Site notice

and data privacy statement

Copyright/contents

Copyright ©2023 GEALAN Fenster-Systeme GmbH. All rights reserved. The information contained on this site is the property of GEALAN Fenster-Systeme GmbH or the named sources.

The contents may not be copied, altered, stored and/or published in whole or in part for any purpose without express written permission.

The trademarks used are copyrights of the respective companies.

All rights reserved. Errors and misprints excepted. The logos and company and product names used in this website are registered trademarks of the respective manufacturers.

Addresses

GEALAN Fenster-Systeme GmbH

Hofer Straße 80
95145 Oberkotzau
Germany

Tel.: +49 - 92 86 / 77-0
Fax: +49 - 92 86 / 77-22 22
E-mailinfo@gealan.de
Websitewww.gealan.de
Commercial register: AG Hof, HRB 702
Managing Directors: Ivica Maurović, Tino Albert

GEALAN Tanna Fenster-Systeme GmbH

Gewerbegebiet Kapelle-Nord 23
07922 Tanna/Thuringia
Germany

Tel.: +49 - 3 66 46 / 3 06-0
Fax: +49 - 3 66 46 / 3 06-50 42
E-mailinfo@gealan.de
Websitewww.gealan.de
Commercial register: AG Jena, HRB 202763
Managing Directors: Tino Albert, Ivica Maurović

VAT identification numbers

GEALAN Holding GmbH: DE 813 535 942
GEALAN Fenster-Systeme GmbH: DE 219 388 958
GEALAN Tanna Fenster-Systeme GmbH: DE 232 544 006
________________________________________
WEEE-Reg.-Nr.: DE 35001489

GEALAN S.A.R.L.: FR 07 483 279 089
GEALAN ITALIA S.r.l.: IT 13 525 950 963
UAB GEALAN BALTIC S.A.: LT 107 648 716
GEALAN Polska Sp. z o.o.: PL 833 122 3577
S.C. GEALAN Romania SRL: RO 914 10 46
GEALAN D.O.O.: HR 029 283 765 09
GEALAN RS D.O.O.: RS103862018

Legal notice/disclaimer

Legal notice

External links from www.gealan.de to third-party websites lead to content owned or managed by the respective provider and are not the responsibility of www.gealan.de. These links are either discernible as such from the context or are separately indicated. We have no influence over the content provided on these websites and make no effort to claim ownership of said content. In particular we accept no responsibility for the statements contained therein. Responsibility can only be established if we had knowledge of breaches of law and were technically able and could be reasonably expected to prevent use of such websites (Section 5 Paragraph 2 of the German Teleservices Act (TDG)/German Legal Framework for Electronic Media (MDStV)). We have checked the external content to a reasonable extent for possible breaches of the law. Breaches of copyright, trademark rights and personal rights and infringements against competition law on third-party websites were not apparent, nor were we aware of any criminal offences.

Information on Online Dispute Resolution

We always strive to resolve any disputes arising from a contract amicably with our customers. For this reason, we have always maintained close contact with our customers. The European Commission provides a platform for online dispute resolution (OS), which you can find at http://ec.europa.eu/consumers/odr/ . We are neither obliged nor willing to participate in a dispute resolution procedure before a consumer arbitration board. The General Consumer Arbitration Board of the Centre for Arbitration e.V., Straßburger Str. 8, 77694 Kehl (www.verbraucher-schlichter.de) would be responsible.

Exclusion of liability

Liability for own content and links
Despite taking the greatest care in creating our website and its content, we cannot accept any liability for the completeness, correctness and currentness of our site content; we do, however, regularly review this content to a reasonable extent and remove any content that may infringe laws as soon as we become aware of it. Our website also contains links to third-party websites; we have no influence over the content provided on these websites and make no effort to claim ownership of said content. For these reasons we accept no liability for this third-party content. These links are either discernible as such from the context or are separately indicated and have been reviewed by us to a reasonable extent for possible legal infringements. We are not responsible for the data protection safeguards on external websites accessed via these links. Please look up these external websites for information on their data protection safeguards. We also review the content of the linked pages to a reasonable extent and where there is evidence of legal infringement; we will remove this content as soon as we become aware of legal infringements.
Exclusion of liability also applies to embedded frames. Frames (or iFrames) are media content or website components which come from a third party and are visually embedded on our website.

Privacy policy

  1. Data protection at a glance
  2. General notes and mandatory information
  3. Cooperation with processors and third parties
  4. Data protection information for suppliers, customers, other business partners and interested parties
  5. Your rights as a data subject
  6. Data collection on our website
  7. Analysis tools, advertising and plugins
  8. Newsletter
  9. Handling of applicant data
  10. Our social media presence

1 Data protection at a glance

General information

GEALAN Fenster-Systeme GmbH, as the operator of this site, takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the EU Data Protection Regulation (EU-GDPR), the local legislation applicable in your country, the German Federal Data Protection Act (BDSG) and the German Telemedia Act (TMG).

The following information provides a simple overview of what happens to your personal data when you visit our website. The term “personal data” comprises all data that can be used to personally identify you. For detailed information on the subject of data protection, please refer to our data protection notices listed below this text.

Data collection on this website

Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find his contact details in the imprint of this website.

How do we collect your data?

On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
 Other data is collected automatically by our IT systems when you visit the website. This is mainly technical data (e. g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.

What do we use your data for (purpose of processing)?

  • Error-free provision of the online offer, its contents and functions.
  • Provision of contractual services, service and customer care.
  • Responding to contact requests and communicating with users.
  • Marketing, advertising and market research.
  • Security measures

What rights do you have regarding your data?

You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the imprint for this purpose and for further questions on the subject of data protection. Furthermore, you have the right to lodge a complaint with the competent supervisory authority.

Third-party analysis tools and tools

When visiting our website, your surfing behaviour can be statistically evaluated. This is done primarily with cookies and so-called analysis programs. The analysis of your surfing behaviour is usually anonymous; the surfing behaviour cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. You will find detailed information on this in the following data protection information.
You can object to this analysis. We will inform you about the possibilities of objection in this data protection notice.

2 General notes and mandatory information

Data protection

When you use this website, various personal data are collected. Personal data is data that can be used to identify you personally. This privacy notice explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission on the Internet (e. g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.

Note on the responsible body

The data controller for this website is:

GEALAN Fenster-Systeme GmbH
Hofer Str. 80
95145 Oberkotzau
Germany

Contact

Phone: +49 - 92 86 / 77-0
Fax: +49 - 92 86 / 77-22 22
E-mail: info[at]gealan.de

You will find further information about our company, details of the persons authorised to represent it and also further contact options in the imprint of our website:
https://www.gealan.de

Data Protection Officer required by law

We have appointed a data protection officer for our company.

GEALAN Fenster-Systeme GmbH
- Data Protection Officer -
Hofer Straße 80
95145 Oberkotzau
Germany
E-Mail: datenschutz@gealan.de

Relevant legal bases

In accordance with Art. 13 GDPR, we inform you of the legal basis for our data processing. If the legal basis is not stated in the data protection information, the following applies: The legal basis for obtaining consent is Art. 6, 1a and Art. 7 GDPR, the legal basis for processing for the fulfilment of our services and implementation of contractual measures as well as answering enquiries is Art. 6, 1b GDPR, the legal basis for processing for the fulfilment of our legal obligations is Art. 6, 1c GDPR, and the legal basis for processing for the protection of our legitimate interests is Art. 6, 1f GDPR.

Changes and updates to the data protection notice

We ask you to inform yourself regularly about the content of our data protection information. We adapt the data protection information as soon as changes to the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content, such as orders or enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

Objection to advertising e-mails

The use of contact data published within the scope of the imprint obligation to send advertising and information material that has not been expressly requested is hereby prohibited. The operators of the pages expressly reserve the right to take legal action in the event of the unsolicited sending of advertising information, such as spam e-mails.

Data deletion

The data processed by us will be deleted or its processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated within the scope of this data protection notice, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I. e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law.

According to legal requirements, data is stored for 6 years in accordance with § 257, 1 HGB (commercial books, inventories, opening balances, annual financial statements, commercial letters, accounting vouchers, etc.) and for 10 years in accordance with § 147, 1 AO (books, records, management reports, accounting vouchers, commercial and business letters, documents relevant for taxation, etc.).

 

3 Cooperation with processors and third parties

Insofar as we disclose data to other persons and companies (processors or third parties) in the course of our processing, transmit it to them or otherwise grant them access to the data, this is only done on the basis of a legal permission (e.g. if a transmission of the data to third parties, such as to payment service providers, is necessary for the performance of the contract pursuant to Art. 6, 1b GDPR), you have consented, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).
 If we commission third parties with the processing of data on the basis of a so-called "order processing agreement", this is done on the basis of Art. 28 GDPR.

External hosting

This website is hosted by an external service provider (hoster). The personal data collected on this website is stored on Microsoft servers (Microsoft Azure Cloud Service) in the USA. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

The hosting service provider used is the:

Sixense Digital SAS (beyond-asset.com)
280, avenue Napoléon Bonaparte
92500 Rueil-Malmaison
France

Phone: +33 1 47 76 42 62

The hoster is used for the purpose of contract fulfilment vis-à-vis our potential and existing customers (Art. 6, 1b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6, 1f GDPR).

Our hoster will only process your data to the extent that this is necessary for the fulfilment of its service obligations and will follow our instructions with regard to this data.

Conclusion of a contract on commissioned processing

In order to ensure data protection-compliant processing, we have concluded an order processing contract with our hoster.

Content Delivery Network (CDN)

Akamai Content Delivery Network

We use the Content Delivery Network (CDN) of Akamai Technologies GmbH, Parkring 20, 85748 Garching Germany (Akamai) to increase the security and delivery speed of our website. A CDN is a network of servers distributed around the world that is able to deliver optimised content to the website user. For this purpose, the following personal data may be processed in server log files by Akmai:

  • Your IP address
  • URLs of visited pages
  • Date and time of access
  • Location based on your IP address and the location of the Akamai server.
  • Telemetry data (e. g. mouse clicks, movement sequences and associated browser data)

The use of Akamai is based on our legitimate interest in providing our website as error-free and secure as possible (Art. 6, 1f GDPR).

You have the right to object to the processing. Whether the objection is successful is to be determined within the framework of a balancing of interests.

The processing of the data provided under this section is not required by law or by contract. The functionality of the website is not guaranteed without the processing.

Your personal data will be stored by Akamai for as long as is necessary for the purposes described.

You can find more information on objection and removal options vis-à-vis Akamai at: https://www.akamai.com/de/de/multimedia/documents/akamai/akamai-data-protection-addendum.pdf

Akamai has implemented compliance measures for international data transfers. These apply to all global activities where Akamai processes personal data of individuals in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). For more information, please visit: https://www.akamai.com/us/en/multimedia/documents/akamai/akamai-pre-signed-eu-standard-contractual-clauses.pdf

Data processing

We have concluded a Data Processing Agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which guarantees that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Transfers to third countries

If we process data in a third country (i. e. outside the European Union (EU) or the European Economic Area (EEA)) or if this is done in the context of using third-party services or disclosing or transferring data to third parties, this is only done if it is done in order to fulfil our (pre-)contractual obligations, on the basis of your consent, due to a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process or allow the processing of data in a third country if the special requirements of Art. 44 ff. GDPR are met. This means that the processing is carried out, for example, on the basis of special guarantees, such as the officially recognised determination of a level of data protection corresponding to the EU or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").

 

4 Data protection information for suppliers, customers, other business partners and interested parties

Collection and storage of personal data; type, purpose and use

We would like to point out that we collect, store, process and use the personal data we collect from suppliers, customers, other business partners and interested parties, in particular name, address, telephone number, e-mail address, contact details of contact persons, customer number as well as order and delivery data for the purpose of initiating, establishing and processing contractual and delivery relationships, including delivery, payment and any warranty or product liability.

Your personal data is required for the conclusion and processing of a contract. You are not obliged to provide this data. However, we cannot conclude a contract with you without this data. In this respect, the processing of your data is based on Article 6, 1b GDPR.
Your personal data may also be processed on the basis of your consent pursuant to Article 6, 1a   (e.g. use of log-in areas). Furthermore, we collect, store, process and use this data for the purpose of maintaining customer or business relationships, marketing and advertising our own products and services. In this respect, your data is processed on the basis of Article 6, 1b GDPR. Our legitimate interest in processing your data results in this respect from our efforts to publicise and sell our own products and services as well as to improve our logistical processes and optimise our services.
Furthermore, we process data which we receive from credit agencies (for example from SCHUFA) under the legal conditions for the purpose of credit checks regarding our suppliers, customers and other business partners. In this respect, your data is processed on the basis of Article 6, 1b GDPR. Our legitimate interest in processing this data arises from the fact that we receive the contractually owed consideration (e.g. remuneration) for our services. Apart from that, we do not make any automated decisions.

Disclosure of data to third parties

Personal data is not passed on to third parties, with the exception of

·       Transfers to third parties who are involved by us in the fulfilment of contractual and delivery relationships, for example to the banking institutions/payment service providers processing payments and to the transport companies/shipping companies processing deliveries;

·       Transfers to third parties who are engaged by us in the context of marketing and advertising for our own products and services, for example to marketing service providers and printers;

·       Transfers to specialised service providers who provide services for us on our instructions and under our responsibility within the scope of the purposes stated above (processors), for example IT service providers;

·       Transfer within the group of companies within the scope of the so-called small group privilege (legitimate interest pursuant to Art. 6, 1f. GDPR)

·       Transfers to third parties that we are legally obliged to make, for example to the tax office or other state authorities;

·       Transfers to third parties to fulfil our obligations under commercial and tax law, for example to our tax advisor.

Data is only transferred to a third country outside the European Union, which is also not a contracting state of the Agreement on the European Economic Area, if this data transfer is necessary for the fulfilment of a contract existing between you and us (for example, delivery to a third country).
 Your data will be processed for the duration of the initiation and processing of a contractual or delivery relationship and for the duration of the continuation of obligations arising from a contractual or delivery relationship, for example any warranty or product liability obligations, as well as for the duration of statutory retention periods on the basis of Art. 6, 1c GDPR.
 Insofar as we process personal data for the purpose of advertising, you have the right to object at any time to the processing of personal data relating to you for the purpose of advertising. If you object to the processing for advertising purposes, your personal data will no longer be processed for these purposes.

5 Your rights as a data subject (data subject rights)

Information, restriction/blocking, deletion

Within the framework of the applicable legal provisions, you have the right at any time to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if applicable, a right to correction, restriction/blocking or deletion of this data. For this purpose as well as for further questions on the subject of personal data, you can contact us at any time at the address given in the imprint.

Revocation of your consent to data processing

Many data processing operations are only possible with your express consent. You can revoke consent you have already given at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing carried out until the revocation remains unaffected by the revocation.

Right to data portability

You have the right to have data that we process automatically on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.

Right of appeal to the competent supervisory authority (complaints office)

If you have any complaints, suggestions or questions, please contact our data protection officer.
 In the event of violations of data protection law, the person concerned has the right to lodge a complaint with a supervisory authority. Our competent data protection supervisory authority is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18, 91522 Ansbach
Phone: +49 (0) 981 180093-0
E-mail: poststelle(at)lda.bayern.de

 

6 Data collection on our website

Server log files

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:

  • Browser type and version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  •  IP address

This data is not merged with other data sources.

The basis for the data processing is Art. 6, 1b  GDPR, which permits the processing of data for the fulfilment of a contract or pre-contractual measures.

Cookies

Our internet pages use so-called "cookies". Cookies are small text files and do not cause any damage to your terminal device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your end device. Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.

In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These enable us or you to use certain services of the third-party company (e. g. cookies for processing payment services).

Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e. g. the shopping cart function or the display of videos). Other cookies are used to evaluate user behaviour or display advertising.

Technically necessary cookies, are stored in accordance with § 25 TDDDG on the basis of Art. 6, 1f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing cookies for the technically error-free and optimised provision of its services. If consent to the storage of cookies has been requested, the storage of the cookies in question is based exclusively on this consent (Art. 6, 1a GDPR). The consent can be revoked at any time.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

If cookies are used by third-party companies or for analysis purposes, we will inform you about this separately within the scope of this data protection notice and, if necessary, request your consent.

Consent request via CookieBot

Our website uses the consent technology of Cookiebot to obtain your consent to the storage of certain cookies on your terminal device or to the use of certain technologies and to document this in accordance with data protection law. The provider of this technology is Cybot A/S, Havnegade 39, 1058 Copenhagen, Denmark (hereinafter "Cookiebot").

When you enter our website, a connection is established to the servers of Cookiebot in order to obtain your consent and other declarations regarding the use of cookies. Cookiebot then stores a cookie in your browser in order to be able to assign the consents given to you or their revocation. This cookie is technically necessary for the fulfilment of the legal obligation to request consent and is therefore free of consent in accordance with § 25 TDDDG. The data collected in this way is stored until you request us to delete it, delete the Cookiebot cookie yourself or the purpose for storing the data no longer applies. Mandatory legal storage obligations remain unaffected.

Cookiebot is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6, 1c GDPR.

Data processing

We have concluded a data processing agreement (DPA) with the above-mentioned provider. This is a contract required by data protection law, which ensures that the provider only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Contact us / Contact form

If you send us enquiries via the contact form, your details from the enquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
The processing of the data entered in the contact form is thus exclusively based on our legitimate interest (Art. 6, 1f GDPR) in processing and answering your enquiry as quickly as possible. If the contact request is of a business nature, the legal basis for the processing is the initiation of a contract pursuant to Art. 6, 1b GDPR. The data you enter in the contact form will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

Request by e-mail, telephone or fax

If you contact us by e-mail, telephone or fax, your enquiry including all resulting personal data (name, enquiry) will be stored and processed by us for the purpose of processing your request. We will not pass on this data without your consent.

The processing of this data is based on Art. 6, 1b GDPR if your request is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the enquiries addressed to us (Art. 6, 1f GDPR) or on your consent (Art. 6, 1a GDPR) if this has been requested.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e. g. after we have completed processing your request). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

Communication via WhatsApp

For communication with our customers and other third parties, we use, among other things, the instant messaging service WhatsApp. The provider is WhatsApp Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

Communication takes place via end-to-end encryption (peer-to-peer), which prevents WhatsApp or other third parties from gaining access to the communication content. However, WhatsApp obtains access to metadata that is generated in the course of the communication process (e. g. sender, recipient and time). We would also like to point out that, according to its own statement, WhatsApp shares personal data of its users with its parent company Meta, which is based in the USA. Further details on data processing can be found in WhatsApp's privacy policy at: https://www.whatsapp.com/legal/#privacy-policy.

WhatsApp is used on the basis of our legitimate interest in communicating as quickly and effectively as possible with customers, interested parties and other business and contractual partners (Art. 6, 1f GDPR). If a corresponding consent has been requested, the data processing is carried out exclusively on the basis of the consent; this can be revoked at any time with effect for the future.

The communication content exchanged between and on WhatsApp remains with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory legal provisions - in particular retention periods - remain unaffected.

We use WhatsApp in the "WhatsApp Business" variant.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.whatsapp.com/legal/business-data-transfer-addendum.

We have set our WhatsApp accounts so that it does not automatically match data with the address book on the smartphones in use.

We have concluded an order processing agreement (DPA) with the above-mentioned provider.

Communication via LiveChat

We use LiveChat to process user enquiries via our support channels or live chat systems. The provider is LiveChat Inc, 101 Arch Street, 8th Floor, Boston MA 02110, USA.

Messages you send to us may be stored in the LiveChat ticket system or answered in LiveChat by our staff. When you communicate with us via LiveChat, all the data you entered before the chat began (e. g. name or chat ID, address and telephone number) as well as your IP address, country of origin, browser used and terminal device, website called up and messages exchanged are summarised in a profile and stored on LiveChat's servers in the USA, among other places. LiveChat uses the standard contractual clauses of the EU Commission as the basis for data processing and transfer. 
Further information on the standard contractual clauses at LiveChat can be found at https://www.livechat.com/legal/for-clients/#privacy-faq.

The messages sent to us remain with us until you request us to delete them or the purpose for storing the data no longer applies (e.g. after processing your enquiry has been completed). Mandatory statutory provisions - in particular statutory retention periods - remain unaffected.

We also use LiveChat to analyse the behaviour of our users.

LiveChat is used exclusively on the basis of Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

For more information, please see LiveChat's privacy policy at https://www.livechat.com/legal/privacy-policy/?tid=331688480143.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

Registration on this website

You can register on this website to use additional functions on the site. We will only use the data entered for this purpose for the purpose of using the respective offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we will reject the registration.

For important changes, for example in the scope of the offer or in the case of technically necessary changes, we use the e-mail address provided during registration to inform you in this way.

The data entered during registration is processed for the purpose of implementing the user relationship established by registration and, if necessary, for initiating further contracts (Art. 6, 1b GDPR).

The data collected during registration will be stored by us for as long as you are registered on this website and will then be deleted. Legal retention periods remain unaffected.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

7 Analysis tools, advertising and plugins

Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. In doing so, the website operator receives various usage data, such as page views, length of stay, operating systems used and the origin of the user. This data is summarised in a user ID and assigned to the respective end device of the website visitor.

Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Furthermore, Google Analytics uses various modelling approaches to complement the data sets collected and uses machine learning technologies in the data analysis.

Google Analytics uses technologies that enable the recognition of the user for the purpose of analysing user behaviour (e. g. cookies or device fingerprinting). The information collected about the use of this website is first transferred to our own servers due to so-called server side tracking. This enables us to shorten, anonymise or encrypt the data before it is transferred to a Google server in the USA and stored there.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

IP anonymisation

We have activated the IP anonymisation function on this website. This means that your IP address is shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can find more information on how Google Analytics handles user data in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

Google signals

We use Google signals. When you visit our website, Google Analytics collects, among other things, your location, search history and YouTube history, as well as demographic data (visitor data). This data can be used for personalised advertising with the help of Google signals. If you have a Google account, the visitor data from Google Signal will be linked to your Google account and used for personalised advertising messages. The data is also used to create anonymised statistics on the user behaviour of our users.

Data processing

We have concluded an order processing contract with Google and fully implement the strict requirements of the German data protection authorities when using Google Analytics.

Storage period

Data stored by Google at user and event level that are linked to cookies, user identifiers (e. g. user ID) or advertising IDs (e.g. DoubleClick cookies, Android advertising ID) are anonymised or deleted after 14 months. For details, please see the following link: https://support.google.com/analytics/answer/7667196?hl=en.

 

Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create user profiles, does not store cookies and does not perform any independent analyses. It only serves to manage and play out the tools integrated via it. However, the Google Tag Manager collects your IP address, which may also be transmitted to Google's parent company in the United States.

The use of the Google Tag Manager is based on Art. 6 (1)f GDPR. The website operator has a legitimate interest in a quick and uncomplicated integration and management of various tools on his website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6, 1a GDPR and § 25, 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e. g. device fingerprinting) as defined by the TDDDG. The consent can be revoked at any time.

 

Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter "DoubleClick").

DoubleClick is used to show you interest-based advertisements throughout the Google advertising network. The ads can be targeted to each viewer's interests using DoubleClick. For example, our ads may be displayed in Google search results or in banner ads associated with DoubleClick.

In order to be able to display interest-based advertising to users, DoubleClick must be able to recognise the respective viewer and associate the web pages visited, clicks and other information on user behaviour with them. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e. g. device fingerprinting). The information collected is combined into a pseudonymous user profile in order to display interest-based advertising to the relevant user.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

For more information on how to object to Google displaying advertisements, please see the following links: policies.google.com/technologies/ads and adssettings.google.com/authenticated.

 

Google Floodlight

Our website uses the online marketing tool Floodlight by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. The data controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland.

Floodlight uses cookies to serve ads that are relevant to users, to improve campaign performance reports or to prevent a user from seeing the same ads more than once. Google uses a cookie ID to record which ads are shown in which browser and can thus prevent them from being shown more than once.

In addition, Floodlight can use cookie IDs to record so-called conversions that are related to ad requests. This is the case, for example, when a user sees a Campaign Manager ad and later visits the advertiser's website with the same browser and makes a purchase. According to Google, Campaign Manager cookies do not contain any personal information.

The cookie ID or smartphone ID is linked to the browser, i.e. if you use several devices, for example phone, tablet and two different browsers on one laptop, each device or browser is identified separately. Due to the marketing tools used, your browser automatically establishes a direct connection with Google's server. We have no influence on the scope and further use of the data collected by Google through the use of this tool and therefore inform you according to our level of knowledge.

By integrating Floodlight, Google receives the information that you have called up the corresponding part of our website or clicked on one of our advertisements. If you are registered with a Google service, Google can assign the visit to your account. Even if you are not registered with Google or have not logged in, it is possible that the provider may obtain and store your IP address.

In addition, the Floodlight pixel used allows us to understand whether you take certain actions on our website after viewing or clicking on one of our displays/video ads on Google or on another platform via Floodlight (conversion tracking). Floodlight uses this pixel to understand the content you have interacted with on our websites in order to send you targeted advertising later.

We base the use of Floodlight on your voluntarily given consent pursuant to Art. 6, 1 a) GDPR in conjunction with § 25, 1 TDDDG. This consent can be revoked at any time.

Where data is processed outside the EEA, where there is no level of data protection equivalent to the European standard, we have concluded EU standard contractual clauses with the service provider to establish a secure level of data protection.

Further information on data protection at Google in general: https://policies.google.com/privacy?hl=en.

 

Google Ads

The website operator uses Google Ads. Google Ads is an online advertising programme of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Ads enables us to display advertisements in the Google search engine or on third-party websites when the user enters certain search terms on Google (keyword targeting). Furthermore, targeted advertisements can be played on the basis of the user data available at Google (e.g. location data and interests) (target group targeting). As the website operator, we can evaluate this data quantitatively by analysing, for example, which search terms have led to the display of our advertisements and how many advertisements have led to corresponding clicks.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: policies.google.com/privacy/frameworks and privacy.google.com/businesses/controllerterms/mccs/.

 

Google AdSense (not personalised)

This website uses Google AdSense, a service for integrating advertisements. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use Google AdSense in "non-personalised" mode. In contrast to the personalised mode, the advertisements are therefore not based on your previous user behaviour and no user profile of you is created. Instead, so-called "contextual information" is used to select the advertisements. The selected advertisements are then based, for example, on your location, the content of the website you are on or your current search terms. You can find out more about the differences between personalised and non-personalised targeting with Google AdSense at: https://support.google.com/adsense/answer/9007336.

Please note that cookies or comparable recognition technologies (e. g. device fingerprinting) may also be used when using Google Adsense in non-personalised mode. According to Google, these are used to combat fraud and abuse.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://adssettings.google.com/authenticated.

Further information on Google's advertising technologies can be found here: https://policies.google.com/technologies/ads and https://www.google.de/intl/de/policies/privacy/.

 

Google Ads Remarketing

This website uses the functions of Google Ads Remarketing. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With Google Ads Remarketing, we can assign people who interact with our online offering to specific target groups in order to subsequently display interest-based advertising to them in the Google advertising network (remarketing or retargeting).

Furthermore, the advertising target groups created with Google Ads Remarketing can be linked with Google's cross-device functions. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e. g. mobile phone) can also be displayed on another of your end devices (e. g. tablet or PC).

If you have a Google account, you can object to personalised advertising at the following link: https://www.google.com/settings/ads/onweb/.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

Further information and the data protection provisions can be found in Google's privacy policy at: https://policies.google.com/technologies/ads?hl=en.

Target group formation with customer matching

For target group formation, we use, among other things, the customer matching of Google Ads Remarketing. In this process, we transfer certain customer data (e. g. email addresses) from our customer lists to Google. If the customers in question are Google users and logged into their Google account, they are shown matching advertising messages within the Google network (e. g. on YouTube, Gmail or in the search engine).

Google Conversion Tracking

This website uses Google Conversion Tracking. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

With the help of Google conversion tracking, Google and we can recognise whether the user has performed certain actions. For example, we can evaluate which buttons on our website were clicked how often and which products were viewed or purchased particularly frequently. This information is used to create conversion statistics. We learn the total number of users who clicked on our ads and what actions they took. We do not receive any information with which we can personally identify the user. Google itself uses cookies or comparable recognition technologies for identification.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

You can find more information on Google conversion tracking in Google's privacy policy: https://policies.google.com/privacy?hl=en.

 

Google Fonts

This website uses various Google services. If the functions of Google Maps, YouTube and Google DoubleClick, among others, are used, Google Fonts are downloaded from these services for the purpose of uniform display of the fonts. When calling up Google Maps, YouTube, etc., your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google services that reload Google Fonts is based on Art. 6, 1f GDPR, unless a corresponding consent was requested in accordance with Art. 6, 1a GDPR and § 25, 1 TDDDG. The legitimate interest is also based on the same justification that was given for the corresponding service.

The Google Fonts are reloaded by the corresponding Google services for the purpose of uniform display. For the purposes of using the Google services that reload Google Fonts, please refer to the respective section on the corresponding Google service.

Insofar as a corresponding consent has been requested, this can be revoked at any time. If the processing is based on legitimate interest, there is no possibility to object.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google's privacy policy: https://policies.google.com/privacy?hl=en.

 

Meta Pixel (formerly Facebook Pixel)

This website uses the visitor action pixel from Facebook/Meta for conversion measurement. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. However, according to Facebook, the data collected is also transferred to the USA and other third countries.

In this way, the behaviour of page visitors can be tracked after they have been redirected to the provider's website by clicking on a Facebook ad. This allows the effectiveness of the Facebook ads to be evaluated for statistical and market research purposes and future advertising measures to be optimised.

The data collected is anonymous for us as the operator of this website, we cannot draw any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://de-de.facebook.com/about/privacy/). This enables Facebook to display advertisements on Facebook pages as well as outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of this service is based on your consent according to Art. 6, 1a GDPR and § 25, 1 TDDDG. The consent can be revoked at any time.

We use the advanced matching function within the meta pixel.

Advanced matching allows us to transmit to Meta (Facebook) various types of data (e. g. place of residence, state, postcode, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects that we collect through our website. This activation allows us to tailor our advertising campaigns on Facebook more precisely to people who are interested in our offers. In addition, advanced matching improves attribution of website conversions and enhances Custom Audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Facebook, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Facebook. The processing by Facebook that takes place after the forwarding is not part of the joint responsibility. The obligations incumbent on us jointly have been set out in a joint processing agreement. The text of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing the data protection information when using the Facebook tool and for the data protection-secure implementation of the tool on our website. Facebook is responsible for the data security of the Facebook products. You can assert data subject rights (e. g. requests for information) regarding the data processed by Facebook directly with Facebook. If you assert the data subject rights with us, we are obliged to forward them to Facebook.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://en-en.facebook.com/help/566994660333381.

You can find further information on protecting your privacy in Facebook's privacy policy: https://de-de.facebook.com/about/privacy/.

You can also deactivate the "Custom Audiences" remarketing function in the ad settings section at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you must be logged in to Facebook.

If you do not have a Facebook account, you can disable usage-based advertising from Facebook on the European Interactive Digital Advertising Alliance website: http://www.youronlinechoices.com/de/praferenzmanagement/.

 

Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform font display. When you call up Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.

Google Maps is used in the interest of an appealing presentation of our online offers and to make it easy to find the places we have indicated on the website. This constitutes a legitimate interest within the meaning of Art. 6 (1)f GDPR. Insofar as a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6, 1a GDPR and § 25, 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

More information on the handling of user data can be found in Google's privacy policy: https://policies.google.com/privacy?hl=en.

 

YouTube with enhanced data protection

This website embeds videos from YouTube. The operator of the pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in extended data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. However, the disclosure of data to YouTube partners is not necessarily excluded by the extended data protection mode. Thus, YouTube establishes a connection to the Google DoubleClick network - regardless of whether you watch a video.

. As soon as you start a YouTube video on this website, a connection to the YouTube servers is established. This tells the YouTube server which of our pages you have visited. If you are logged into your YouTube account, you enable YouTube to assign your surfing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.

Furthermore, after starting a video, YouTube may store various cookies on your end device or use comparable recognition technologies (e. g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts.

These and, if applicable, further data processing processes take place by YouTube and are beyond our sphere of influence. The responsible party for these processing operations is YouTube. The use of YouTube exclusively on the basis of the consent of the visitor pursuant to Art. 6, 1a GDPR and § 25, 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. The consent can be revoked at any time.

For more information about privacy at YouTube, please see their privacy notice at: https://policies.google.com/privacy?hl=en.

 

Bimobject

We make Bimobject available to you on our website. The provider is BIMobject AB, Studio, Nordenskiöldsgatan 24, 211 19 Malmö, Sweden.

BIM is short for Building Information Modelling and stands for the smarter use of information (data) to build better and greener buildings faster. It is a digital building process where information (data) about each component is collected and managed across the project team and the entire lifecycle of the building. The software enables architects and engineers to create parametric building models, visualising construction and design in 3D.

Already today, all BIM files for Revit® & IFC format (Industry Foundation Classes = open standard of the buildingSmart organisation) can be generated manually at GEALAN upon request.
 As one of the first system providers, we are already able to generate BIM data for the Revit® software for almost every conceivable GEALAN product in the area of windows & doors. In particular, we can integrate our window elements in the GEALAN-KUBUS® system into the architect's planning at a very early stage.

When calling up a sub-page with the BIMobject plugins, the website establishes a connection to Bimobject. Personal data (e. g. IP address) may be transmitted in the process.

We provide BIMobject to facilitate the planning of Gealan products for our customers and to present our products in an appealing way. This represents a legitimate interest within the meaning of Art. 6, 1b GDPR. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6, 1a GDPR; the consent can be revoked at any time.

Further information on the handling of user data can be found in BIMobject's privacy policy at: https://business.bimobject.com/privacy-policy.

8 Newsletter

With the following information, we inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights of objection. By subscribing to our newsletter, you agree to receive it and to the procedures described.

  1. Content of the newsletter: We send newsletters, e-mails and other electronic notifications with promotional information (hereinafter "newsletter") only with the consent of the recipients or a legal permission. Insofar as the contents of the Newsletter are specifically described in the course of registration, they shall be decisive for the consent of the users. In addition, our newsletters contain information about our products, offers, promotions and our company.
     
  2. Double opt-in and logging: Registration for our newsletter takes place in a so-called double opt-in process. This means that after registration you will receive an e-mail in which you are asked to confirm your registration. This confirmation is necessary so that no one can register with other email addresses. The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address. Changes to your data stored with the dispatch service provider are also logged.
     
  3. The newsletter is sent and its success measured on the basis of the recipients' consent pursuant to Art. 6, 1a, Art. 7 GDPR in conjunction with Section 7, 2 no. 3 UWG or on the basis of the legal permission pursuant to Section 7, 3 UWG.
     
  4. The logging of the registration process is based on our legitimate interests pursuant to Art. 6, 1f GDPR and serves as proof of consent to receive the newsletter.
     
  5. Cancellation/revocation - Newsletter recipients can cancel the receipt of our newsletter at any time, i. e. revoke their consent. You will find a link to cancel the newsletter at the end of each newsletter. When you unsubscribe from the newsletter, your personal data will be deleted, unless their retention is legally required or justified, in which case their processing will be limited to these exceptional purposes only. In particular, we may store unsubscribed email addresses for up to three years based on our legitimate interests before deleting them for the purposes of sending newsletters in order to be able to prove consent previously given. The processing of this data is limited to the purpose of a possible defence against claims. An individual deletion request is possible at any time, provided that the former existence of consent is confirmed at the same time.

Brevo

This website uses Brevo to send newsletters. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin, Germany.

Brevo is a service with which, among other things, the sending of newsletters can be organised and analysed. The data you enter for the purpose of receiving the newsletter is stored on the servers of Sendinblue GmbH in Germany.

Data analysis by Brevo

With the help of Brevo, we are able to analyse our newsletter campaigns. For example, we can see whether a newsletter message was opened and which links, if any, were clicked. In this way, we can determine, among other things, which links were clicked on particularly often.

In addition, we can see whether certain previously defined actions have been carried out after opening/clicking (conversion rate). For example, we can see whether you have made a purchase after clicking on the newsletter.

Brevo also allows us to subdivide ("cluster") the newsletter recipients according to various categories. The newsletter recipients can be subdivided according to age, gender or place of residence, for example. In this way, the newsletters can be better adapted to the respective target groups.

If you do not want any analysis by Brevo, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in every newsletter message.

For detailed information on the functions of Brevo, please see the following link: https://www.brevo.com/de/newsletter-software/.

Legal basis

The data processing is based on your consent (Art. 6, 1a GDPR). You can revoke this consent at any time. The legality of the data processing operations already carried out remains unaffected by the revocation.

Storage period

The data you provide us with for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. Data that has been stored by us for other purposes remains unaffected by this.

After you have unsubscribed from the newsletter distribution list, your email address will be stored by us or the newsletter service provider in a blacklist if necessary to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6, 1f GDPR). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.

For more details, please refer to Brevo's privacy policy at: https://www.brevo.com/de/datenschutz-uebersicht/ and https://www.brevo.com/de/legal/privacypolicy/.

Data processing

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract required by data protection law, which ensures that this service only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

9 Handling of applicant data

Handling of applicant data

We are pleased that you are interested in us and are applying or have applied for a position in our company. In the following, we inform you about the scope, purpose and use of your personal data collected as part of the application process. We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other statutory provisions and that your data will be treated in strict confidence.

Scope and purpose of data collection

If you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes in the context of job interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is § 26 BDSG under German law (initiation of an employment relationship), Art. 6, 1b GDPR (general contract initiation) and - if you have given your consent - Art. 6, 1a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.
If the application is successful, the data submitted by you will be stored in our data processing systems on the basis of Section 26 BDSG and Art. 6, 1b GDPR for the purpose of implementing the employment relationship.
Should the data be required for legal prosecution after the application process has been completed, data processing may be carried out on the basis of the requirements of Art. 6 GDPR (Basic Data Protection Regulation), in particular to safeguard legitimate interests pursuant to Art. 6, 1f GDPR. Our interest then consists in the assertion or defence of claims.

Retention period of the data

If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have provided on the basis of our legitimate interests (Art. 6, 1f GDPR) for up to 6 months from the end of the application process (rejection or withdrawal of the application). The data will then be deleted and the physical application documents destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e. g. due to an impending or pending legal dispute), the data will not be deleted until the purpose for further retention no longer applies.
Longer storage may also take place if you have given your consent (Art. 6, 1a GDPR) or if legal storage obligations prevent deletion.

Admission to the applicant pool

If we do not make you a job offer, it may be possible to include you in our applicant pool. In the event of inclusion, all documents and details from the application will be transferred to the applicant pool in order to contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6, 1a GDPR). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.

Recipients of your data

Your application data will be reviewed by the HR department after receipt of your application. Suitable applications are then forwarded internally to the department heads for the respective open position. The further procedure is then coordinated. In principle, only those persons in the company have access to your data who require it for the proper conduct of our application procedure.

Place of data processing

The data is processed exclusively on servers in data centres in the Federal Republic of Germany.

Apply with finest jobs profile

As part of the online application process, you have the opportunity to apply for a job offer with your personal finest jobs profile. By clicking on the "Apply with finest jobs profile" button, you will be connected to the finest jobs platform, redirected to it and leave our websites at this point. Corresponding information on data protection at finest jobs can be found at https://www.finest-jobs.com/Datenschutz.

10 Our social media presences

Data processing by social networks

We maintain publicly accessible profiles on social networks. The individual social networks we use can be found below.

Social networks such as Facebook, Twitter, etc. can usually comprehensively analyse your user behaviour when you visit their website or a website with integrated social media content (e. g. like buttons or advertising banners). By visiting our social media presences, numerous data protection-relevant processing operations are triggered. In detail:

If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected under certain circumstances if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your end device or by recording your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

Legal basis

Our social media presences are intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6, 1f GDPR. The analysis processes initiated by the social networks may be based on different legal grounds, which are to be stated by the operators of the social networks (e. g. consent within the meaning of Art. 6, 1a GDPR).

Responsible person and assertion of rights

If you visit one of our social media sites (e. g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both vis-à-vis us and vis-à-vis the operator of the respective social media portal (e. g. vis-à-vis Facebook).

Please note that despite the joint responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period

The data collected directly by us via the social media presence will be deleted from our systems as soon as you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies. Stored cookies remain on your end device until you delete them. Mandatory legal provisions - in particular retention periods - remain unaffected.

We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their data protection notices, see below).

Social networks in detail

Facebook

We have a profile on Facebook. The provider of this service is Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. According to Facebook, the data collected is also transferred to the USA and other third countries.

We have entered into a Joint Processing Agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we or Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: www.facebook.com/legal/terms/page_controller_addendum.

You can adjust your advertising settings independently in your user account. To do so, click on the following link and log in: www.facebook.com/settings.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum and en-en.facebook.com/help/566994660333381.

For details, please refer to Facebook's privacy policy: www.facebook.com/about/privacy/.

Instagram

We have a profile on Instagram. The provider is Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.facebook.com/legal/EU_data_transfer_addendum, help.instagram.com/519522125107875 and en-en.facebook.com/help/566994660333381.

For details on how they handle your personal data, please refer to Instagram's privacy policy: https://help.instagram.com/519522125107875.

Pinterest

We have a profile on Pinterest. The provider is Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland. For details on how they handle your personal data, please refer to Pinterest's privacy policy: https://policy.pinterest.com/de/privacy-policy

LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn advertising cookies, please use the following link: www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
 Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: www.linkedin.com/legal/l/dpa and www.linkedin.com/legal/l/eu-sccs. For details on their handling of your personal data, please refer to LinkedIn's privacy policy: www.linkedin.com/legal/privacy-policy.

XING

We have a profile on XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. Details on how they handle your personal data can be found in the XING privacy policy: https://privacy.xing.com/en/privacy-policy.

YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

For details on how they handle your personal data, please refer to YouTube's privacy policy: https://policies.google.com/privacy?hl=en

YouTube with expanded data protection integration

Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.

We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network.

As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account.

Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e. g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud.

Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control.

The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6, 1f GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6, 1a GDPR and § 25 para 1 TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e. g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under:  https://policies.google.com/privacy?hl=en.

 

 

Wonderlink

On our social media channels we use a link tree (Wonderlink) from the company Seyffert mit Himmelspach GmbH (Boppstrasse 10, 10967 Berlin). Wonderlink has the task of directing users to further GEALAN websites. The Wonderlink link tree does not use cookies or other technologies to create user profiles or to analyse user data in any way.
 You can contact Seyffert mit Himmelspach GmbH about data protection issues via the email address support(at)wonderlink.de. Here you will find further information on Wonderlink as well as the privacy policy of Seyffert mit Himmelspach GmbH.

Yumpu

We use the provider i-magazine AG ("Yumpu"), Gewerbestrasse 3, 9444 Diepoldsau, Switzerland, to display flip page catalogues on our website. By means of Yumpu, the content of pdf files is displayed as a so-called flip catalogue for everyone, freely accessible and easy to read directly in the web browser, without the need to load pdf files. To run the service, your web browser retrieves the content directly from Yumpu. Yumpu receives - as with every website - your IP address as well as information about your web browser, operating system, date and time of the request as well as the so-called referrer data (de.wikipedia.org/wiki/Referrer), provided that the referrer data is not disguised by your browser. You can find more information in Yumpu's privacy policy at www.yumpu.com/de/info/privacy_policy.

 

Cookie settings

Have we aroused your interest?

Contact us, we will be happy to help you.

Questions?

Talk to us

GEALAN ACADEMY

The GEALAN ACADEMY offers market-oriented seminars on topics like construction law, sales and window technology.

Do not miss any news!

I want to receive newsletter "Reference Building of the Month" and GEALAN news via E-Mail (approx. twice a month) - free of charge and terminable at any time.

Gealan

The GEALAN corporate group is of Europe's leading manufacturers of vinyl profiles for windows and doors.

©2024 GEALAN Fenster-Systeme GmbH