Privacy

Privacy Policy

Introduction

With this policy statement, we would like to inform you about the nature and extent, as well as the purpose and legal basis of personal data processing on this website and any other online presence in social media networks. In addition, we would also like to communicate our information obligations for the use of personal data in our company.

Name and address of the data controller

The data controller, as defined by the EU general data protection regulation (GDPR) and other national data protection laws of member states, as well as other data protection regulations, is the company responsible named in the website legal notice.

Contacting the data protection officer

The data protection officer of the controller is:

Christian Krause

datenschutz@gifas.de

Fundamental information of the processing of personal data

We collect and process our users’ personal data only to the extent necessary to operate a functioning website and deliver our company’s services. This data is only processed with your consent or as far as it is permitted or required by a statutory provision.

For us, the security of your personal data has a high priority. We therefore protect your data by applying technical and organisational measures to prevent any misuse. The measures adopted are regularly checked and adapted to the current technical circumstances. In addition all employees are committed to secrecy in accordance with Article 28 GDPR.

Purpose and legal basis of processing, transferring to third parties and abroad

We process your data for the following reasons:

• fulfilling new or existing contracts or implementing pre-contractual measures, such as compiling offers and quotations

• sending marketing information

• processing inquiries, either in our core business or with regard to letters of application

• providing telemedia, such as our website or e-mail services

The legal basis for the processing of this data is provided by Art. 6, sec. 1 GDPR:

• Art. 6, sec. 1 (a) GDPR: processing based on customer/user consent

• Art. 6, sec.1 (b) GDPR: processing necessary for the performance of a contract or pre-contractual measures, such as sales or services contracts or calls for tender.

• Art. 6, sec.1 (c) GDPR: processing to which we are bound by law, such as retention of data for fiscal reasons

• Art. 6, sec.1 (f) GDPR: processing necessary for pursuing the legitimate interests of our company, e.g. passing on data to postal services or accountants. This also includes the saving of information on usage of our website for the purpose of its optimization.

The transfer of your personal data to third parties is also based on the permissions mentioned above and is only carried out within the scope of an order processing agreement or other non-disclosure obligations, as far as they exist. These include persons with a duty of professional secrecy or shipping providers. If data is transferred to a third country outside the European economic area, appropriate guarantees are provided by the recipients, in acc. with Art. 44 ff GDPR, e.g. certification within the Privacy Shield programme.

Storage periods and deletion of personal data

Personal data is only stored and processed for the period required for fulfilment of the processing purpose. After this time, your data is deleted or blocked, insofar as we are no longer bound by any statutory requirement of retention.

Newsletter

We send newsletters to our customers with advertising content. The legal basis for this is either consent in acc. with Art. 6, sec.1 (a) GDPR, if you have registered for receipt of our newsletter via the newsletter function. Registration requires the double opt-in function, i.e., you receive a confirmation e-mail in which you must click on a confirmation link. You can revoke your consent at any time, using the unsubscribe function contained in every newsletter

If we came into contact with you through a contractual relationship, we will send you the newsletter with product information to maintain our legitimate interests in acc. with Art. 6, sec.1 (f) GDPR in conjunction with § 7 sec. 3 Law against Unfair Competition. You can object to the use of your e-mail address for advertising purposes. For this purpose, each newsletter has an unsubscribe function.

For sending our newsletter, we use the external service provider CleverReach. The provider maintains a database, in which we can view information on registrations and objections to or revocations of consent. The documentation serves the maintenance of our legitimate interests in acc. with Art. 6, sec.1 (f) GDPR, by enabling us to provide a newsletter which is user friendly and legal, e.g. relating to obligations to produce proof.

Contacts at trade fairs and events

Should you provide us with your contact details in the form of business cards at trade fairs or other events, we will use these details to make contact with you. This includes the sending of a catalogue and/or some form of direct contact from our company. When your details are recorded in our CRM system, you will receive a separate confirmation e-mail informing you of this and offering you a simple opportunity to reject this processing of your data. We regard the contact after receiving a business card as a pre-contractual measure in acc. with Art. 6, sec.1 (b) GDPR, i.e. an expression of interest in a service/product offered. You can withdraw your consent to the processing of your personal data for the purposes mentioned above at any time.

Direct contact

If we are contacted directly (e.g. by contact form, e-mail, telephone or via social media networks) the user’s personal data will be used to process the inquiry, in acc. with Art. 6, sec.1 (b) GDPR, i.e. for the performance of a contract or pre-contractual measure. To do so, your data is fed into a customer relationship management system (CRM). Please note that the GoBD (Principles of Regular Data Processing-supported Accounting Systems) obliges us to archive e-mails; e-mails sent to us can therefore not be completely deleted (from our e-mail archiving system). Information transferred to our website from our contact form is securely encrypted, in accordance with the stipulations contained in Art.13 sec. 7 of the TMG (German Telemedia Law).

We integrate external fonts like Font Awesome to make our website look better. The legal basis for this is the preservation of our legitimate interest in accordance with Art. 6 para. 1 lit. c DSGVO. By using Fonticons Inc. fonts, this company collects and possibly records data about the use of the fonts. The privacy policy can be found here.

Integration Google Fonts and YouTube

To enhance our online offering, we incorporate fonts (“Google Fonts”) from Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. The use of Google Fonts also collects and possibly collects data about the use of fonts from Google. We also include videos from the video platform YouTube on our website. YouTube belongs to the provider Google LLC. You can find the privacy policy at: https://www.google.com/policies/privacy/, for an opt-out opportunity, visit: https://adssettings.google.com/authenticated. The integration of the videos is done to optimize our online experience.

The legal basis for the integration of said fonts and videos is the preservation of our legitimate interest in accordance with Art. 6 para. 1 lit. f DSGVO.

Google is certified under the Privacy Shield Agreement, which provides a guarantee to comply with European privacy legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

Collection of access data and log files

Every time our server is accessed, we collect access data, (log files) on the basis of our legitimate interests in acc. with Art. 6, sec.1 (f) GDPR. This includes the name of the website accessed, date and time of access, data file transferred and data volume, notification of success or failure of the data retrieval, browser type and browser version, operating system, referrer URL (previously visited site) and your IP address.

Log files are collected for security reasons (e.g. investigation of criminal offences) and stored for a period of seven days, after which time they are deleted. Should any data be required for evidence after this time, it will be exempt from deletion until the relevant case has been clarified.

To guarantee fast and stable connection, hosting has been outsourced to an external provider that processes the above-mentioned log files in accordance with our instructions. The legal basis for this is the pursuit of our legitimate interests in acc. with Art. 6, sec.1 (f) GDPR in conjunction with Art. 28 GDPR.

Use of cookies and tracking information

Cookies are files saved on the user’s computer system by the internet browser. When a person accesses this website, cookies are saved in their browser memory.

You can prevent cookies being saved in your browser, though this can restrict the function of the page. A better choice would be to delete all cookies after the end of each browser session, a function which operates without restriction on our website and prevents you being recognised on your next visit, with all the positive and negative consequences this involves.

We use technical cookies as this is necessary for the operation of the services provided and is in accordance with Art. 6, sec.1 (f) GDPR, i.e. in our legitimate interests.

Technical cookies are used to recognise users when they return to the website, so that any language settings, shopping baskets, etc. can be saved after the end of a session.

In addition, we use tracking cookies to compile statistical information on how our website is used. The legal basis for this is also covered by out legitimate interests in accordance with Art. 6, sec.1 (f) GDPR. Tracking cookies also include

Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer to help the website analyse how visitors use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. If IP anonymisation is activated on this website, Google will abbreviate your IP Address for member states of the European Union or for other contracting parties to the Agreement on the European Economic Area. Only in exceptional cases will the complete IP address be transferred to Google servers in the USA and abbreviated there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent transfer of the data generated by the cookie pertaining to your use of the website (incl. your IP address) to Google as well as the processing of this data by Google by downloading and installing the browser plug-in available under the following link:: http://tools.google.com/dlpage/gaoptout

More detailed information on conditions of use and data protection can be found in the Google Analytics terms of service or the Google Analytics privacy and terms overview (https://policies.google.com/technologies/ads). We also point out that this website uses the Google Analytics code “gat._anonymizeIp();” to guarantee the anonymous collection of IP addresses (so-called IP masking).

Google is certified in accordance with the Privacy Shield agreement and therefore guarantees compliance with European data protection legislation (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active).

We have concluded the mandatory privacy agreement with Google in writing: see also www.google.de/analytics/terms/de.html

Updating privacy policy

From time to time, we update this privacy policy statement to keep it in line with new legal requirements, jurisdictions or with changing processing methods in our company. We therefore expressly reserve the right to make alterations to this policy.

Information on data subject rights

Should we process any of your personal data, this makes you a data subject as defined by the GDPR and you have the following rights which the controller must facilitate:

Right of access and data portability

You have the right to obtain information on any personal data which is stored about you.

You have the right to receive the data requested in a commonly used electronic form.

Right to rectification

You have the right to demand from the controller the rectification of any personal data concerning you which is inaccurate. Taking into account the purpose of the processing, you have the right to demand that any incomplete personal data be completed.

Right to restriction

Under the following conditions, you have the right to demand that the processing of your personal data be restricted:

1) The accuracy of the personal data is contested by you, for a period enabling the controller to verify the accuracy of the personal data in question.

2) The processing is unlawful and you reject the deletion of the data, requesting instead the restriction of their use.

3) The controller no longer needs the personal data for the purposes of the processing but they are required by you for the establishment, exercise or defence of legal claims, or if

4) you, as the data subject, have lodged an objection to the processing of the data, pending verification of whether the legitimate interests of the controller override your own.

If processing has been restricted, the personal data in question shall, with the exception of storage, only be processed with the data subject’s (i.e. your) consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. We will inform you before the restriction is lifted.

Right to deletion

Under the following conditions, you can demand the deletion of any personal data affecting you:

1) The personal data are no longer needed for the purpose for which they were originally collected or otherwise processed.

2) You have withdrawn your consent and there is no further legal basis for the processing.

3) You have lodged an objection to the processing and there are no overriding legitimate grounds for the processing.

4) The personal data have been unlawfully processed.

5) The personal data have to be erased to comply with a legal obligation in Union or Member State law to which the controller is subject.

6) The personal data were collected in relation to the use of web services.

Right to revocation of consent

You have the right to withdraw your consent to the processing of your personal data. The withdrawal of consent does not affect the lawfulness of any processing which was based on previously given consent before its withdrawal.

Right to information

If you have invoked your right to rectification, erasure or limitation of the processing, we are obliged to inform all those who have received this data of the rectification, erasure or limitation of the data in question, unless this involves a disproportionate effort or expenditure, or it is impossible.

Right to object

As the data subject, you have the right to object to the processing of your personal data, which is based on the points (e) or (f) of Article 6 (1), at any time on grounds relating to your own particular situation; including profiling based on those points. The controller shall then no longer process your personal data unless compelling legitimate grounds for the processing can be proven, which override the interests, rights and freedom of you as the data subject, or which show the processing to be necessary for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you, as the data subject, have the right to object at any time to the processing of your personal data for such marketing. This also includes profiling to the extent that it is related to such direct marketing.

Automated individual decision-making, including profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significant affects. This does not apply if the decision

1) is necessary for entering into or fulfilling a contract between yourself and the controller,

2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights, freedoms and legitimate interests or

3) is based on your explicit consent.

Decisions referred to in paragraph 2 must not be based on special categories of personal data referred to in Art. 9, sec.1 GDPR, unless points (a) or (g) of Art. 9, sec. 2 apply and suitable measures to safeguard your rights, freedoms and legitimate interests as the data subject are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and to contest the decision.

Right to complain with a supervisory authority

You have the right to complain to a supervisory authority, irrespective of any other administrative or judicial remedy, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of your personal data contravenes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy in acc. with Art. 78 GDPR.

Non-provision of personal data

Should you not provide us with personal data which we require for contractual purposes, the general consequence of this will be that the contract cannot not be concluded. We can inform you of whether provision of personal data, in individual cases, is a statutory requirement or a contractual necessity and of the possible consequences of the failure to provide such data.