Privacy Policy GfA website


Edition: III/DW - July 5, 2018




GfA ELEKTROMATEN GmbH & Co. KG (hereinafter "GfA" or "We") is committed to comply with all applicable rules on data protection. With this Privacy Policy we provide information on the type of data GfA will collect or process in the operation of our website, our GfA-Portal or by using our GfA apps. We also inform about your rights with regard to your personal data.

In case of any question you may have with regard to our Privacy Policy please send an e-mail to:


See contact (Data protection)  

or contact us directly per regular mail under: 



Wiesenstr. 81

40549 Düsseldorf





Contact person, responsible body
The responsible body for the collection and processing of your personal data is
GfA ELEKTROMATEN GmbH & Co. KG, Wiesenstraße 81, 40549 Düsseldorf, Germany




Definition of personal data
This is all information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. 




Collection and use of personal data in relation to download and use of our GfA+

GfA provides for a cost-free download of the GfA+ App. The GfA+ App aims at improving our ongoing maintenance, correction of defects and repair services for existing drive systems for industrial doors by offering faster and improved transfer of technical data and by providing assistance or information in writing or by phone.


For this purpose, the GfA+ App in combination with a flash drive provided by GfA enables users to read out data relating to serial numbers and technical status via interfaces of drive systems for industrial doors and to transfer such data to servers operated by GfA. This technical data also comprises steering data of the drive systems. Users may opt to also include a reason for the read-out and a reference number. By reading out GPS data from your mobile device we will identify and record the location of the drive system.


When you download our GfA+ App, we will not store any of your personal data (name, phone number, e-mail address or selected language). The software will create a specific, anonymized identification number, to provide the services. The identification number will allow us to apply client-specific standards when providing our services.


When providing the Services and processing the read-out data GfA will use and save the identification number as well as the read-out steering data of the drive system, including its location.


For users who have registered with the GfA-Portal, GfA displays and provides access to the data collected by applying the GfA+ App. By using the GfA-Portal the data saved via use of the GfA+ App will be linked up with the personal data of your user account according to section 5 of this Privacy Policy.




Use of GfA website without registration

Users are free to visit our GfA website any time without having to provide for personal data. To the extent individual functions or services provided by our website require the collection, processing or use of personal data, GfA will notify and inform users about this beforehand.


We will only analyze your application or use of the GfA website without obtaining an explicit prior consent from you in an anonymized and pseudonymized format. This data comprises date and time of using our website, the type of your browser, the browser configuration and system software, the last internet page visited, the amount of transferred data as well as the user’s IP address. Your service provider is able to identify, which IP address has been allocated to you at any specific point of time. Since this allows for an indirect identification of the person using the address, GfA only saves an abbreviated (anonymized) status of this address, excluding any personal reference of this address.




Collection and use of personal data by use of our GfA-Portal

When first registering for our GfA-Portal we will request and collect personal data from you (first and surname, e-mail address). We will also ask you to create a personal password, which we will save and which will allow you to access your personal account.


To fully benefit from all functions provided by our user account, users may register their mobile device by clicking the button “register mobile device”. This requires use of our GfA+ App according to Section 4 of this Privacy Policy. By entering the registration key created by the GfA+ App the user account will be linked up with the data read out with your mobile device (App-identification number, read-out steering data of the drive systems, location of the drive systems). All such data is accessible to the user by clicking the button „steering cloud” in our GfA-Portal.




Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for the processing of personal data, Art. 6, para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.


When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6, para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.


Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6, para. 1 (c) GDPR serves as the legal basis.


In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6, para. 1 (d) GDPR serves as the legal basis.


If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.




Data deletion and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the responsible body is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract




Sharing your data with third parties

Sharing or any other transmission of your collected personal data to third parties takes place exclusively within the scope of the necessities of contract execution. The transfer of your personal data to third parties is limited to the necessary Minimum.


In principle your personal data will therefore not be passed on to third parties. However, we reserve the right to pass on your data to third parties in the following cases:

▪ Insofar as you have given your express consent pursuant to Art. 6 para. 1 (a) GDPR.

▪ Disclosure is necessary to assert or defend against legal claims (Art. 6 para. 1 sentence 1 (f) GDPR).

▪ Insofar as we are subject to a legal obligation to pass on data pursuant to Art. 6, para. 1 sentence 1 (c) GDPR.

▪ For the fulfillment of contractual and pre-contractual obligations (Art. 6, para. 1 sentence 1 (b) GDPR).




Data processing through third parties

We work with service providers who process certain data on our behalf. This is done exclusively according to the applicable privacy policy. We have concluded particularly agreements with our service providers on data processing on our behalf that meet the requirements of confidentiality (access control, disconnection control, pseudonymisation), integrity (transfer control, input control) and availability and resilience (availability control, rapid recoverability). Thanks to careful selection and regular monitoring, we ensure that our service providers take all organisational and technical measures necessary to protect your data.


For the purpose of delivering the products ordered through our GfA-Portal we transfer the personal data to the logistics provider assigned with the distribution. The logistics provider will only use this data for the purpose of executing the shipping the process.




Job application

You can apply to us by e-mail for job vacancies. The purpose of data collection is to select applicants for possible employment. To process your application, we collect the data you provide (usually your first and last name, e-mail address, application documents such as certificates and CV, date of earliest possible job start and salary expectation). We would like to point out that confidentiality cannot be guaranteed if applications are sent unencrypted by e-mail. As a rule, you can also apply for our job positions by post or directly on site. The legal basis for processing your application documents is Art. 6, para. 1 sentence 1 (b) and Art. 88, para. 1 GDPR in conjunction with § 26 para. 1, sentence 1 German Federal Data Protection Act (BDSG).


We store your personal data upon receipt of your application. If we accept your application and it leads to an employment relationship, we will store your applicant data as long as it is necessary for the employment relationship and as far as legal regulations justify an obligation for storage. If we reject your application, we will store your application data for a maximum of three months after the rejection of your application, unless you give us your consent for a longer storage period. If you have given us your consent separately, we will store the data you have provided in the application in our applicant pool for a further twelve months after completion of the application procedure in order to identify any other interesting job positions for you and to contact you again if necessary. The data will be deleted after this period elapses. You can revoke this consent at any time for the future by sending an e-mail to us: See contact (Karriere)




Right Information, deletion, modification

You have the following rights from us with regard to personal data that concerns you:



Right to confirmation

Each data subject shall have the right to request confirmation from the responsible body for data processing as to whether personal data concerning him/her is being processed. If a data subject wishes to exercise this right of confirmation, he or she can contact our data protection officer or another employee of the responsible body for data processing at any time.



Right to information

Any person affected by the processing of personal data has the right to obtain, at any time and free of charge, information from the responsible body for data processing concerning the personal data relating to him/her stored and a copy of this information. If a data subject wishes to exercise this right of correction, he or she can contact our data protection officer at any time.



Right to correction

You have the right to request from us to correct any incorrect personal data concerning you immediately. Taking into account the purposes of data processing, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration.



Right to deletion (right to be forgotten)

Any person affected by the processing of personal data shall have the right to require the responsible body to delete the personal data concerning him/her immediately, provided that one of the following reasons applies and insofar as data processing is not necessary.


The personal data has been collected or otherwise processed for such purposes for which it is no longer necessary.


The data subject withdraws his/her consent on which the processing was based pursuant to Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR, and there is no other legal basis for the processing.


The data subject opposes data processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate grounds for data processing or the data subject opposes data processing pursuant to Art. 21, para. 2 GDPR.


The personal data has been processed unlawfully. The deletion of the personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the responsible body is subject or if the personal data was collected in relation to information society services offered pursuant to Art. 8, para. 1 GDPR.



Right to limitation of data processing

Any person affected by the processing of personal data shall have the right to require the responsible body to limit data processing if one of the following conditions is met:


The data subject disputes the accuracy of the personal data for a period which allows the responsible body to verify the accuracy of the personal data; the data processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of use of the personal data; the responsible body no longer needs the personal data for the purposes of data processing, but the data subject needs it to assert, exercise or defend legal claims; the data subject has objections to data processing pursuant to Art. 21, para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible body outweigh those of the person concerned.



Right to data portability

Any person affected by the processing of personal data has the right to receive personal data concerning him/her in a structured, common and machine-readable format. He/she shall also have the right to transmit such data to another responsible body without obstruction by the responsible body to whom the personal data has been made available, provided that data processing is based on the consent provided for in Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR or on a contract pursuant to Art. 6, para. 1 (b) GDPR and that data processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority entrusted to the responsible Body.


Furthermore, in exercising his/her right to data portability pursuant to Art. 20, para. 1 GDPR, the data subject has the right that the personal data be transferred directly by a responsible body to another responsible body, provided this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.



Right to complain

If you believe that data processing is unlawful, you have the right to lodge a complaint with your responsible supervisory authority.




Objection to or revocation of the processing of your data

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the legitimacy of processing your personal data after you have given it to use.


If we base the processing of your personal data on the weighing of interests, you may object to data processing. This is the case if data processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue data processing.


Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection using our contact data, as described under No. 2, and also by e-mail to: See contact (Data protection)





When operating our website GfA is using Cookies. Cookies used by GfA collect data exclusively by using pseudonyms. Cookies are files, created by web servers and stored on your computer when communicating with our web server. Cookies enable us, for example, to develop user profiles for marketing purposes, market searches and customer oriented adaptations of our website. Cookies are only applied by using pseudonyms (see Sec. 15 (3) German Law on use of tele media (TMG)). Regardless of the nature and function of individual Cookies you may decide to what extent you will accept Cookies or not by configuring your browser to block or inform you about any attempt to place a Cookie on your system. Accordingly, you may also delete Cookies which have already been installed on your system. For further information please relate to the help function of your internet browser.


Please note that some services provided under our website may not be fully available to you if you do not accept the use of Cookies.




Server log files

The server log files involve anonymous data that is collected when you access our website. This information does not allow any personal conclusions to be drawn about you, but for technical reasons it is indispensable for the delivery and presentation of our content. Furthermore, it is used for our statistics and the constant optimisation of our content. Typical log files include the date and time of access, the amount of data, the browser used for access and its version, the operating system used, the domain name of the provider assigned by you, the page from which you came to our offer (referrer URL) and your IP address. Log files also allow a precise check in case of suspicion of illegal use of our website.




Use of Matomo analytics service (formerly PIWIK)

This website uses the Matomo web analytics service software (, a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Mataomo"), to collect and store data based on our legitimate interest for the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6, para. 1 (f) GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies facilitate, among other things, the recognition of an Internet browser. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym.


If you do not agree to the storage and evaluation of this data from your visit, then you can object to the storage and use at any time with a click of the mouse. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and that you may have to activate it again.


Your visit to this website is currently recorded by Matomo web analytics. Click here so that your visit is no longer recorded.


The Matomo program is an open source project. You can get information on data privacy from the third party provider at




Font Awesome

This website uses web fonts provided by Fonticons, Inc. to consistently display fonts. When you call up a webpage, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, your browser must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address has been used to access our website. The use of web fonts is in the interest of a consistent and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6, para. 1 (f) GDPR. If your browser does not support web fonts, a default font is used by your computer.


For more information about Font Awesome, see:


and the privacy policy of Fonticons, Inc:




Integration of Bootstrap CDN

This website uses the Java-Script Code of LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA 90068, USA (hereinafter referred to as Bootstrap CDN). If Java-Script is activated in your browser and you have not installed and activated a Java-Script-Blocker, your browser will send personal data of this declaration to Bootstrap CDN. The legal basis for the use of Bootstrap CDN is Art. 6 para. 1, sentence 1 (f) GDPR.


For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:


Bootstrap CDN also processes your personal data in the USA and is subject to the EU-US Privacy Shield,




Data security

Personal data is transferred to the website provider via internet by use of the "Secure Socket Layer (SSL)"- coding. The GfA portal is protected against loss, destruction, access, changes to or distribution of personal data by unauthorized third parties through various technical and organizational means.


You may access your account only after entering your e-mail address and your personal password under the section „Access to GfA-Portal“. Only after completing the login you may change your account and registered data. Users shall keep their access data and passwords confidential and secure. After completing your use of the GfA-Portal please logout and close the corresponding browser page.




Changes to these Data Privacy Regulations

We reserve the right to change these data privacy regulations at any time with effect for the future. An up-to-date version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.




This Privacy statement is available for download in .pdf-format under the following link.