Privacy Policy

This Privacy Policy informs you about the type, scope and purpose of the processing of personal data (hereinafter referred to as "Data") within our online service and the web pages, functions and content associated with it as well as external online presences, such as our social media profile. (hereinafter collectively referred to as "Online Service"). With regard to the terms used, such as "personal data" or their "processing", we refer to the definitions in Article 4 of the General Data Protection Regulation (GDPR).

Controller:

Gira Giersiepen GmbH & Co. KG
Dahlienstr. 12
42477 Radevormwald
Cologne District Court, HRA 16352
Managing Director: Christian Feltgen, Dominik Marte, Sebastian Marz, Steffen Zimmermann
Telephone number: 02195-602-0
Email address: info@gira.com

Data protection officer:

Dr. Gregor Scheja (Scheja und Partner Rechtsanwälte mbB)
Adenauerallee 136
D-53113 Bonn
Telephone number: +49 228 2272260
Fax: +49 (0) 228-227 226-26
Email address: info@scheja-partner.de

SSL-secure contact: https://www.scheja-partner.de/kontakt/kontakt.html
Website: https://www.scheja-partner.de/

Types of data processed:

  • User-related data
  • Contact details
  • Content data
  • Contract data
  • Payment data
  • Usage data
  • Metadata / communication data

Processing of special categories of data (Article 9(1) GDPR):

No special categories of data are processed.

Categories of data subjects:

  • Customers / interested parties / suppliers.
  • Visitors and users of the Online Service.

In the following we refer to the data subjects collectively also as "Users".

Purpose of processing:

  • Provision of the Online Service, its contents and functions.
  • Provision of contractual performance, service and customer support.
  • Response to contact requests and communication with Users.
  • Marketing, advertising and market research.
  • Security measures.

 

Last updated: 25/05/2018

 

  1. Applicable legal bases

    In accordance with Article 13 GDPR, we inform you of the legal bases of our data processing. If the legal basis is not mentioned in the Privacy Policy, the following applies: The legal basis for obtaining consent is Article 6(1)(a) and Article 7 GDPR, the legal basis for the processing for the fulfilment of our services and the execution of contractual measures as well as responding to enquiries is Article 6(1)(b) GDPR, the legal basis for processing to fulfil our legal obligations is Article 6(1)(c) GDPR, and the legal basis for processing to protect our legitimate interests is Article 6(1)(f) GDPR. In the event that vital interests of the data subject or another natural person require a processing of personal data, Article 6(1)(d) GDPR applies as the legal basis.

  2. Changes and updates to the Privacy Policy

    We ask you to keep yourself regularly informed about the contents of our Privacy Policy. We will adapt the Privacy Policy as soon as changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require your cooperation (e.g. consent) or other individual notification.

  3. Security measures

    We shall take appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR, taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons; the measures shall include in particular safeguarding the confidentiality, integrity and availability of data by controlling physical access to the data, as well as the access, input, transmission, security of availability and its separation. Furthermore, we have established procedures that guarantee the exercise of rights of the data subjects, deletion of data and reaction to data risks. Furthermore, we already consider the protection of personal data during the development or selection of hardware, software and procedures, in accordance with the principle of data protection by design and by default (Article 25 GDPR).

    The security measures include in particular the encrypted transmission of data between your browser and our server.

  4. Cooperation with processors and third parties

    1. If we disclose data to other persons and companies (processors or third parties) in the context of our processing, transmit it to them or otherwise grant them access to the data, this is done only on the basis of legal permission (e.g. if transfer of the data to third parties, such as payment service providers in accordance with Article 6(1)(b) GDPR, is required for fulfilment of the contract), where you have given your consent, a legal obligation provides for this or on the basis of our legitimate interests (e.g. when using agents, web hosts, etc.).

    2. If we commission third parties with the processing of data on the basis of a so-called "order processing contract", this is done on the basis of Article 28 GDPR.

  5. Transfers to third countries

    If we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs in the context of the use of third-party services or disclosure or transfer of data to third parties, this only takes place if it occurs for the fulfilment of our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we process or leave the data in a third country only in the presence of the special requirements of Article 44 et seq. GDPR.

  6. Rights of the data subjects

    1. You have the right to request confirmation as to whether the data concerned is being processed and to request information about this data as well as further information and a copy of the data in accordance with Article 15 GDPR.

    2. According to Article 16 GDPR, you have the right to request the completion of incomplete data concerning you or the rectification of inaccurate data concerning you.

    3. In accordance with Article 17 GDPR, you have the right to demand that relevant data be erased without undue delay or, alternatively, to demand a restriction on the processing of the data in accordance with Article 18 GDPR.

    4. You have the right to request to receive the data concerning you that you have provided to us in accordance with Article 20 GDPR and to request their transmission to other controllers.

    5. According to Article 77 GDPR you have the further right to lodge a complaint with the competent supervisory authority.

  7. Cancellation right

    You have the right to revoke your consent according to Article 7(3) GDPR with future effect.

  8. Objection right

    You can object to the future processing of the data concerning you in accordance with Article 21 GDPR at any time. The objection may be lodged in particular against processing for direct marketing purposes.

  9. Cookies and right of objection for direct advertising

    We use temporary and permanent cookies, i.e. small files that are stored on the Users' devices. In part, cookies serve security purposes or are required for the operation of our Online Service (e.g. to view the website) or to save the User's decision when confirming the cookie banner. In addition, we or our technology partners use cookies to measure reach and for marketing purposes, about which the Users will be informed in the course of the Privacy Policy.

    A general objection to the use of cookies for online marketing purposes can be declared for a large number of services, especially in the case of tracking, via the US site http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. Furthermore, the storage of cookies can be achieved by deactivating them in the browser settings. Please note that in this case it may not be possible to use all functions of this Online Service.

  10. Erasure of data

    1. The data processed by us will be erased or their processing restricted in accordance with Articles 17 and 18 GDPR. Unless expressly stated in this Privacy Policy, the Data stored by us will be erased as soon as it is no longer required for its intended purpose and the erasure does not conflict with any statutory storage obligations. If the data is not deleted because it is necessary for other and legally permissible purposes, its processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax reasons.

    2. In accordance with legal requirements, data is stored specifically for 6 years in accordance with Section 257 para. 1 of the [German Commercial Code] (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and for 10 years according to Section 147 para. 1 of the German Fiscal Code (books, records, management reports, accounting documents, commercial and business letters, documents relevant for taxation, etc.).

  11. Provision of contractual services

    1. We process user-related data (e.g. names and addresses as well as contact information of Users), contract data (e.g. services which have been used, names of contact persons, payment information) for the purpose of the fulfilment of our contractual obligations and services in accordance with Article 6(1)(b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.

    2. Users can optionally create a user account, particularly so that they can view their orders. During the registration process, the required information will be communicated to the Users. The user accounts are not public and cannot be indexed by search engines. If Users have terminated their user account, their data with regard to the user account will be erased, subject to their retention being required for commercial or tax reasons, according to Article 6(1)(c) GDPR. It is up to the Users to save their Data before the end of the contract if they have given notice of termination. We are entitled to irretrievably erase all user data stored during the term of the contract.

    3. We store the IP address and the time of the respective user action of those who register, re-register and use our online services. The data is stored on the basis of our legitimate interests as well as the User's protection against misuse and other unauthorised use. In principle, this data is not passed on to third parties, unless it is necessary for the pursuit of our claims or there is a legal obligation in accordance with Article 6(1)(c) GDPR.

    4. We process usage data (e.g. the visited websites of our Online Service, interest in our products) and content data (e.g. entries in the contact form or user profile) in accordance with Article 6(1)(f) GDPR in a user profile in order to show the User e.g. product information based on their previously used services (direct advertising).

    5. Erasure takes place after the expiration of statutory warranty and comparable obligations, the necessity of the storage of the data is checked every three years; in the case of statutory archiving obligations the erasure takes place after these have expired (end of commercial law (6 years) and tax law (10 years) storage obligation); details in the customer account remain up to its deletion.

  12. Contact

    1. When contacting us (via contact form or email), the User's details for the processing of the contact enquiry and its handling are processed in accordance with Article 6(1)(b) GDPR.

    2. User information can be stored in our Customer Relationship Management System ("CRM System") or comparable request organisation.

    3. We delete the requests if they are no longer necessary. We review the requirement every two years; requests from customers who have a customer account are stored permanently and are linked to the customer account details for deletion. In the case of statutory archiving obligations, erasure of data takes place after these have expired (end of commercial law (6 years) and tax law (10 years) storage obligation).

  13. Comments and posts

    1. If users leave comments or other posts, their IP address will be stored for 7 days on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR.

    2. This takes place for our security, if someone leaves unlawful content (insults, forbidden political propaganda, etc.) in comments and posts. In this case we can ourselves be prosecuted for the comment or post and are therefore interested in the identity of the author.

  14. Collection of access data and log files

    1. On the basis of our legitimate interests as defined in Article 6(1)(f) GDPR, we collect data about each access to the server on which this service is located (so-called server log files). Access data includes the name of the requested website, file, date and time of access, volume of data transferred, notification of successful retrieval, browser type along with version, the operating system of the user, referrer URL (previously visited page), IP address, and the requesting provider.

    2. Log file information is stored for a maximum of seven days for security reasons (e.g. to investigate misuse or fraud) and then deleted. Data whose further storage is required for evidential purposes are excluded from erasure until the respective incident has been finally clarified.

  15. Online presence on social media

    1. We maintain an online presence within social networks and platforms in order to communicate with customers, interested parties and users active there and to inform them about our services. When calling up the respective networks and platforms, the terms and conditions and the data processing guidelines apply to their respective operators.

    2. Unless otherwise stated in our Privacy Policy, we process Users' data as long as they communicate with us within social networks and platforms, e.g. write posts on our online websites or send us messages.

  16. Cookies & reach measurement

    1. Cookies are information that is transferred from our web server or third-party web servers to the User's web browser and stored there for later retrieval. Cookies can be small files or other types of information storage.

    2. We use "session cookies" which are only stored on our website for the duration of your current visit (e.g. in order to store your login status or the shopping cart function, without which use of our Online Service would be impossible). A randomly generated unique identification number, a so-called session ID, is stored in a session cookie. A cookie also contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our Online Service and log out or close your browser, for example.

    3. We additionally use permanent cookies, also called persistent cookies. Persistent cookies are automatically deleted after a predetermined period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

    4. If Users do not want cookies to be stored on their computer, they are asked to deactivate the corresponding option in the system settings of their browser. Cookies already saved can be deleted in the system settings of the browser. The exclusion of cookies can lead to functional restrictions of this Online Service.

      My cookie settings for Gira websites

    5. You can opt out of the use of cookies for reach measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website(http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

  17. Google Analytics

    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Service within the meaning of Article 6(1)(f) GDPR), we use Google Analytics, a web analytics service of Google LLC ("Google"). Google uses cookies. The information generated by the cookie about the User's use of the Online Service is generally transmitted to and stored on a Google server in the USA.

    2. On our behalf, Google will use this information to evaluate the use of our Online Service by the User, to compile reports on the activities within this Online Service and to provide us with other services related to the use of this Online Service and the Internet. Pseudonymous usage profiles of Users may be created from the data processed in this respect.

      We use Google Analytics to display advertisements placed within the advertising services of Google and its affiliates only to those Users who have shown an interest in our Online Service, or who have certain characteristics (e.g. interests in specific topics or products determined by the web pages they visit), that we submit to Google (so-called “remarketing” or “Google Analytics audiences”). With the assistance of Remarketing Audiences we want to also ensure that our ads are in keeping with the Users’ possible interests, rather than being seen as a nuisance.

    3. We only use Google Analytics with activated IP anonymisation. This means that Google truncates the IP addresses of Users within the Member States of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and be truncated there.

    4. The IP address transmitted by the User's browser is not associated with any other data held by Google. Users can prevent cookies from being stored using the appropriate settings of their browser software; Users can likewise prevent Google from collecting and processing the data generated by cookies relating to their use of the Online Service by downloading and installing the browser plug-in which is available via the following link:https://tools.google.com/dlpage/gaoptout?hl=de.

    5. You can find further information on data use by Google, settings and opt-out options on the Google websites:https://www.google.com/intl/de/policies/privacy/partners ("how Google uses information from sites or apps that use our services"), https://policies.google.com/technologies/ads ("Data use for advertising purposes"), https://adssettings.google.com/authenticated ("Manage information that Google uses to show you advertising").

  18. Google remarketing/marketing services

    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Service as defined in Article 6(1)(f) GDPR), we use the marketing and remarketing services (“Google Marketing Services” for short) of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”).

    2. Google Marketing Services allow us to show ads for and on our website in a more targeted manner, showing Users only those ads that are potentially of interest to them. If a User is shown ads for products in which they showed an interest on other websites, this is known as remarketing. To this end, Google executes a code as soon as a User views our website or other websites for which Google Marketing Services have been activated, thereby incorporating so-called (re)marketing tags (invisible graphics or code, also referred to as web beacons) into the website. This allows a customised cookie, i.e. a small file, to be stored on the User’s device (comparable technologies may also be used instead of cookies). The cookies can be placed by various domains including google.com, doubleclick.net, invitemedia.com, admeld.com, googlesyndication.com or googleadservices.com. This file records which web sites the User visits, what Content they express an interest in and which offers they click on, together with technical information relating to the browser and operating system, the referrer URL, the visit time and other details regarding use of the Online Service. The User’s IP address is likewise logged; please note that with regard to Google Analytics, IP addresses within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area are truncated and are only transmitted to a Google server in the USA in exceptional cases and then truncated. The User’s IP address is not combined with other User data within other Google services. Google may combine the aforementioned information with such information from other sources. When Users subsequently visit other websites, they can be shown ads which are tailored to their interests.

    3. The User’s details are processed within the Google Marketing Services using pseudonyms. In other words, Google does not record or process the User’s name or email address, for example, and instead processes the relevant data within pseudonym-based user profiles using cookies. This means the ads are not managed for and shown to a specifically identifiable person from Google’s perspective, but for and to the cookie owner irrespective of who this cookie owner is. This does not apply if the User has explicitly allowed Google to process their Data without this pseudonymisation. The information collected by the Google Marketing Services regarding a User is sent to Google and stored on Google servers in the USA.

      The Google Marketing Services used by us include the online ad program Google AdWords. With Google AdWords, each AdWords customer is assigned a different conversion cookie. Cookies can therefore not be traced via the websites of AdWords customers. The information collected with the aid of the cookie is used to generate conversion statistics for AdWords customers who have opted for conversion tracking. The AdWords customers learn the total number of Users who clicked on their ad and who were forwarded to a website featuring a conversion tracking tag. They do not, however, receive any information with which a User can be personally identified.

    4. We can also use the Google Optimizer service. Google Optimizer allows us to understand, in the context of so-called "A/B testing", how different changes have an impact on a website (e.g. changes to the input fields, design etc.). Cookies are stored on the Users' devices for testing purposes. Only pseudonymous User Data is processed.

    5. We can additionally use Google Tag Manager to incorporate Google’s analysis and marketing services into our website and manage them.

    6. For more information about Google's use of data for marketing purposes, please see the overview page:https://policies.google.com/technologies/ads, Google's privacy policy is available at https://policies.google.com/privacy

    7. If you wish to opt out of interest-based advertising by the Google Marketing Services, you can do so using the settings and opt-out options offered by Google:https://adssettings.google.com/authenticated

      .
  19. Facebook, Custom Audiences and Facebook Marketing services

    1. On the basis of our legitimate interests in the analysis, optimisation and economic operation of our Online Service and for the purposes thereof, our Online Offer uses the so-called Facebook Pixel belonging to the social network Facebook, which is run by Facebook Inc., 1 Hacker Way, Menlo Park, CA 94025, USA, or, if you are resident in the EU, by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”).

    2. The Facebook Pixel enables Facebook to identify visitors to our Online Service as the target group to be shown Facebook Ads. Accordingly, we use the Facebook Pixel to show Facebook Ads placed by us only to those Facebook users who have also expressed an interest in our Online Service or who have certain characteristics (e.g. interests in specific topics or products determined by the web pages visited by them) that we submit to Facebook (so called “Custom Audiences”). With the assistance of the Facebook Pixel we want to also ensure that our Facebook Ads are in keeping with the Users’ possible interests, rather than being seen as a nuisance. Additionally, the Facebook Pixel allows us to understand the effectiveness of Facebook Ads for statistical and market research purposes by allowing us to see whether Users were taken to our website upon clicking on a Facebook Ad (known as conversion).

    3. Facebook processes the data in accordance with its data policy. Accordingly, general information on the display of Facebook ads can be found in Facebook’s data policy:https://www.facebook.com/policy.php. For specific information and details about the Facebook Pixel and how it works, visit the help section of Facebook: https://www.facebook.com/business/help/651294705016616.

    4. You may revoke your consent to the Facebook Pixel collecting data and using it to show you Facebook Ads. To set which types of ads are displayed to you within Facebook you can access the page created by Facebook and follow the instructions there regarding the settings for use-based advertising:https://www.facebook.com/settings?tab=ads. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers and mobile devices.

    5. You can opt out of the use of cookies for reach measurement and advertising purposes by visiting the Network Advertising Initiative opt-out page (http://optout.networkadvertising.org/) and additionally the US website(http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

  20. Facebook social plug-ins

    1. On the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our Online Service as defined in Article 6(1)(f) GDPR), we use the social plug-ins (“plug-ins”) of the social network facebook.com, which is run by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The plug-ins can comprise interaction elements or contents (e.g. videos, graphics or text posts) and can be recognised by one of the Facebook logos (e.g. white "f" on a blue tile, the terms “Like”, or a thumbs up sign) or feature the phrase “Facebook Social Plug-In”. A list of and the appearance of Facebook social plug-ins can be found here:https://developers.facebook.com/docs/plugins/.

    2. When a User accesses a function of this Online Service containing such a plug-in, their device establishes a direct link with Facebook’s servers. The plug-in contents are sent directly to the User’s device by Facebook and are incorporated into the Online Service by the device. Usage profiles of Users may be created from the processed data in this respect. We therefore have no control over the volume of data collected by Facebook with the aid of this plug-in and therefore notify the Users on the basis of what we know.

    3. When the plug-ins are incorporated, Facebook is notified when a User views the corresponding page of the Online Service. If the User is logged in to Facebook, Facebook can assign this visit to their Facebook account. If Users interact with the Plug-ins, for example by clicking on the ‘Like’ button or adding a comment, the relevant information is sent directly to Facebook by their device and saved there. If the User is not a member of Facebook, Facebook is nevertheless able to determine and log their IP address. According to Facebook, only anonymised IP addresses are logged in Germany.

    4. Users can learn about the purpose and extent of Facebook’s data collection and its further processing and use, and about the corresponding rights and settings for the protection of their privacy in Facebook’s data policy:https://www.facebook.com/about/privacy/.

    5. If a User is a Facebook member and does not wish Facebook to collect data on them via this Online Service or combine such Data with their Facebook membership details, they must log out of Facebook prior to using our Online Service and must delete their cookies. Further settings and opt-outs to the use of data for advertising purposes are possible within the Facebook profile settings:https://www.facebook.com/settings?tab=ads or via the US site http://www.aboutads.info/choices/ or the EU page http://www.youronlinechoices.com/. The settings are platform-independent, i.e. they are applied to all devices such as desktop computers and mobile devices.

  21. In addition, we use the social media network Facebook for the following purposes:
    - contacting
    us - comments and posts

    1. We would like to point out that you use this Facebook page and its functions under your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). Alternatively, you can also access the information offered via this page on our website at www.partner.gira.de.

    2. When you visit our Facebook page, Facebook records data including your IP address and other information that is available on your PC in the form of cookies. This information is used to provide us, as the operator of the Facebook pages, with statistical information about the use of the Facebook page. Facebook provides more information about this at the following link: http://de-de.facebook.com/help/pages/insights.

    3. The data collected about you in this context is processed by Facebook Ltd. and may be transferred to countries outside the European Union. The information Facebook receives and how it is used is described in general terms in Facebook's data usage guidelines. You will also find information there about on how to contact Facebook and on the settings for advertisements.

      The data usage guidelines are available at the following link:
      http://en-gb.facebook.com/about/privacy

      The complete Facebook data guidelines can be found here:
      https://en-gb.facebook.com/full_data_use_policy

    4. The way in which Facebook uses the data from visits to Facebook pages for its own purposes, the extent to which activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is passed on to third parties is not conclusively and clearly stated by Facebook and is not known to us.

    5. When you access a Facebook page, the IP address assigned to your end device is sent to Facebook. According to information from Facebook, this IP address is anonymised (in the case of "German" IP addresses) and deleted after 90 days. Facebook also stores information about the end devices of its users (e.g. as part of the "login notification" function); if necessary, therefore, Facebook is able to assign IP addresses to individual users.

    6. If you are currently logged in to Facebook as a user, a cookie with your Facebook identification is located on your end device. This enables Facebook to trace that you have visited this page and how you have used it. This also applies to all other Facebook pages. Facebook buttons embedded into websites allow Facebook to record your visits to these websites and assign them to your Facebook profile. This data can be used to offer content or advertising tailored to your interests.
    7. If you want to avoid this, you should log off from Facebook or disable the "stay logged in" function, delete the cookies on your device, and exit and restart your browser. This will delete Facebook information that can be used to identify you directly. This allows you to browse our Facebook page without revealing your Facebook identity. When you access interactive functions of the site (Like, Comment, Share, Messages, etc.), a Facebook login screen appears. If you log in, you are again identifiable to Facebook as a specific user.

      Information about how you can manage or delete existing information about yourself can be found on the following Facebook support pages:
      https://en-gb.facebook.com/about/privacy

      As the provider of the information service, we do not collect or process any other data from your use of our service.

      Further information about Facebook and other social networks and how you can protect your data can also be found on youngdata.de.

  22. Newsletter

    1. The following sections explain the contents of our Newsletter, the registration, circulation and statistical analysis processes, and your rights to opt out. By subscribing to our Newsletter, you consent to receipt of the Newsletter and to the processes described.

    2. Content of the Newsletter: We send newsletters, emails and other electronic notifications containing advertising information (hereinafter “the Newsletter”) only with the recipients’ consent or subject to legal permission. If the contents of the Newsletter are outlined specifically upon registration, these are authoritative for Users’ consent. Our Newsletters otherwise contain information regarding our products, offers, promotions and our company.

    3. Double opt-in and logging: Registering for our Newsletter involves a so-called double opt-in procedure. This means that after signing up, you will receive an email asking you to confirm your registration. This confirmation is necessary so that nobody can register with third-party email addresses. Registration for the Newsletter will be logged in order to prove that the registration process complies with legal requirements. This includes the storage of the login and the confirmation time, as well as the IP address.

    4. Login data: To sign up for the Newsletter, you only need to provide your email address. We request that you optionally provide your name so that you may be addressed personally in the Newsletter.

    5. Measurement of success – the Newsletters contain a so-called web beacon, i.e. a pixel-sized file which is accessed by the Dispatch Service Provider’s server when the Newsletter is opened. When this is accessed, technical information is initially logged regarding, for example, your browser and system, your IP address and the time at which it is accessed. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour, the places from which it is accessed (determined with the aid of IP addresses) or the times at which it is accessed. The statistics logged also include details regarding whether the Newsletters are opened, when they are opened and which links are clicked on. While this information can be attributed to specific Newsletter recipients for technical reasons, neither we nor the Dispatch Service Provider endeavour to monitor individual Users. Rather, the analyses allow us to identify our Users’ reading habits and to adapt our content accordingly or to dispatch different content based on our Users’ interests.

    6. The dispatch of the Newsletter and measurement of success are made on the basis of consent being provided by the recipients in accordance with Article 6(1)(1) and Article 7 GDPR in conjunction with Section 7 para. 2 point 3 of the German Act Against Fair Competition (UWG) or on the basis of legal permission in accordance with Section 7 para. 3 UWG.

    7. The logging of the registration procedure is carried out on the basis of our legitimate interests in accordance with Article 6(1)(f) GDPR and serves as proof of consent to receive the Newsletter.

    8. Termination/revocation – you may terminate your subscription to our Newsletter at any time, i.e. revoke your consent. A link allowing termination of your subscription to the Newsletter can be found at the end of each Newsletter. If User have only signed up for the Newsletter and have cancelled this registration, their personal data is deleted.

  23. Live chat and digital Gira Assistant

    For the purpose of operating a live chat system to answer live queries or for further processing of enquiries from the digital Gira Assistant, we collect and process your name and the contents of the chat.

    If you wish to communicate by telephone and email, your email address or telephone number is collected and processed via the live chat.

    We process your data in order to handle your request, as well as to control and improve our business and service processes, including the digital Gira Assistant, which is in our legitimate interest. The legal basis for processing in this respect is Article 6(1)(f) GDPR.

    The live chat contents, as well as the usage data, i.e. chat duration, time stamp of messages, number of conversations and approximate location of the users, are stored for a maximum of 1 month after the last message of the respective transaction. Afterwards your personal data and questions will be irretrievably deleted. Usage data is also stored anonymously for statistical purposes. Personal data will not be evaluated.

    The digital Gira Assistant is a so-called chat bot that assists you in your search for information and navigation of our website. In addition, the digital Gira Assistant answers frequently asked questions and/or helps you to submit your request to the appropriate Gira contact.

    Cookies are used for the operation of the chat functions. Cookies are small text files which are stored locally in the cache of the site visitor's internet browser. The cookies enable recognition of the site visitor’s internet browser so that the individual users of the website’s chat function can be distinguished.

    To prevent cookies being stored, you can set your Internet browser so that cookies are no longer stored on your computer in the future or that cookies already stored are deleted. However, deactivating all cookies may mean that the chat function on our website can no longer be accessed.

  24. Incorporation of third-party services and content

    1. On the basis of legitimate interests (interest in the analysis, optimisation and economic operation of our Online Service as defined in Article 6(1)(f) GDPR), contents and service offers from third parties are used to integrate their contents and services, such as videos or fonts (hereinafter collectively referred to as “content”), within our online service. This is always subject to the third-party supplier being aware of the User’s IP address, as they are unable to send content to the User’s browser without an IP address. The User’s IP address is therefore required in order for the content to be shown. We endeavour to only use content from providers who only use the IP addresses to deliver the respective content. Third-party providers may also use pixel tags (invisible graphics, also known as web beacons) for statistical or marketing purposes. Pixel tags allow information, such as our website’s traffic, to be evaluated. In addition, the pseudonymous information may be stored in cookies on the User's device and may include, but is not limited to, technical information about the browser and the operating system, referring websites, time of visit, and other information regarding the use of our Online Service and be linked to such information from other sources.
    2. The following statement provides an overview of third-party providers as well as their content and links to their privacy policies, which contain further information on data processing and rights of revocation, some of which were mentioned above (so-called opt-outs):

      If our customers make use of third-party payment services (e.g. PayPal or Sofortüberweisung ("immediate transfer" - an German online payment system)), the terms and conditions and privacy notices of the respective third-party providers apply, these can be viewed within the respective websites or transaction applications.

      Maps provided by the Google Maps service of third-party provider Google LLC, 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy/, Opt-Out: https://www.google.com/settings/ads/.

      Videos on the YouTube platform of the third-party supplier Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://policies.google.com/privacy, Opt-Out: https://adssettings.google.com/authenticated.

      This website uses "fonts.com", a font service of Linotype GmbH, Werner-Reimers-Straße 2-4, 61352 Bad Homburg, Germany ("fonts.com"). Each time this website is accessed, files are loaded from a "fonts.com" server to display the text in a particular font. As a result, your IP address may be transferred to a "fonts.com" server and stored within the framework of the usual weblog. The further processing of this information is the responsibility of "fonts.com". Please refer to the data protection information of "fonts.com" for the corresponding terms and conditions and setting options: https://www.monotype.com/legal/privacy-policy

      Within our Online Service, functions of the Twitter service or platform (hereinafter referred to as “Twitter”) may be incorporated. Twitter is provided by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the display of our posts on Twitter within our Online Service, the link to our profile on Twitter and the possibility of interacting with the posts and functions of Twitter, and to measure whether users reach our Online Service via the ads placed by us on Twitter (so-called conversion tracking).