von Google Analytics
Deactivate Google Analytics plugin
This website uses the Google AdWords service. This service has the purpose of so-called "conversion tracking", i.e. we can see what happened after you click on one of our ads. For this purpose, cookies are set, which have a limited validity and contain no personal data. A personal identification of the user is therefore not possible.
The legal basis for the use of the service is Article 6, line f GDPR - legitimate interest. Our legitimate interest in using this service is to analyze and optimize the operation of our website.
Facebook-, Custom Audiences and Facebook marketing services
Due to our legitimate interests in the analysis, optimization and economic operation of our online offer and for these purposes, the so-called "Facebook pixel" of the social network Facebook, by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025 USA, or, if you are based in the EU, Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland, is used.
Facebook is certified under the Privacy Shield Agreement, providing a guarantee to comply to the European privacy legislation.
With the help of the Facebook pixel, it is on the one hand possible for Facebook to determine the visitors to our online offer as a target group for the presentation of advertisements (so-called "Facebook ads"). Accordingly, we use the Facebook pixel to display the Facebook ads we have been sent only to those Facebook users who have also shown an interest in our online offer or certain features (e.g. interests in certain topics or products that were visited by them), which we transmit to Facebook (so-called "Custom Audiences"). With the help of the Facebook pixel, we also want to make sure that our Facebook ads are in line with the potential interest of users and are not annoying. With the help of the Facebook pixel, we can also understand the effectiveness of the Facebook ads for statistical and market research purposes, in which we see whether users were redirected to our website after clicking on a Facebook ad (so-called "conversion").
The Facebook pixel is integrated directly through Facebook when viewing our website and can save a so-called cookie on your device. If you subsequently log on to Facebook or visit Facebook in the logged-in state, the visit to our online offer will be noted in your profile. The data collected about you are anonymous to us. This means that we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook, so that a connection to the respective user profile is possible and can be used by Facebook as well as for its own market research and advertising purposes. If we should send data to Facebook for comparison purposes, they will be encrypted locally in the browser and then sent to Facebook via a secure https connection. This is done solely with the purpose of establishing a comparison with the equally encrypted by Facebook data.
The processing of the data by Facebook is part of Facebook's data usage policy. Special information and details about the Facebook pixel and how it works can be found in the help section of Facebook.
You may object to the capture by the Facebook Pixel and use of your data to display Facebook Ads. To set which types of ads you see within Facebook, you can go to the page settings by Facebook and follow the instructions for user-based advertising settings. The settings are platform independent (desktop or mobile).
LinkedIn Conversion Tracking
Based on our legitimate interests (i.e. interest in the analysis, optimization and economic operation of our online offer within the meaning of Article 6, paragraph 1f GDPR) we use the analysis and conversion tracking technology of the LinkedIn platform (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA). LinkedIn's technology can help you see more relevant, interest-based advertising. We also receive aggregated and anonymous ad activity reports from LinkedIn and information about how you interact with our online offers.
This website uses the YouTube service to embed videos on the website. The operator of the necessary software for the necessary plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with an embedded YouTube video, the YouTube plugin establishes a connection with YouTube’s servers. It tells YouTube which pages you visit.
On this website, we use HubSpot CRM (henceforth "HubSpot") for our online marketing activities. This is an integrated software solution that covers various aspects of our online marketing. These include:
E-mail marketing (newsletters and automated mailings, e.g. for the provision of downloads), social media publishing & reporting, reporting (e.g. traffic sources, access, etc.), contact management (e.g. user segmentation & CRM), content management (website and Blog, landing pages).
HubSpot is a US-based software company (HubSpot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141 USA) with diverse offices in Europe. The contractual partner for GFOS is HubSpot Germany GmbH. HubSpot, Inc. participates in the EU-US Privacy Shield Agreement and Swiss-U.S. Privacy Shield and is certified for compliance. For more information on the Privacy Shield Agreement, see "Privacy Shield List" on website of the U.S. Department of Commerce (https://www.privacyshield.gov).
As we are a customer of the HubSpot European Economic Area ("EEA"), HubSpot Ireland Limited is responsible for the processing of your personal information. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
In accordance with Article 28 GDPR, we have concluded an order processing contract with HubSpot Inc. and fully implement the resulting requirements. The Hubspot Privacy Officer can be contacted via privacy@HubSpot.com.
Customer Relations Management and Customer Support
We collect the information from you through pre-contractual and contractual contacts in HubSpot for the following reasons:
- to keep a company register
- to organize internal tasks
- to organize the general customer service (inquiries, callbacks etc.),
- to optimize and control internal processes (for example, reporting etc.)
- to organize, control and optimize our inbound marketing.
We collect this information because it is necessary to fulfill a contract with you or to carry out pre-contractual actions that are performed on your request, within the meaning of Article 6, paragraph 1b GDPR, or because the processing is necessary to fulfill a legal obligation based on Article 6, paragraph 1c of the GDPR; GFOS is subject to this obligation.
In addition, we collect and use this data based on our legitimate interest within the meaning of Article 6, paragraph 1f GDPR in order to contact our customers, if desired, in order to determine which services of our company are of interest to our customers and for individualized promotional targeting, as far as this is legally permissible.
Contact form / E-mail
You can contact us online via e-mail or via a contact form. Form checkboxes that definitely need to be filled in by you in order for us to contact you are marked with an asterisk
(*) as a mandatory checkbox.
When you submit the form to us, HubSpot will process the information you provide and your IP address, date and time, and then provide it to us via our HubSpot system. This processing of your personal data is necessary so that we can process and answer your request via the contact form, Article 6, paragraph 1b GDPR.
If you contact us directly via e-mail, phone or for example at exhibitions, we will also store, process, and maintain the information you provide to us in our HubSpot system, provided that you have given us your consent. This processing of your personal data is necessary so that we can process and answer your request, Article 6, paragraph 1b GDPR.
In addition, we store and process the data collected by the contact form and by e-mail, by phone or for example at trade fairs in HubSpot in order to understand why you have contacted us based on our legitimate interest within the meaning of Article 6, paragraph 1f GDPR. This serves to determine the products or services of our company that you are interested in. In addition, we use this data for the individualized information of our contacts about the services offered by us, as far as this is legally permissible.
We will delete the data collected in this way, as long as they are no longer required and any statutory retention requirements have expired. We check annually if there are any data to be deleted. In the context of the legal storage obligations (according to HGB, i.e. the German Commercial Code, 6 years, according to AO, i.e. the German revenue code, 10 years) the deletion takes place after the end of the year, in which this expires. Furthermore, you can inform us at any time if you wish the deletion of your personal data. We will fulfill your request immediately.
Contact form for e-mail marketing / blog updates
You will find various contact forms that you can use to request free information material (e.g. whitepapers etc.), trade fair tickets and / or a newsletter (for example blog updates etc.) on various areas of our services. In order to receive this information material from us, a form must be completed and sent to us. Form checkboxes that definitely need to be filled in by you in order for us to send you the information requested are marked with an asterisk (*) as a mandatory checkbox.
The information collected through the contact information forms, at events and via subscriptions to newsletters is provided to us in HubSpot as well as stored and processed there. In addition to the data you enter, your IP address and the time you filled in and sent out the form will be saved. In addition to the form data, HubSpot evaluates the data collected about you through cookies by submitting the form data. With the help of HubSpot, we can provide you with individualized and custom-made information about our services. This not only has the advantage for us that we only purposefully provide you with information that we assume will really interest you, but we also monitor whether you have any interest in the information provided by us or whether we only bother you with unnecessary e-mails. If we discover this, we will decide not to provide you with any further information. After all, we too have no interest in sending you e-mails that you do not read or delete immediately, or in the worst case, have you create negative connotations with us, i.e. GFOS. You have provided us with your consent for this type of data processing, according to Article 6, paragraph 1a GDPR. You can of course revoke this consent at any time. Furthermore, you can inform us at any time if you wish the deletion of your personal data. We will fulfill your request immediately.
If you request informational material, we will also obtain your consent to e-mail you with customized information about our services.
If you subscribe to our newsletter, we will also obtain your consent to e-mail you with personalized information about our services.
If you decide to register for an event, we will also obtain your consent to e-mail you with personalized information about our services.
In addition, we provide you with informational material about our services via e-mail before and after the event.
- Evaluation of clicks
- Reading habits
- Behavior on particular sites
- Rating of landing pages
- Use of links
In general, if you do not want to be registered by HubSpot, you can prevent the storage of cookies by your browser settings at any time or use the following opt-out link: Hubspot Opt-Out..
Rights of the data subject
Each data subject has the right to information according to Article 15 GDPR, the right to a correction according to Article 16 GDPR, the right to cancellation according to Article 17 GDPR, the right to restriction of processing according to Article 18 GDPR, the right to object according to Article 21 GDPR and the right to data portability according to Article 20 GDPR. With regard to the right to information and the right to deletion, the restrictions under §§ 34 and 35 of the German Federal Data Protection Act apply. In addition, there is a right of appeal to a competent data protection supervisory authority (Article 77 GDPR, in combination with § 19 of the German Federal Data Protection Act).
You may revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to us before the validity of the GDPR, i.e. before May 25, 2018. Please note that the revocation only works for the future. Processing that occurred before the revocation is not affected.
Do I have to provide my personal data?
As part of our business relationship, you must provide those personal data necessary to enter into a business relationship and to perform its contractual obligations, or those that are required to collect by us per law. Without this data, we will usually have to refuse the conclusion of a contract or the execution of a might have to end an existing contract as we are no longer able to fulfill it.
Is there an automated decision-making?
No. Currently, we do not use fully automated decision-making according to Article 22 GDPR in order to establish and conduct business relations. A "profiling" act does not take place.
Information about your right of objection according to Article 21 GDPR
Case-specific right of objection
You have the right to object to the processing of your personal data at any time and for reasons related to your particular situation, according to Article 6, paragraph 1e GDPR (data processing in the public interest) and Article 6, paragraph 1f GDPR (data processing on the basis of a balance of interests); this also applies to a profiling based on this provision within the meaning of Article 4, No. 4 GDPR.
If you object, we will no longer process your personal information unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or if the processing is for the purpose of enforcing, pursuing or defending legal claims.
Right to object to the processing of data for direct marketing purposes
In individual cases, we process your personal data in order to operate direct mailings. You have the right to object at any time to the processing of your personal data with regard to such advertising; this also applies to profiling insofar as it is associated with such direct mailings. If you object to the processing for direct marketing purposes, we will no longer process your personal data for these purposes.
Recipient of the objection
The objection can be form-free with the subject "objection" stating your name, your address and should be addressed to:
Am Lichtbogen 9
+49 . 201 • 61 30 00
Links to other websites
Our website may contain links to third-party websites. The contents of the linked websites are checked before linking and then at irregular intervals for illegal content. If necessary, the links are removed. GFOS therefore is not responsible for the privacy practices or the content of websites outside the GFOS group of companies.