Privacy Policy GfA website

Edition: VI/DW - May 25, 2023

General
GfA ELEKTROMATEN GmbH & Co. KG (hereinafter "GfA" or "We") is committed to comply with all applicable rules on data protection. With this Privacy Policy we provide information on the type of data GfA will collect or process in the operation of our website, our GfA-Portal or by using our GfA apps. We also inform about your rights with regard to your personal data.

In case of any question you may have with regard to our Privacy Policy please send an e-mail to:

See contact (Data protection)

or contact us directly per regular mail under:

GfA ELEKTROMATEN GmbH & Co. KG

Datenschutzbeauftragter

Wiesenstr. 81

40549 Düsseldorf

Germany

Contact person, responsible body
The responsible body for the collection and processing of your personal data is
GfA ELEKTROMATEN GmbH & Co. KG, Wiesenstraße 81, 40549 Düsseldorf, Germany

Definition of personal data
This is all information relating to an identified or identifiable natural person. An identifiable natural person is a natural person who can be identified directly or indirectly, in particular by assignment to an identifier such as a name, identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person.

Collection and use of personal data in relation to download and use of our GfA+

GfA provides for a cost-free download of the GfA+ App from the Apple App Store or Google Play Store. The GfA+ App aims at improving our ongoing maintenance, correction of defects and repair services for existing drive systems for industrial doors by offering faster and improved transfer of technical data and by providing assistance or information in writing or by phone. This concerns services provided by GfA.

For this purpose, the GfA+ App in combination with a flash drive provided by GfA enables users to read out data relating to serial numbers and technical status via interfaces of drive systems for industrial doors and to transfer such data to servers operated by GfA. This technical data also comprises steering data of the drive systems. Users may opt to also include a reason for the read-out and a reference number. By reading out GPS data from your mobile device we will identify and record the location of the drive system.

When you download our GfA+ App, we will not store any of your personal data (name, phone number, e-mail address or selected language). The software will create a specific, anonymized identification number, to provide the GfA services. The identification number will allow us to apply client-specific standards when providing our services.

In order to perform the GfA services described and process the data read out from the devices, the GfA+ App accesses and stores the identification number assigned as part of the user identification when downloading the app, the selected language and the door control data read out, including the location information.

The door control data record contains additional information such as the following: date of entry, app version, unique device identifier (device-specific anonymised identification number), information entered in the previous form (reason for the readout process, installation location and repair number), location data (if location access was granted) and information for the GfA Bluetooth dongle used (model no., serial no. and firmware version). For users who have registered with the GfA-Portal, GfA displays and provides access to the data collected by applying the GfA+ App.

For users who have registered with the GfA-Portal, GfA displays and provides access to the data collected by applying the GfA+ App. When using the GfA Portal, the data stored via the app, in accordance with the requirements for the collection and use of personal data, is then linked to the personal data of your user account.

Use of GfA website without registration

Users are free to visit our GfA website any time without having to provide for personal data. To the extent individual functions or services provided by our website require the collection, processing or use of personal data, GfA will notify and inform users about this beforehand.

We will only analyze your application or use of the GfA website without obtaining an explicit prior consent from you in an anonymized and pseudonymized format. This data comprises date and time of using our website, the type of your browser, the browser configuration and system software, the last internet page visited, the amount of transferred data as well as the user’s IP address. Your service provider is able to identify, which IP address has been allocated to you at any specific point of time. Since this allows for an indirect identification of the person using the address, GfA only saves an abbreviated (anonymized) status of this address, excluding any personal reference of this address.

Collection and use of personal data by use of our GfA-Portal

When first registering for our GfA-Portal we will request and collect personal data from you (first and surname, e-mail address). We will also ask you to create a personal password, which we will save and which will allow you to access your personal account.

To fully benefit from all functions provided by our user account, users may register their mobile device by clicking the button “register mobile device”. This requires use of our GfA+ App according to Section 4 of this Privacy Policy. By entering the registration key created by the GfA+ App the user account will be linked up with the data read out with your mobile device (App-identification number, read-out steering data of the drive systems, location of the drive systems). All such data is accessible to the user by clicking the button „steering cloud” in our GfA-Portal.

Legal basis for the processing of personal data

Insofar as we obtain consent from the data subject for the processing of personal data, Art. 6, para. 1 (a) of the EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data required for the performance of a contract to which the data subject is a party, Art. 6, para. 1 (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6, para. 1 (c) GDPR serves as the legal basis.

In the event that the vital interests of the data subject or another natural person require the processing of personal data, Art. 6, para. 1 (d) GDPR serves as the legal basis.

If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest, Art. 6 para. 1 (f) GDPR serves as the legal basis for processing.

Data deletion and storage time

The personal data of the person concerned will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the responsible body is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract

Sharing your data with third parties

Sharing or any other transmission of your collected personal data to third parties takes place exclusively within the scope of the necessities of contract execution. The transfer of your personal data to third parties is limited to the necessary Minimum.

In principle your personal data will therefore not be passed on to third parties. However, we reserve the right to pass on your data to third parties in the following cases:

▪ Insofar as you have given your express consent pursuant to Art. 6 para. 1 (a) GDPR.

▪ Disclosure is necessary to assert or defend against legal claims (Art. 6 para. 1 sentence 1 (f) GDPR).

▪ Insofar as we are subject to a legal obligation to pass on data pursuant to Art. 6, para. 1 sentence 1 (c) GDPR.

▪ For the fulfillment of contractual and pre-contractual obligations (Art. 6, para. 1 sentence 1 (b) GDPR).

10.

Data processing through third parties

We work with service providers who process certain data on our behalf. This is done exclusively according to the applicable privacy policy. We have concluded particularly agreements with our service providers on data processing on our behalf that meet the requirements of confidentiality (access control, disconnection control, pseudonymisation), integrity (transfer control, input control) and availability and resilience (availability control, rapid recoverability). Thanks to careful selection and regular monitoring, we ensure that our service providers take all organisational and technical measures necessary to protect your data.

For the purpose of delivering the products ordered through our GfA-Portal we transfer the personal data to the logistics provider assigned with the distribution. The logistics provider will only use this data for the purpose of executing the shipping the process.

11.

Job application

You can apply to us by e-mail for job vacancies. The purpose of data collection is to select applicants for possible employment. To process your application, we collect the data you provide (usually your first and last name, e-mail address, application documents such as certificates and CV, date of earliest possible job start and salary expectation). We would like to point out that confidentiality cannot be guaranteed if applications are sent unencrypted by e-mail. As a rule, you can also apply for our job positions by post or directly on site. The legal basis for processing your application documents is Art. 6, para. 1 sentence 1 (b) and Art. 88, para. 1 GDPR in conjunction with § 26 para. 1, sentence 1 German Federal Data Protection Act (BDSG).

We store your personal data upon receipt of your application. If we accept your application and it leads to an employment relationship, we will store your applicant data as long as it is necessary for the employment relationship and as far as legal regulations justify an obligation for storage. If we reject your application, we will store your application data for a maximum of six months after the rejection of your application, unless you give us your consent for a longer storage period. If you have given us your consent separately, we will store the data you have provided in the application in our applicant pool for a further twelve months after completion of the application procedure in order to identify any other interesting job positions for you and to contact you again if necessary. The data will be deleted after this period elapses. You can revoke this consent at any time for the future by sending an e-mail to us: See contact (Karriere)

12.

Right Information, deletion, modification

You have the following rights from us with regard to personal data that concerns you:

12.1

Right to confirmation

Each data subject shall have the right to request confirmation from the responsible body for data processing as to whether personal data concerning him/her is being processed. If a data subject wishes to exercise this right of confirmation, he or she can contact our data protection officer or another employee of the responsible body for data processing at any time.

12.2

Right to information

Any person affected by the processing of personal data has the right to obtain, at any time and free of charge, information from the responsible body for data processing concerning the personal data relating to him/her stored and a copy of this information. If a data subject wishes to exercise this right of correction, he or she can contact our data protection officer at any time.

12.3

Right to correction

You have the right to request from us to correct any incorrect personal data concerning you immediately. Taking into account the purposes of data processing, the data subject has the right to request the completion of incomplete personal data - also by means of a supplementary declaration.

12.4

Right to deletion (right to be forgotten)

Any person affected by the processing of personal data shall have the right to require the responsible body to delete the personal data concerning him/her immediately, provided that one of the following reasons applies and insofar as data processing is not necessary.

The personal data has been collected or otherwise processed for such purposes for which it is no longer necessary.

The data subject withdraws his/her consent on which the processing was based pursuant to Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR, and there is no other legal basis for the processing.

The data subject opposes data processing pursuant to Art. 21, para. 1 GDPR and there are no overriding legitimate grounds for data processing or the data subject opposes data processing pursuant to Art. 21, para. 2 GDPR.

The personal data has been processed unlawfully. The deletion of the personal data is necessary to fulfil a legal obligation under European Union law or the law of the Member States to which the responsible body is subject or if the personal data was collected in relation to information society services offered pursuant to Art. 8, para. 1 GDPR.

12.5

Right to limitation of data processing

Any person affected by the processing of personal data shall have the right to require the responsible body to limit data processing if one of the following conditions is met:

The data subject disputes the accuracy of the personal data for a period which allows the responsible body to verify the accuracy of the personal data; the data processing is unlawful, the data subject refuses to delete the personal data and instead requests the restriction of use of the personal data; the responsible body no longer needs the personal data for the purposes of data processing, but the data subject needs it to assert, exercise or defend legal claims; the data subject has objections to data processing pursuant to Art. 21, para. 1 GDPR and it has not yet been determined whether the legitimate reasons of the responsible body outweigh those of the person concerned.

12.6

Right to data portability

Any person affected by the processing of personal data has the right to receive personal data concerning him/her in a structured, common and machine-readable format. He/she shall also have the right to transmit such data to another responsible body without obstruction by the responsible body to whom the personal data has been made available, provided that data processing is based on the consent provided for in Art. 6, para. 1 (a) GDPR or Art. 9, para. 2 (a) GDPR or on a contract pursuant to Art. 6, para. 1 (b) GDPR and that data processing is carried out using automated procedures, provided that the processing is not necessary for the performance of a task in the public interest or in the exercise of public authority entrusted to the responsible Body.

Furthermore, in exercising his/her right to data portability pursuant to Art. 20, para. 1 GDPR, the data subject has the right that the personal data be transferred directly by a responsible body to another responsible body, provided this is technically feasible and provided that the rights and freedoms of other persons are not affected by this.

12.7

Right to complain

If you believe that data processing is unlawful, you have the right to lodge a complaint with your responsible supervisory authority.

13.

Objection to or revocation of the processing of your data

If you have given your consent to the processing of your data, you can revoke it at any time. Such a revocation affects the legitimacy of processing your personal data after you have given it to use.

If we base the processing of your personal data on the weighing of interests, you may object to data processing. This is the case if data processing is not necessary in particular to fulfil a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust data processing or point out to you our compelling reasons worthy of protection, on the basis of which we will continue data processing.

Of course, you can object to the processing of your personal data for purposes of advertising and data analysis at any time. You can inform us about your advertising objection using our contact data, as described under No. 2, and also by e-mail to: See contact (Data protection)

Cookies

When operating our website GfA is using Cookies. Cookies used by GfA collect data exclusively by using pseudonyms. Cookies are files, created by web servers and stored on your computer when communicating with our web server. Cookies are stored on your terminal device, either temporarily for the duration of a session (session cookies), or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your terminal device until you delete them yourself or until they are automatically deleted by your web browser. In some cases, cookies from third-party companies may also be stored on your terminal device when you enter our site (third-party cookies). These cookies allow us or you to use certain services provided by the third-party company. Cookies have a variety of functions. Many cookies are required for technical reasons, as certain website functions would not work without them.

Cookies enable us, for example, to develop user profiles for marketing purposes, market searches and customer oriented adaptations of our website. Cookies are only applied by using pseudonyms (see Sec. 15 (3) German Law on use of tele media (TMG)). Regardless of the nature and function of individual Cookies you may decide to what extent you will accept Cookies or not by configuring your browser to block or inform you about any attempt to place a Cookie on your system. Accordingly, you may also delete Cookies which have already been installed on your system. For further information please relate to the help function of your internet browser.

Please note that some services provided under our website may not be fully available to you if you do not accept the use of Cookies.

15.

Server log files

The server log files involve anonymous data that is collected when you access our website. This information does not allow any personal conclusions to be drawn about you, but for technical reasons it is indispensable for the delivery and presentation of our content. Furthermore, it is used for our statistics and the constant optimisation of our content. Typical log files include the date and time of access, the amount of data, the browser used for access and its version, the operating system used, the domain name of the provider assigned by you, the page from which you came to our offer (referrer URL) and your IP address. Log files also allow a precise check in case of suspicion of illegal use of our website.

16.

Note on data transfer to the USA and other third countries

17.

Use of Matomo analytics service (formerly PIWIK)

This website uses the Matomo web analytics service software (www.matomo.org), a service of InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand, ("Mataomo"), to collect and store data based on our legitimate interest for the statistical analysis of user behaviour for optimisation and marketing purposes pursuant to Art. 6, para. 1 (f) GDPR. Pseudonymised user profiles can be created and evaluated from this data for the same purpose. Cookies may be used for this purpose. Cookies are small text files that are stored locally in the cache of the visitor's Internet browser. Cookies facilitate, among other things, the recognition of an Internet browser. The data collected with Matomo technology (including your pseudonymised IP address) is processed on our servers. The information generated by the cookie in the pseudonymous user profile is not used to personally identify the visitor to this website and is not combined with personal data about the bearer of the pseudonym.

If you do not agree to the storage and evaluation of this data from your visit, then you can object to the storage and use at any time with a click of the mouse. In this case, a so-called opt-out cookie is stored in your browser, which means that Matomo does not collect any session data. Please note that the complete deletion of your cookies means that the opt-out cookie will also be deleted and that you may have to activate it again.

Your visit to this website is currently recorded by Matomo web analytics. Click here so that your visit is no longer recorded.

The Matomo program is an open source project. You can get information on data privacy from the third party provider at https://matomo.org/privacy-policy/

18.

Font Awesome

This website uses web fonts provided by Fonticons, Inc. to consistently display fonts. When you call up a webpage, your browser loads the required web fonts into your browser cache to display texts and fonts correctly.

To do this, your browser must connect to the servers of Fonticons, Inc. This allows Fonticons, Inc. to know that your IP address has been used to access our website. The use of web fonts is in the interest of a consistent and appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6, para. 1 (f) GDPR. If your browser does not support web fonts, a default font is used by your computer.

For more information about Font Awesome, see: https://fontawesome.com/help

and the privacy policy of Fonticons, Inc: https://fontawesome.com/privacy

19.

Integration of Bootstrap CDN

This website uses the Java-Script Code of LLC. NetDNA, 3575, Cahuenga Blvd Suite 630, Los Angeles, CA 90068, USA (hereinafter referred to as Bootstrap CDN). If Java-Script is activated in your browser and you have not installed and activated a Java-Script-Blocker, your browser will send personal data of this declaration to Bootstrap CDN. The legal basis for the use of Bootstrap CDN is Art. 6 para. 1, sentence 1 (f) GDPR.

For more information about the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider's privacy policy. They will also provide you with further information about your rights in this regard and setting options to protect your privacy:

https://www.jsdelivr.com/terms/privacy-policy-jsdelivr-net

Bootstrap CDN also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

20.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. (hereinafter: Google). Google Analytics uses cookies that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website (see below), however, within the Member States of the European Union or in other contracting states to the Agreement on the European Economic Area, your IP address will be shortened beforehand by Google. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and then shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser in connection with Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use all the functions of this website. You can also prevent Google from collecting and processing data generated by the cookie and related to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link:

https://tools.google.com/dlpage/gaoptout?hl=en

Google Analytics is used on this website with the extension "_anonymizeIp()". This means that IP addresses are processed in abbreviated form and hence any personal reference can be ruled out. Insofar as the data collected about you has a personal reference, this is therefore immediately excluded and thus the personal data is immediately deleted. The legal basis for processing your data is your consent given via the cookie consent tool (Art. 6 para. 1 sentence 1 lit. a) GDPR). Further information on privacy can be found at: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User terms and conditions:

https://marketingplatform.google.com/about/analytics/terms/de/

as well as the privacy policy:

https://policies.google.com/privacy .

21.

YouTube with enhanced privacy

This website embeds videos from YouTube. The operator of the web pages is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the extended privacy mode. According to YouTube, this mode means that YouTube does not store any information about visitors to this website before they watch the video. However, the extended privacy mode does not necessarily exclude the disclosure of data to YouTube partners. This means that - regardless of whether you watch a video - YouTube establishes a connection to the Google DoubleClick network. As soon as you start a YouTube video on this website, a connection to YouTube's servers is established. This tells the YouTube server which of our web pages you have visited. If you are logged into your YouTube account, you enable YouTube to associate your browsing behaviour directly with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, after starting a video YouTube may store various cookies on your terminal device or use comparable identification techniques (e.g. device fingerprinting). In this way, YouTube can obtain information about visitors to this website. This information is used, among other things, to collect video statistics, improve the user experience and prevent fraud attempts. In some cases, further data processing operations may be triggered upon starting a YouTube video, over which we have no control. We use YouTube in the interest of an appealing presentation of our online offers. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f GDPR. Provided that appropriate consent was requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 TTDSG (German Telecommunications Telemedia Privacy Act), insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.

For more information about privacy on YouTube, please see their privacy policy at:

https://policies.google.com/privacy?hl=en .

22.

Data security

Personal data is transferred to the website provider via internet by use of the "Secure Socket Layer (SSL)"- coding. The GfA portal and the GfA Website are protected against loss, destruction, access, changes to or distribution of personal data by unauthorized third parties through various technical and organizational means.

You may access your account only after entering your e-mail address and your personal password under the section „Access to GfA-Portal“. Only after completing the login you may change your account and registered data. Users shall keep their access data and passwords confidential and secure. After completing your use of the GfA-Portal please logout and close the corresponding browser page.

23.

Changes to these Data Privacy Regulations

We reserve the right to change these data privacy regulations at any time with effect for the future. An up-to-date version is available on the website. Please visit the website regularly and inform yourself about the applicable data protection regulations.

This Privacy statement is available for download in .pdf-format under the following link.