GEALAN Fenster-Systeme GmbH, as the operator of this site, takes the protection of your personal data very seriously. We treat your personal data confidentially and in compliance with the EU General Data Protection Regulation (GDPR), the local legislation applicable in your country, the Federal Data Protection Act (BDSG), and the Telemedia Act (TMG).
This Data Privacy Statement clarifies the type, scope and purpose of the collection and use of data belonging to visitors and users of the GEALAN Fenster-Systeme GmbH website. If you have questions regarding data protection, please contact our data protection officers via email under firstname.lastname@example.org or the address entered below.
Information to be provided pursuant to Article 13 GDPR
Controller in terms of Article 4(7) GDPR:
GEALAN FENSTER-SYSTEME GMBH
Hofer Straße 80
Contact details of our data protection officer:
GEALAN FENSTER-SYSTEME GMBH
- Data protection officer -
Hofer Straße 80
Use of the Website:
Our website is not suitable for minors.
All data received and processed within this website is treated confidentially in compliance with the GDPR, and not disclosed to third parties.
Browse our website without entering your personal data
Our website can be used outside the password-protected GEALAN partner area without entering personal data.
In this instance we only obtain
• Your IP address,
• The name of the accessed website or opened file, and the time at which these were accessed and opened.
• The domains via which you accessed our website
• The transferred data quantity and
• Whether the website/file was successfully accessed or opened.
This data is used exclusively for administration, optimisation of the website and for handling your requests.
The IP address may be deemed personal data because under certain circumstances it is possible to discover the identity of the individual accessing the internet, with the help of the respective internet provider.
We shall only analyse the IP address when attacks on our internet infrastructure occur. In this case, we have a legitimate interest in the processing of the IP address pursuant to point (f) of Article 6(1) GDPR. This legitimate interest arises from the need to defend against attacks on the internet infrastructure, the need to determine the origin of the attack in order to be able to initiate criminal and civil proceedings against the person responsible, as well as to effectively prevent further attacks.
The IP address is deleted when we are able to determine that it was not the origin of an attack on our internet infrastructure. This is done on a regular basis after seven days.
We also identify the domains from which our web visitors arrive. We also analyse this data to identify trends and compile statistics, but we delete the data afterwards.
This website also contains links to other websites. The legal owner of this site is not responsible for the data protection provisions or the content of these websites. If you have questions or comments on our data protection practices, please contact us at email@example.com.
Browsing our website and entering personal data
If you enter personal data on our website voluntarily or during registration for the GEALAN partner area (for example name, address or email address), this data will not be sent to third parties without your express consent or legal permission. If you register for the GEALAN partner area, a contract is concluded between us for retention and provision of the respective profile.
In this case, we process your data pursuant to point (b) of Article 6 GDPR, for performance of an existing contract between us or pursuant to point (a) of Article 6 GDPR based on your consent. Data is processed for the performance of contractual services, payment processing, delivery of contractually ordered products and services, to send your address details to logistics companies for delivery of goods, and to send information of interest regarding products and campaigns. Your data is forwarded within our company to the people involved in order processing or decision-making. Any further disclosure to third parties which is not covered by legal requirements shall only be carried out with your express consent. There is no automated decision-making.
We process your data only for as long as it is required to perform our contract or meet the applicable legal requirements, or for the purpose of transferring your data. In general, we do not separately erase the personal data you have entered in the GEALAN partner area. You can however change individual details in your profile at any time. All personal data saved within your profile can be deleted on request via email (stating your user name) to firstname.lastname@example.org, insofar as you have not otherwise consented to the continued retention of this data. Business records are kept in accordance with the statutory retention periods, and then erased in compliance with data protection provisions.
Use of external service providers
We work together with service providers who process specific data on our behalf. This is always done in accordance with the applicable data protection law. In particular, with regard to the subcontracting of data processing, we have concluded agreements with our service providers which meet the requirements of Article 28 GDPR.
According to the GDPR, you have the following rights:
+ Right of access regarding the processing of your data
You have the right to demand information regarding whether, and indeed which part of your personal data is processed at GEALAN Fenster-Systeme GmbH. You have the right to the following information:
- the purposes of the processing;
- the categories of personal data concerned;
- the recipients or categories of recipient to whom the personal data have been or will be disclosed;
- where possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine this period;
- where the personal data are not collected from the data subject, any available information as to their source;
- the existence of automated decision-making including profiling, referred to in Article 22 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
We shall provide you with a copy of the personal data undergoing processing. If we have reasonable doubt concerning the identity of the person requesting information, we shall request additional information to confirm the identity of the data subject.
+ Right to rectification
You have the right to demand rectification of inaccurate personal data about you. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
+ Right to erasure
Your personal data is erased when you assert the right to erasure in writing, and where this does not prejudice any statutory rights or obligations of retention. Your personal data will be also be deleted if data is no longer necessary for the fulfilment of the purpose pursued with the retention, or if retention of the same is inadmissible on other legal grounds, and erasure does not conflict with the statutory retention periods.
+ Right to restriction of processing
You shall have the right to demand restriction of processing of your personal data where the accuracy of the personal data is contested, and for a period which allows GEALAN Fenster-Systeme GmbH to check the accuracy of the personal data. If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead, we shall follow your instruction. Data shall not be erased if we need it for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to Article 21(1) GDPR, pending verification of whether the legitimate grounds of GEALAN Fenster-Systeme GmbH override your reasons.
+ Right to object to processing
You have the right to object to the processing of your personal data which has been carried out based on Article 6 GDPR. GEALAN Fenster-Systeme GmbH shall not process your personal data further in the event of an objection, unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
+ Right to data portability
You have the right to receive the personal data which you have provided concerning you, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us. The requirement is that data is processed with consent pursuant to Article 6 or Article 9 GDPR, or based on a contract, and is processed by automated means. You also have the right to send the personal data directly from the GEALAN Fenster-Systeme GmbH to another responsible body, insofar as this is technically feasible.
+ Right to withdraw consent with immediate effect
Your consent may be withdrawn at any time with immediate effect. No costs are incurred for a withdrawal, an objection or for accessing the data. Please send the withdrawal by email to email@example.com.
+ Right to lodge a complaint with the data protection supervisory authorities
If you are of the opinion that the processing of your personal data infringes data protection provisions, you have the right at any time to lodge a complaint with the supervisory authority responsible for your federal state pursuant to Article 77 GDPR.
Other data privacy statements for third party services used within our website
Data Privacy Statement for the Google Analytics web analytics service
Further information on the terms of service and data protection can be found at https://www.google.com/analytics/terms/gb.html or https://policies.google.com/.
Please note that on this website, Google Analytics has been extended with the “anonymizeIp” code in order to guarantee that IP addresses are recorded anonymously (IP masking).
Google Tag Manager
Google Tag Manager is a Google Inc. (“Google”) service which is used to add, update and manage tags.
Tags are small code elements on our website which help measure traffic and visitor behaviour and monitor the impact of online advertising and social media.
When you visit our website, the current tag configuration is sent to the user’s browser. This contains instructions on which tags should be enabled. The tool itself does not record personal data. The tool does however ensure that other tags which may record data are enabled.
More information on how Google Tag Manager works can be found here: https://support.google.com/tagmanager/ and in the use policies: https://www.google.com/analytics/tag-manager/use-policy/.
Data Privacy Statement for “Google Remarketing” and “Similar Audiences” function of Google Inc.
Data privacy statement for Google Inc. “Google AdWords Conversion Tracking”
Notes regarding the newsletter and consent
The following information covers the content of our newsletter and the method of registration, send method and statistical analysis, as well as your right to object. By subscribing to our newsletter, you agree to receipt thereof and to the described methods.
We send newsletters and advertising information by email (hereinafter “Newsletter”) only with the consent of the recipient or with legal permission. The content created when subscribing to the newsletter shall establish the user’s consent.
Double opt-in and tracking:
You subscribe to our newsletter using a double opt-in model, i.e. after subscribing you will receive an email in which you are asked to confirm your subscription. This confirmation is required so that no one can subscribe using third-party email addresses. Subscriptions to the newsletter are tracked in order to verify that the subscription process meets the legal requirements. This includes logging the subscription and confirmation times, as well as the IP address. Changes to your data retained in MailChimp are also tracked.
Using the “MailChimp” email marketing service provider:
Newsletters are sent via MailChimp, a newsletter automation platform provided by the US company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients are stored on the MailChimp servers in the USA, along with other details described within these notes. MailChimp uses this information to send and analyse newsletters on our behalf. According to its own marketing information, MailChimp can also use this data to optimise or improve its own services, e.g. for technical optimisation of the sending and layout of newsletters, or for commercial purposes, to determine which countries recipients come from. MailChimp does not use the data on our newsletter recipients to address these recipients themselves or to disclose it to third parties.
In order to subscribe to the newsletter, simply enter your email address. In addition, we use other data such as name and first name, country and customer group. This information is used solely for personalisation and segmentation of the newsletter.
Statistical collection and analyses:
The newsletters contain a “web beacon”, i.e. a pixel-sized file which is retrieved when the newsletter is opened from the MailChimp server. By retrieving this file, we collect technical information such as information regarding the browser and your system, as well as your IP address and time at which the file was retrieved. This information is used for technical enhancement of services based on the technical data or audience, and the audience’s reading habits based on the retrieval sites (which can be determined by the IP address) or access times.
Statistical surveys also include determination of whether the newsletter is opened, when it is opened, and which links are clicked. It is technically possible to attribute this information to individual newsletter recipients; however it is not our objective, nor that of MailChimp, to monitor individual users. The analyses actually allow us to learn about the reading habits of our users, and to adapt our content accordingly, or to send different content according to the interests of our users.
Online access and data management:
You can unsubscribe from our newsletter at any time, i.e. revoke your consent. This also deletes your consent to delivery via MailChimp and to statistical analyses. Unfortunately, consent to delivery via MailChimp or statistical analysis cannot be revoked separately.
A link to unsubscribe from the newsletter can be found at the end of each newsletter.
Legal basis for the General Data Protection Regulation:
In accordance with the provisions of the General Data Protection Regulation (GDPR) of 25 May 2018, we hereby inform you that consent to sending newsletters to the registered email addresses is based on point (a) of Article 6(1) GDPR and Section 7 GDPR, as well as Section 7, Subsection (2), Number 3 and Subsection (3) Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, “UWG”).
Use of the MailChimp email marketing service provider, performing statistical surveys and analyses, and tracking of the login process is all done on the basis of our legitimate interests pursuant to point (f) Article 6(1) GDPR
Please also note that you can object to any future processing of your personal data in compliance with the legal provisions pursuant to Article 21 GDPR. An objection can be lodged in particular against processing for direct marketing purposes.
Our social media presence
Data processing by social networks
Our social media webpages are intended to give us as extensive an internet presence as possible. This constitutes a legitimate interest as described in Article 6(1) point f GDPR. Analytical processes initiated by the social networks may be founded on different legal bases which the social network operators must disclose (e.g. consent as described in Article 6(1) point a GDPR).
Controller and exercising of rights
When you visit one of our social media webpages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. However, our responsibility and related ability to provide information are limited exclusively to the content we have created. In principle, you can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaints) both against us (with regard to content) and against the operator of the respective social media portal (e.g. Facebook). Please note that, despite our shared responsibility with the social media portal operators, we do not have complete control over the data processing operations of the social media portals. Our capabilities are limited by the company policy of the respective provider.
We cannot influence the period for which personal data pertaining to you is stored by the social network operators for their own purposes. Information can be obtained directly from the social network operators (e.g. in their data protection information, see below).
Individual social networks
We have a Facebook profile. The provider of this service is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield. You can adjust your advertising settings independently in your user account. In order to do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. You can find further details in the Facebook Data Policy: https://www.facebook.com/about/privacy/
We have an Instagram profile. The provider of this service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can find details on how Instagram processes your personal data in the Instagram Data Policy: https://help.instagram.com/519522125107875
We have a LinkedIn profile. The provider of this service is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US-Privacy Shield. LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link:
Updating this data privacy statement
From time to time this data privacy statement may have to be updated, for example by new legal provisions or official requirements, and new offers on our website. We will notify you of this. In general, we recommend that you open this data privacy statement regularly to check whether there are changes. Changes can be identified e.g. by an updated issue status at the bottom of the document.
Printing and saving this data privacy statement
This data privacy statement can be printed and saved directly, for example using the Print or Save function in your browser.