Privacy Policy GfA website
Edition: IX/DW - July 22, 2024
1.
General
GfA ELEKTROMATEN GmbH & Co. KG (hereinafter "GfA" or "We") is committed to comply with all applicable rules on data protection. With this Privacy Policy we provide information on the type of data GfA will collect or process in the operation of our website, our GfA-Portal or by using our GfA apps. We also inform about your rights with regard to your personal data.
In case of any question you may have with regard to our Privacy Policy please send an e-mail to:
or contact us directly per regular mail under:
GfA ELEKTROMATEN GmbH & Co. KG
Datenschutzbeauftragter
Wiesenstr. 81
40549 Düsseldorf
Germany
2.
Contact person, responsible body
The responsible body for the collection and processing of your personal data is
GfA ELEKTROMATEN GmbH & Co. KG, Wiesenstraße 81, 40549 Düsseldorf, Germany
3.
Definition of personal data
This is all information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.
4.
Collection and use of personal data in relation to download and use of our GfA+
GfA provides for a cost-free download of the GfA+ App from the Apple App Store or Google Play Store. The GfA+ App aims at improving our ongoing maintenance, correction of defects and repair services for existing drive systems for industrial doors by offering faster and improved transfer of technical data and by providing assistance or information in writing or by phone. This concerns services provided by GfA.
For this purpose, the GfA+ App in combination with a flash drive provided by GfA enables users to read out data relating to serial numbers and technical status via interfaces of drive systems for industrial doors and to transfer such data to servers operated by GfA. This technical data also comprises steering data of the drive systems. Users may opt to also include a reason for the read-out and a reference number. By reading out GPS data from your mobile device we will identify and record the location of the drive system.
When you download our GfA+ App, we will not store any of your personal data (name, phone number, e-mail address or selected language). The software will create a specific, anonymized identification number, to provide the GfA services. The identification number will allow us to apply client-specific standards when providing our services.
In order to perform the GfA services described and process the data read out from the devices, the GfA+ App accesses and stores the identification number assigned as part of the user identification when downloading the app, the selected language and the door control data read out, including the location information.
The door control data record contains additional information such as the following: date of entry, app version, unique device identifier (device-specific anonymised identification number), information entered in the previous form (reason for the readout process, installation location and repair number), location data (if location access was granted) and information for the GfA Bluetooth dongle used (model no., serial no. and firmware version). For users who have registered with the GfA-Portal, GfA displays and provides access to the data collected by applying the GfA+ App.
For users who have registered with the GfA-Portal, GfA displays and provides access to the data collected by applying the GfA+ App. When using the GfA Portal, the data stored via the app, in accordance with the requirements for the collection and use of personal data, is then linked to the personal data of your user account.
5.
Use of GfA website without registration
Users are free to visit our GfA website any time without having to provide for personal data. To the extent individual functions or services provided by our website require the collection, processing or use of personal data, GfA will notify and inform users about this beforehand.
We will only analyze your application or use of the GfA website without obtaining an explicit prior consent from you in an anonymized and pseudonymized format. This data comprises date and time of using our website, the type of your browser, the browser configuration and system software, the last internet page visited, the amount of transferred data as well as the user’s IP address. Your service provider is able to identify, which IP address has been allocated to you at any specific point of time. Since this allows for an indirect identification of the person using the address, GfA only saves an abbreviated (anonymized) status of this address, excluding any personal reference of this address.
6.
Collection and use of personal data by use of our GfA-Portal
When first registering for our GfA-Portal we will request and collect personal data from you (first and surname, e-mail address). We will also ask you to create a personal password, which we will save and which will allow you to access your personal account.
To fully benefit from all functions provided by our user account, users may register their mobile device by clicking the button “register mobile device”. This requires use of our GfA+ App according to Section 4 of this Privacy Policy. By entering the registration key created by the GfA+ App the user account will be linked up with the data read out with your mobile device (App-identification number, read-out steering data of the drive systems, location of the drive systems). All such data is accessible to the user by clicking the button „steering cloud” in our GfA-Portal.
7.
Legal basis for the processing of personal data
Insofar as we obtain consent from the data subject for the processing of personal data, Art. 6, para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.
When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6, para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.
Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6, para. 1 (c) GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6, para. 1 (d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.
8.
Data deletion and storage time
The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the responsible body is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract
9
Sharing your data with third parties
Sharing or any other transmission of your collected personal data to third parties takes place exclusively within the scope of the necessities of contract execution. The transfer of your personal data to third parties is limited to the necessary Minimum.
In principle your personal data will therefore not be passed on to third parties. However, we reserve the right to pass on your data to third parties in the following cases:
▪ Insofar as you have given your express consent pursuant to Art. 6 para. 1 (a) GDPR.
▪ Disclosure is necessary to assert or defend against legal claims (Art. 6 para. 1 sentence 1 (f) GDPR).
▪ Insofar as we are subject to a legal obligation to pass on data pursuant to Art. 6, para. 1 sentence 1 (c) GDPR.
▪ For the fulfillment of contractual and pre-contractual obligations (Art. 6, para. 1 sentence 1 (b) GDPR).
10.
Data processing through third parties
We work with service providers who process certain data on our behalf. This is done exclusively according to the applicable privacy policy. We have concluded particularly agreements with our service providers on data processing on our behalf that meet the requirements of confidentiality (access control, disconnection control, pseudonymisation), integrity (transfer control, input control) and availability and resilience (availability control, rapid recoverability). Thanks to careful selection and regular monitoring, we ensure that our service providers take all organisational and technical measures necessary to protect your data.
For the purpose of delivering the products ordered through our GfA-Portal we transfer the personal data to the logistics provider assigned with the distribution. The logistics provider will only use this data for the purpose of executing the shipping the process.
11.
Job application
We are pleased about your opportunity to participate in our application process. For more information about the application process, please refer to the separate privacy policy for applicants (Recruiting) on the company website at: https://gfa-elektromaten.com/de-DE/privacy_policy_recruiting.html
12.
Right Information, deletion, modification
You have the following rights from us with regard to personal data that concerns you:
12.1
Right to confirmation
Each data subject shall have the right to request confirmation from the responsible body for data processing as to whether personal data concerning him/her is being processed. If a data subject wishes to exercise this right of confirmation, he or she can contact our data protection officer or another employee of the responsible body for data processing at any time.
12.2
Right to information
Any person affected by the processing of personal data has the right to obtain, at any time and free of charge, information from the responsible body for data processing concerning the personal data relating to him/her stored and a copy of this information. If a data subject wishes to exercise this right of correction, he or she can contact our data protection officer at any time.
12.3
Right to correction
You have the right to request from us to correct any incorrect personal data concerning you immediately. Taking into account the purposes of data processing, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration.
12.4
Right to deletion (right to be forgotten)
Any person affected by the processing of personal data shall have the right to require the responsible body to delete the personal data concerning him/her immediately, provided that one of the following reasons applies and insofar as data processing is not necessary.
The personal data has been collected or otherwise processed for such purposes for which it is no longer necessary.
The data subject withdraws his/her consent on which the processing was based pursuant to Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR, and there is no other legal basis for the processing.
The data subject opposes data processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate grounds for data processing or the data subject opposes data processing pursuant to Art. 21, para. 2 GDPR.
The personal data has been processed unlawfully. The deletion of the personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the responsible body is subject or if the personal data was collected in relation to information society services offered pursuant to Art. 8, para. 1 GDPR.
12.5
Right to limitation of data processing
Any person affected by the processing of personal data shall have the right to require the responsible body to limit data processing if one of the following conditions is met:
The data subject disputes the accuracy of the personal data for a period which allows the responsible body to verify the accuracy of the personal data; the data processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of use of the personal data; the responsible body no longer needs the personal data for the purposes of data processing, but the data subject needs it to assert, exercise or defend legal claims; the data subject has objections to data processing pursuant to Art. 21, para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible body outweigh those of the person concerned.
12.6
Right to data portability
Any person affected by the processing of personal data has the right to receive personal data concerning him/her in a structured, common and machine-readable format. He/she shall also have the right to transmit such data to another responsible body without obstruction by the responsible body to whom the personal data has been made available, provided that data processing is based on the consent provided for in Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR or on a contract pursuant to Art. 6, para. 1 (b) GDPR and that data processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority entrusted to the responsible Body.
Furthermore, in exercising his/her right to data portability pursuant to Art. 20, para. 1 GDPR, the data subject has the right that the personal data be transferred directly by a responsible body to another responsible body, provided this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.
12.7
Right to complain
If you believe that data processing is unlawful, you have the right to lodge a complaint with your responsible supervisory authority.
13.
Objection to or revocation of the processing of your data
If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the legitimacy of processing your personal data after you have given it to use.
If we base the processing of your personal data on the weighing of interests, you may object to data processing. This is the case if data processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue data processing.
Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection using our contact data, as described under No. 2, and also by e-mail to: See contact (Data protection)
14
Cookies
When operating our website GfA is using Cookies. Cookies used by GfA collect data exclusively by using pseudonyms. Cookies are files, created by web servers and stored on your computer when communicating with our web server. Cookies are stored on your terminal device, either temporarily for the duration of a session (session cookies), or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These cookies allow us or you to use certain services provided by the third-party company. Cookies have a variety of functions. Many cookies are required for technical reasons, as certain website functions would not work without them.
Cookies enable us, for example, to develop user profiles for marketing purposes, market searches and customer oriented adaptations of our website. Cookies are only applied by using pseudonyms (see Sec. 15 (3) German Law on use of tele media (TMG)). Regardless of the nature and function of individual Cookies you may decide to what extent you will accept Cookies or not by configuring your browser to block or inform you about any attempt to place a Cookie on your system. Accordingly, you may also delete Cookies which have already been installed on your system. For further information please relate to the help function of your internet browser.
Please note that some services provided under our website may not be fully available to you if you do not accept the use of Cookies.
15.
Server log files
The server log files involve anonymous data that is collected when you access our website. This information does not allow any personal conclusions to be drawn about you, but for technical reasons it is indispensable for the delivery and presentation of our content. Furthermore, it is used for our statistics and the constant optimisation of our content. Typical log files include the date and time of access, the amount of data, the browser used for access and its version, the operating system used, the domain name of the provider assigned by you, the page from which you came to our offer (referrer URL) and your IP address. Log files also allow a precise check in case of suspicion of illegal use of our website.
16.
Data Transmission to Third Countries
As explained in this privacy policy, we use services from providers that are located in so-called third countries, which are countries whose level of data protection does not match that of the European Union. Where this is the case and the European Commission has not issued an adequacy decision (Art. 45 GDPR) for these countries, we have taken appropriate measures to ensure an adequate level of data protection for any data transfers. These measures include, among others, the European Union’s Standard Contractual Clauses or binding internal data protection regulations.
Where this is not possible, we base the data transfer on exceptions under Article 49 GDPR, particularly your explicit consent or the necessity of the transfer for the performance of a contract.
If a transfer to a third country is planned and no adequacy decision or suitable guarantees are in place, it is possible and there is a risk that authorities in the respective third country (e.g., intelligence agencies) may gain access to the transmitted data to collect and analyze it, and that the enforcement of your data subject rights may not be guaranteed. When obtaining your consent through the cookie policy, you will also be informed about this.
17.
Use of Matomo analytics service (formerly PIWIK)
This website uses the Matomo web analytics service software (www.matomo.org), a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Mataomo"), to collect and store data based on our legitimate interest for the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6, para. 1 (f) GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies facilitate, among other things, the recognition of an Internet browser. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym.
If you do not agree to the storage and evaluation of this data from your visit, then you can object to the storage and use at any time with a click of the mouse. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and that you may have to activate it again.
Your visit to this website is currently recorded by Matomo web analytics. Click here so that your visit is no longer recorded.
The Matomo program is an open source project. You can get information on data privacy from the third party provider at https://matomo.org/privacy-policy/
18.
YouTube with enhanced privacy
This website embeds videos from YouTube. The operator of the web pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the extended privacy mode does not necessarily exclude the disclosure of data to YouTube partners. This means that - regardless of whether you watch a video - YouTube establishes a connection to the Google DoubleClick network. As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our web pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, after starting a video YouTube may store various cookies on your terminal device or use comparable identification techniques (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. In some cases, further data processing operations may be triggered upon starting a YouTube video, over which we have no control. We use YouTube in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Provided that appropriate consent was requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG (German Telecommunications Telemedia Privacy Act), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
For more information about privacy on YouTube, please see their privacy policy at:
https://policies.google.com/privacy?hl=en .
19.
Newsletter
If you wish to receive the newsletter offered on the website, we need an email address from you, as well as information that allows us to verify that you are the owner of the provided email address and that you agree to receive the newsletter. No additional data will be collected, except on a voluntary basis. We use this data solely for sending the requested information and do not share it with third parties.
The processing of data entered into the newsletter registration form is based solely on your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw your consent to the storage of the data, the email address, and its use for sending the newsletter at any time, for example, via the “unsubscribe” link in the newsletter. The legality of the data processing carried out prior to the withdrawal remains unaffected.
The data you provide for the purpose of receiving the newsletter will be stored by us until you unsubscribe from the newsletter or until the purpose no longer applies. After unsubscribing from the newsletter or when the purpose ceases, the data will be deleted from the newsletter distribution list. We reserve the right to delete or block email addresses from our newsletter distribution list at our discretion, in line with our legitimate interests under Art. 6 para. 1 lit. f GDPR.
Data stored with us for other purposes remains unaffected. After you unsubscribe from the newsletter distribution list, your email address may be stored on a blacklist by us or the newsletter service provider if this is necessary to prevent future mailings. The data on the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements for sending newsletters, according to legitimate interests under Art. 6 para. 1 lit. a GDPR. The storage on the blacklist is not time-limited. You may object to the storage if your interests outweigh our legitimate interests.
20.
Data security
Personal data is transferred to the website provider via internet by use of the "Secure Socket Layer (SSL)"- coding. The GfA portal and the GfA Website are protected against loss, destruction, access, changes to or distribution of personal data by unauthorized third parties through various technical and organizational means.
You may access your account only after entering your e-mail address and your personal password under the section „Access to GfA-Portal“. Only after completing the login you may change your account and registered data. Users shall keep their access data and passwords confidential and secure. After completing your use of the GfA-Portal please logout and close the corresponding browser page.
21.
Changes to these Data Privacy Regulations
We reserve the right to change these data privacy regulations at any time with effect for the future. An up-to-date version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.
This Privacy statement is available for download in .pdf-format under the following link.