Site notice

and data privacy statement


GEALAN Fenster-Systeme GmbH

Hofer Straße 80
95145 Oberkotzau

Tel.: +49 - 92 86 / 77-0
Fax: +49 - 92 86 / 77-22 22
Commercial register: AG Hof, HRB 702
Managing Directors: Ivica Maurović, Tino Albert

GEALAN Tanna Fenster-Systeme GmbH

Gewerbegebiet Kapelle-Nord 23
07922 Tanna/Thuringia

Tel.: +49 - 3 66 46 / 3 06-0
Fax: +49 - 3 66 46 / 3 06-50 42
Commercial register: AG Jena, HRB 202763
Managing Directors: Tino Albert, Ivica Maurović

VAT identification numbers

GEALAN Holding GmbH: DE 813 535 942
GEALAN Fenster-Systeme GmbH: DE 219 388 958
GEALAN Tanna Fenster-Systeme GmbH: DE 232 544 006
WEEE-Reg.-Nr.: DE 35001489
GEALAN S.A.R.L.: FR 07 483 279 089
UAB GEALAN BALTIC S.A.: LT 107 648 716
GEALAN Polska Sp. z o.o.: PL 833 122 3577
S.C. GEALAN Romania SRL: RO 914 10 46
GEALAN D.O.O.: HR 029 283 765 09

Data privacy statement

GEALAN Fenster-Systeme GmbH, as the operator of this site, takes the protection of your personal data very seriously. We treat your personal data confidentially and in compliance with the EU General Data Protection Regulation (GDPR), the local legislation applicable in your country, the Federal Data Protection Act (BDSG), and the Telemedia Act (TMG).

This Data Privacy Statement clarifies the type, scope and purpose of the collection and use of data belonging to visitors and users of the GEALAN Fenster-Systeme GmbH website. If you have questions regarding data protection, please contact our data protection officers via email under or the address entered below.

Information to be provided pursuant to article 13 GDPR

Controller in terms of Article 4(7) GDPR:
Hofer Straße 80
D-95145 Oberkotzau

Contact details of our data protection officer:
- Data protection officer -
Hofer Straße 80
D-95145 Oberkotzau

Use of the Website:
Our website is not suitable for minors.
All data received and processed within this website is treated confidentially in compliance with the GDPR, and not disclosed to third parties.

Browse our website without entering your personal data
Our website can be used outside the password-protected GEALAN partner area without entering personal data.
In this instance we only obtain
• Your IP address,
• The name of the accessed website or opened file, and the time at which these were accessed and opened.
• The domains via which you accessed our website
• The transferred data quantity and
• Whether the website/file was successfully accessed or opened.
This data is used exclusively for administration, optimisation of the website and for handling your requests.
The IP address may be deemed personal data because under certain circumstances it is possible to discover the identity of the individual accessing the internet, with the help of the respective internet provider.  
We shall only analyse the IP address when attacks on our internet infrastructure occur. In this case, we have a legitimate interest in the processing of the IP address pursuant to point (f) of Article 6(1) GDPR. This legitimate interest arises from the need to defend against attacks on the internet infrastructure, the need to determine the origin of the attack in order to be able to initiate criminal and civil proceedings against the person responsible, as well as to effectively prevent further attacks.
The IP address is deleted when we are able to determine that it was not the origin of an attack on our internet infrastructure. This is done on a regular basis after seven days.
We also identify the domains from which our web visitors arrive. We also analyse this data to identify trends and compile statistics, but we delete the data afterwards.
This website also contains links to other websites. The legal owner of this site is not responsible for the data protection provisions or the content of these websites. If you have questions or comments on our data protection practices, please contact us at
This site also uses “cookies”. You may refuse the use of cookies by selecting the appropriate settings on your browser; however, if you do this you may not be able to use the full functionality of this website.

Browsing our website and entering personal data
If you enter personal data on our website voluntarily or during registration for the GEALAN partner area (for example name, address or email address), this data will not be sent to third parties without your express consent or legal permission. If you register for the GEALAN partner area, a contract is concluded between us for retention and provision of the respective profile.
In this case, we process your data pursuant to point (b) of Article 6 GDPR, for performance of an existing contract between us or pursuant to point (a) of Article 6 GDPR based on your consent. Data is processed for the performance of contractual services, payment processing, delivery of contractually ordered products and services, to send your address details to logistics companies for delivery of goods, and to send information of interest regarding products and campaigns. Your data is forwarded within our company to the people involved in order processing or decision-making. Any further disclosure to third parties which is not covered by legal requirements shall only be carried out with your express consent. There is no automated decision-making.
We process your data only for as long as it is required to perform our contract or meet the applicable legal requirements, or for the purpose of transferring your data. In general, we do not separately erase the personal data you have entered in the GEALAN partner area. You can however change individual details in your profile at any time. All personal data saved within your profile can be deleted on request via email (stating your user name) to, insofar as you have not otherwise consented to the continued retention of this data. Business records are kept in accordance with the statutory retention periods, and then erased in compliance with data protection provisions.

Use of external service providers
We work together with service providers who process specific data on our behalf. This is always done in accordance with the applicable data protection law. In particular, with regard to the subcontracting of data processing, we have concluded agreements with our service providers which meet the requirements of Article 28 GDPR.

Your rights:
According to the GDPR, you have the following rights:
Right of access regarding the processing of your data
You have the right to demand information regarding whether, and indeed which part of your personal data is processed at GEALAN Fenster-Systeme GmbH. You have the right to the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • where possible, the envisaged period for which the personal data will be stored, or if not possible, the criteria used to determine this period;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making including profiling, referred to in Article 22 GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

We shall provide you with a copy of the personal data undergoing processing. If we have reasonable doubt concerning the identity of the person requesting information, we shall request additional information to confirm the identity of the data subject.
Right to rectification
You have the right to demand rectification of inaccurate personal data about you. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
Your personal data is erased when you assert the right to erasure in writing, and where this does not prejudice any statutory rights or obligations of retention. Your personal data will be also be deleted if data is no longer necessary for the fulfilment of the purpose pursued with the retention, or if retention of the same is inadmissible on other legal grounds, and erasure does not conflict with the statutory retention periods.
Right to restriction of processing
You shall have the right to demand restriction of processing of your personal data where the accuracy of the personal data is contested, and for a period which allows GEALAN Fenster-Systeme GmbH to check the accuracy of the personal data. If the processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead, we shall follow your instruction. Data shall not be erased if we need it for the establishment, exercise or defence of legal claims, or if you have objected to processing pursuant to Article 21(1) GDPR, pending verification of whether the legitimate grounds of GEALAN Fenster-Systeme GmbH override your reasons.
Right to object to processing
You have the right to object to the processing of your personal data which has been carried out based on Article 6 GDPR. GEALAN Fenster-Systeme GmbH shall not process your personal data further in the event of an objection, unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Right to data portability
You have the right to receive the personal data which you have provided concerning you, in a structured, commonly used and machine-readable format, and you have the right to transmit that data to another controller without hindrance from us. The requirement is that data is processed with consent pursuant to Article 6 or Article 9 GDPR, or based on a contract, and is processed by automated means. You also have the right to send the personal data directly from the GEALAN Fenster-Systeme GmbH to another responsible body, insofar as this is technically feasible.
Right to withdraw consent with immediate effect
Your consent may be withdrawn at any time with immediate effect. No costs are incurred for a withdrawal, an objection or for accessing the data. Please send the withdrawal by email to
Right to lodge a complaint with the data protection supervisory authorities
If you are of the opinion that the processing of your personal data infringes data protection provisions, you have the right at any time to lodge a complaint with the supervisory authority responsible for your federal state pursuant to Article 77 GDPR.

Data privacy statement for the google analytics web analytics service

Data Privacy Statement for the Google Analytics web analytics service
This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses cookies, text files which are placed on your computer for the purpose of analysing your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. We have activated IP anonymisation. On this website, your IP address will therefore be truncated by Google within an EU member state or other EEA state before being transmitted to the US. Only in exceptional situations will your full IP address be transmitted to Google servers in the United States and truncated there. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity and providing them with other services relating to website activity and internet usage. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting information (including your IP address) relating to your use of the website which is generated by the cookie, and from processing this information, by downloading and installing the browser plugin available at the following link: An opt-out cookie is set to prevent your data being recorded when you visit this website in future
Further information on the terms of service and data protection can be found at or
Please note that on this website, Google Analytics has been extended with the “anonymizeIp” code in order to guarantee that IP addresses are recorded anonymously (IP masking).

Google Tag Manager
Google Tag Manager is a Google Inc. (“Google”) service which is used to add, update and manage tags.
Tags are small code elements on our website which help measure traffic and visitor behaviour and monitor the impact of online advertising and social media.
When you visit our website, the current tag configuration is sent to the user’s browser. This contains instructions on which tags should be enabled. The tool itself does not record personal data. The tool does however ensure that other tags which may record data are enabled.
More information on how Google Tag Manager works can be found here: and in the use policies:

Data Privacy Statement for “Google Remarketing” and “Similar Audiences” function of Google Inc.
This website uses the Remarketing or “Similar Audiences” function of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). You can therefore be targeted by advertising so that personalised and interest-based advertisements are displayed when you visit other websites in the “Google Display Network”. “Google Remarketing” and “Similar Audiences” use cookies, text files which are stored on your computer and which allow your use of the website to be analysed. These text files document your visit and collect anonymised data regarding your use of the website. Personal data is therefore not retained. If you visit another website in the “Google Display Network” you will see pop-up ads which should reflect product and information areas previously accessed on our website. You can block the “Google Remarketing” or “Similar Audiences” function by refusing the use of cookies by setting your browser software accordingly. Please note however that if you do this you may not be able to use the full functionality of this website. You can also prevent Google from collecting the information generated by the cookie relating to your use of the website and from processing this information by downloading the browser plugin available at the following link and installing it: You can also deactivate the use of cookies by third-party suppliers, by opening the Network Advertising Initiative site at and implementing the detailed instructions given there concerning opt-outs. The Google Data Privacy Statement regarding remarketing with further information can be found here:

Data privacy statement for Google Inc. “Google AdWords Conversion Tracking”
This website uses the “Google AdWords Conversion Tracking” function of Google Inc. 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States (“Google”). Google AdWords Conversion Tracking uses cookies, text files which are stored on your computer and which allow an analysis of your use of the website when you click on a Google ad. Cookies are valid for a maximum of 90 days. Personal data is therefore not retained. As long as the cookie is valid, we as the website operator, and Google, can see that you have clicked on an ad and have accessed a certain landing page (e.g. order confirmation page, newsletter subscription). These cookies cannot be tracked across multiple websites by different AdWords participants. Conversion statistics are compiled by the cookie in “Google AdWords”. These statistics record the number of users who have clicked on one of our ads. In addition, the number of users who have accessed a landing page which contains a “conversion tag” is counted. The statistics do not however include any data which can used to identify you. You can refuse the use of cookies on your hard drive by selecting “Do not accept cookies” in your browser settings (in MS Internet Explorer under “Tools > Internet Options > Privacy > Settings; in Firefox under “Options > Privacy & Security > Cookies”); please note however that if you do this, you may not be able to use the full functionality of this website. By using this website, you agree to the processing of the data on you collected by Google in the manner described above, and for the aforementioned purpose. More information on how Google Conversion Data is used, and the Google Data Privacy Statement can be found at:,

Our website uses plug-ins provided by YouTube, a site operated by Google, in order to display YouTube videos on our website. The site operator is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. If you access one of our pages equipped with the YouTube plug-in, a link to the YouTube servers will be created. In this process, information as to which of our pages you have visited will be communicated to the YouTube server. In addition, YouTube may save various cookies on your device. These cookies enable YouTube to receive information about visitors to our website. This information is used for purposes including recording video statistics, increasing ease of use, and preventing attempted fraud. The cookies remain on your device until you delete them. If you are logged into your YouTube account, YouTube is able to directly assign your current activity to your personal profile. You can prevent this from happening by logging out of your YouTube account. YouTube is used to make our website presentation appealing. This represents a legitimate interest as defined by point (f) Article 6(1) GDPR. Additional information on how user data is handled is available in the YouTube privacy policy at

Notes regarding the newsletter and consent
The following information covers the content of our newsletter and the method of registration, send method and statistical analysis, as well as your right to object. By subscribing to our newsletter, you agree to receipt thereof and to the described methods.

Newsletter content:
We send newsletters and advertising information by email (hereinafter “Newsletter”) only with the consent of the recipient or with legal permission. The content created when subscribing to the newsletter shall establish the user’s consent.

Double opt-in and tracking:
You subscribe to our newsletter using a double opt-in model, i.e. after subscribing you will receive an email in which you are asked to confirm your subscription. This confirmation is required so that no one can subscribe using third-party email addresses. Subscriptions to the newsletter are tracked in order to verify that the subscription process meets the legal requirements. This includes logging the subscription and confirmation times, as well as the IP address. Changes to your data retained in MailChimp are also tracked.

Using the “MailChimp” email marketing service provider:
Newsletters are sent via MailChimp, a newsletter automation platform provided by the US company Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The email addresses of our newsletter recipients are stored on the MailChimp servers in the USA, along with other details described within these notes. MailChimp uses this information to send and analyse newsletters on our behalf. According to its own marketing information, MailChimp can also use this data to optimise or improve its own services, e.g. for technical optimisation of the sending and layout of newsletters, or for commercial purposes, to determine which countries recipients come from. MailChimp does not use the data on our newsletter recipients to address these recipients themselves or to disclose it to third parties.

We trust the reliability and IT/data security of MailChimp. MailChimp is certified by the US-EU “Privacy Shield” data privacy framework, and is therefore obliged to meet EU data protection requirements. We have also concluded a data processing agreement with MailChimp. This agreement obliges MailChimp to protect the data of our users, to process it on our behalf in accordance with the relevant data protection provisions, and in particular not to disclose it to third parties. The MailChimp privacy policy can be viewed here:

Subscription details:
In order to subscribe to the newsletter, simply enter your email address. In addition, we use other data such as name and first name, country and customer group. This information is used solely for personalisation and segmentation of the newsletter.

Statistical collection and analyses:
The newsletters contain a “web beacon”, i.e. a pixel-sized file which is retrieved when the newsletter is opened from the MailChimp server. By retrieving this file, we collect technical information such as information regarding the browser and your system, as well as your IP address and time at which the file was retrieved. This information is used for technical enhancement of services based on the technical data or audience, and the audience’s reading habits based on the retrieval sites (which can be determined by the IP address) or access times.

Statistical surveys also include determination of whether the newsletter is opened, when it is opened, and which links are clicked. It is technically possible to attribute this information to individual newsletter recipients; however it is not our objective, nor that of MailChimp, to monitor individual users. The analyses actually allow us to learn about the reading habits of our users, and to adapt our content accordingly, or to send different content according to the interests of our users.

Online access and data management:
There are cases in which we direct newsletter recipients to the MailChimp websites, e.g. our newsletters contain a link through which newsletter recipients can open the newsletters online (e.g. if there are display problems in the email program). Furthermore, newsletter recipients can only open the MailChimp data privacy policy on their website.

In relation to this, please note that the MailChimp websites use cookies, and therefore personal data is processed by MailChimp, its partners and service providers (e.g. Google Analytics). We have no influence on this data collection. Other information can be found in the MailChimp data privacy policy Please also note the options available to make complaints regarding data collection for advertising purposes on the websites and (for Europe).

You can unsubscribe from our newsletter at any time, i.e. revoke your consent. This also deletes your consent to delivery via MailChimp and to statistical analyses. Unfortunately, consent to delivery via MailChimp or statistical analysis cannot be revoked separately.
A link to unsubscribe from the newsletter can be found at the end of each newsletter.

Legal basis for the General Data Protection Regulation:
In accordance with the provisions of the General Data Protection Regulation (GDPR) of 25 May 2018, we hereby inform you that consent to sending newsletters to the registered email addresses is based on point (a) of Article 6(1) GDPR and Section 7 GDPR, as well as Section 7, Subsection (2), Number 3 and Subsection (3) Act Against Unfair Competition (Gesetz gegen den unlauteren Wettbewerb, “UWG”).

Use of the MailChimp email marketing service provider, performing statistical surveys and analyses, and tracking of the login process is all done on the basis of our legitimate interests pursuant to point (f) Article 6(1) GDPR

Please also note that you can object to any future processing of your personal data in compliance with the legal provisions pursuant to Article 21 GDPR. An objection can be lodged in particular against processing for direct marketing purposes.

Our social media presence

Data processing by social networks
We have a number of public profiles on social networks. You can find details of the social networks we use further below. Social networks such as Facebook can generally analyse your user behaviour in detail when you visit their website, or a website with integrated social media content (e.g. “Like” buttons or banner advertisements). Visiting our social media webpages triggers numerous processing operations that are relevant in terms of data protection. In detail: If you are logged into your social media account and visit our social media webpage, the operator of the social media portal may associate this visit with your user account. Under certain circumstances, however, your personal data may also be recorded if you are not logged in or if you have no account with the social media portal in question. In such cases, this data is collected using cookies stored on your end device or by storing your IP address, for example. Social media portal operators can use the data they collect in this manner to create user profiles in which your preferences and interests are recorded. This enables them to show you interest-based advertising, both on and off the respective social media webpage. If you have an account with the respective social network, this interest-based advertising can be displayed on all devices on which you are logged in or have previously been logged in. Please note also that we are unable to track all processing operations on social media portals. As such, depending on the provider, it is possible that further processing operations may be performed by the operators of the social media portals. Please see the terms of use and data protection provisions of the respective social media portals for further details.

Legal basis
Our social media webpages are intended to give us as extensive an internet presence as possible. This constitutes a legitimate interest as described in Article 6(1) point f GDPR. Analytical processes initiated by the social networks may be founded on different legal bases which the social network operators must disclose (e.g. consent as described in Article 6(1) point a GDPR).

Controller and exercising of rights
When you visit one of our social media webpages (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. However, our responsibility and related ability to provide information are limited exclusively to the content we have created. In principle, you can exercise your rights (information, rectification, erasure, restriction of processing, data portability and complaints) both against us (with regard to content) and against the operator of the respective social media portal (e.g. Facebook). Please note that, despite our shared responsibility with the social media portal operators, we do not have complete control over the data processing operations of the social media portals. Our capabilities are limited by the company policy of the respective provider.

Storage period
We cannot influence the period for which personal data pertaining to you is stored by the social network operators for their own purposes. Information can be obtained directly from the social network operators (e.g. in their data protection information, see below).

Individual social networks

We have a Facebook profile. The provider of this service is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook is certified under the EU-US Privacy Shield. You can adjust your advertising settings independently in your user account. In order to do so, click on the following link and log in: You can find further details in the Facebook Data Policy:

We have an Instagram profile. The provider of this service is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. You can find details on how Instagram processes your personal data in the Instagram Data Policy:

We have a Pinterest profile. The operator of this service is Pinterest Inc., 808 Brannan Street San Francisco, CA 94103-490, USA (“Pinterest”). You can find details on how Pinterest processes your personal data in the Pinterest Privacy Policy:

We have a XING profile. The provider of this service is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. You can find details on how XING processes your personal data in the XING Privacy Policy:

We have a LinkedIn profile. The provider of this service is LinkedIn Ireland Unlimited CompanyWilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn is certified under the EU-US-Privacy Shield. LinkedIn uses advertising cookies. If you would like to deactivate LinkedIn advertising cookies, please use the following link: You can find details on how LinkedIn processes your personal data in the LinkedIn Privacy Policy:

Updating this data privacy statement
From time to time this data privacy statement may have to be updated, for example by new legal provisions or official requirements, and new offers on our website. We will notify you of this. In general, we recommend that you open this data privacy statement regularly to check whether there are changes. Changes can be identified e.g. by an updated issue status at the bottom of the document.

Printing and saving this data privacy statement
This data privacy statement can be printed and saved directly, for example using the Print or Save function in your browser.

Are you looking for window manufacturers in your area?
Use our manufacturer locator.

Talk to us


The GEALAN ACADEMY offers market-oriented seminars on topics like construction law, sales and window technology.

Do not miss any news!


The GEALAN corporate group is of Europe's leading manufacturers of vinyl profiles for windows and doors.

©2020 GEALAN Fenster-Systeme GmbH
Press and news
©2020 GEALAN Fenster-Systeme GmbH