1. General provisions
We are very pleased about your interest in our company. Data protection is of particular importance to us. In this privacy policy, we inform you about the data processing in our company, as far as this data processing also concerns your data. If you would first like an introduction to the subject of data protection and general information on the terms used in the General Data Protection Regulation, you will find a large number of further references on the website of the Federal Data Protection Commissioner, which can be accessed at https://www.bfdi.bund.de.
This privacy policy applies to the website of G&L Geißendörfer & Leschinsky GmbH, which can be accessed under the domain gl-systemhaus.de/en/ as well as the various subdomains and linked domains (hereinafter referred to as "our website").
All contracts with us shall be governed exclusively by German law. All contracts with us are concluded under exclusive application of our General Terms and Conditions.
2. Information on responsible persons and data protection officers
2.1 The company responsible for processing your personal data is G&L Geißendörfer & Leschinsky GmbH, Maarweg 149-161, D-50825 Cologne. You can reach us for general questions either by telephone at + 49 (0) 221 99809-0 or by e-mail at contact@gl-systemhaus.de. Further information on how to contact us can also be found here on our website under Contact as well as in our Legal notice.
2.2 If you have any questions about data protection or about exercising your rights under data protection law (see section 4), you can contact our data protection officers either by post at our address given above or by e-mail at datenschutz@gl-systemhaus.de.
3. Activities in which we process your personal data
3.1 Visiting our website. When you visit our website without logging in, registering or otherwise filling in any input fields on the website, we process your personal data as follows:
3.1.1 For the purpose of providing our website, we process the IP address, time of access, browser information, operating system, language setting and screen resolution of all website visitors. The processing is technically necessary to enable the use of our website (Art. 6 para. 1 b GDPR). The data is deleted after the end of your visit to our website, unless individual data is processed further for one of the purposes listed below.
3.1.2 For the purpose of detecting and defending against attacks on our website and technical infrastructure (e.g. hacking, denial-of-service attack), we process the IP addresses, time of access, sub-page(s) accessed and data volume transferred of all website visitors. The processing serves to fulfill our legal obligation to take protective measures (Art. 6 para. 1 c GDPR). The data is deleted seven (7) days after the end of your visit to our website, provided that no attack attempt is detected. In the event of a detected attack attempt from your connection, the data will continue to be processed for full technical and, if necessary, legal processing.
3.1.3 Cookies
We use cookies on our website. Such cookies are necessary to allow you to navigate freely around the website and use its features, including accessing secure areas of the website. Cookies allow us to track who has visited the site(s) and from this we can deduce how frequently certain pages are visited, and which parts of the site are particularly popular. Session cookies store information about your activities on our website.
This website uses the following types of cookies, the scope and functionality of which are explained below:
Transient cookies
Persistent cookies
Third party cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This means that your computer can be recognized when you return to the website. The session cookies are deleted as soon as you log out or close your browser.
Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. In addition, you can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your wishes and, for example, refuse to accept third-party cookies or all cookies. Please note that you may then not be able to use all the functions of this website. You can also already set which type of cookies are permitted or rejected in the upstream cookie banner.
a) Hubspot
For the purpose of accelerating the delivery of our website, we use the content delivery network provided by Hubspot. For this purpose, several cookies are set on the end device of each website visitor, which recognize them by means of a random pseudonym as long as the browser window is open. The cookies do not contain any other personal data. The cookies are transmitted to Hubspot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA as a processor (Art. 28 GDPR). The processing is technically necessary to enable the use of our website (Art. 6 para. 1 b GDPR). The cookies are deleted after one year, unless another setting in your web browser provides for earlier deletion.
Cloudflare
In connection with the processing by Hubspot, cookies are also set by the service provider Cloudflare. Cloudflare is a US company. It stores user data on servers in the USA. The USA is considered a so-called unsafe third country.
The processing is only based on their explicit consent, which you can give in the Consent Banner by opting in.
The legal basis for the consent with regard to the storage and readout of information is Section 25 (1) of the Telecommunications Telemedia Data Protection Act (TTDSG) and, with regard to the processing of personal data, Article 6 (1) a DSGVO.
You can revoke your consent at any time, with effect for the future, in the browser settings.
In order to analyze visitor behavior through Hubspot's services, we store cookies on the end device of the website visitor. For example, the IP address from which a data subject came to a website (so-called referrer), which sub-pages of the website were accessed or how often and for how long a sub-page was viewed, are transferred to Hubspot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA as the order processor (Art. 28 GDPR) and processed there. The processing there is used to evaluate the use of our website and for the cost-benefit analysis of online advertising, in particular to compile online reports for us on the activities on our websites. Furthermore, Hubspot compares the public IP address of the terminal device used with IP address range mappings known there to company networks and provides us with information about the company and the use of our website by terminal devices in that company's network. The processing takes place on the basis of your voluntary consent (Art. 6 para. 1 a GDPR). The transfer of information (including personal data) by Hubspot to a server in a third country cannot be ruled out within this context. However, the transfer to the United States of America takes place on the basis of the EU standard contractual clauses according to Art. 46 para. 5 p. 2 GDPR. The cookies are deleted after 13 months at the latest, unless another setting in your web browser provides for earlier deletion.
b) Google Maps
We have set up a two-click procedure on our website for the use of Google Maps, which in turn prevents Google from collecting your data the first time you visit our website. This means that initially only an image of the map section is displayed. Only after you have clicked this image is the linked URL accessed and the data collection by Google takes place. To provide the map section with the location of our company, we store a cookie on the end device of each website visitor who actively clicks the map section. This contains a unique ID which Google uses to store your preferred settings and other information, in particular your preferred language (e.g. German), how many search results should be displayed per page (e.g. 10 or 20) and whether the Google SafeSearch filter should be activated. This data is transmitted to Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland as a processor (Art. 28 GDPR) and processed there. The processing is technically necessary to enable the use of this function of our website (Art. 6 para. 1 b GDPR). The transfer to the United States of America takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 5 p. 2 GDPR. The cookies are deleted after six months, unless another setting in your web browser provides for earlier deletion.
3.2 Contact form on our website
For the purpose of providing a contact option for initiating business and answering general questions, we process the following data entered in the contact form: surname, first name, e-mail address, name of the company, IP address and message regarding the request. This data is only processed in order to deal with the respective request of the enquirer(s); the mandatory information (name and email address) is required in order to be able to assign the enquiry to an existing contractual relationship and to reply to the enquirer(s) with a personal salutation. All data entered is transferred to Hubspot Inc., 25 First Street, 2nd Floor, Cambridge, MA 02141, USA as the processor (Art. 28 GDPR) and processed there in order to make the data available for further use by us. Further processing (e.g. for the transmission of advertising) only takes place if the request requires this (e.g. in the case of an expressed interest in the products, but not a support request). The processing is necessary for the execution or fulfillment of the contract (Art. 6 para. 1 b GDPR). The transfer to the United States of America takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 5 p. 2 GDPR. The processing is limited immediately after completion of the processing of the request of the inquirer(s) to the fulfillment of legal, in particular commercial and tax law retention obligations, and automatically deleted after the end of the last retention period.
3.3 Registration for the G&L newsletter
In order to send the G&L newsletter with information on our services and products, general company development and relevant products from our partner companies to subscribers by e-mail, we process the following data from all users of the registration form: Name, first name, e-mail address, information about the company, IP address of the terminal device used to register for the newsletter, confirmation of the e-mail address in the so-called "double opt-in" procedure. The processing is based on your voluntary consent (Art. 6 para. 1 a DS-GVO) and can be withdrawn at any time.
The newsletter is sent via Hubspot. The emails, as well as information on the dispatch and analysis, are stored there. In order to constantly improve our newsletter, we evaluate the statistics from Hubspot. You can find the Hubspot privacy policy at: https://legal.hubspot.com/privacy-policy.
The registration to receive the newsletter can be revoked at any time. You can exercise your right of withdrawal in accordance with section 4.2.4 by clicking this link and entering the email address in the form. Each newsletter sent also contains a link to revoke the consent you have given.
If you have any questions about the G&L newsletter, please contact newsletter@gl-systemhaus.de.
3.4 Application procedure
For the purpose of deciding on the establishment of an employment relationship, we process the following data of all persons applying: surname, first name, address, e-mail address, telephone number, photo, all data provided to us by the applicant regarding qualifications, CV, previous activities, as well as information on personal interests and the personality of the applicant. We also collect personal data from the career platforms Xing and LinkedIn to supplement and compare it with the application documents, which is visible to all users there or has been released to us by the applicant. This data is passed on internally to our employees in key positions in the specialist departments in whose area the applicant's work falls. We evaluate this data in order to assess the applicant's professional and personal qualifications for a job with us and to compare them with other applicants.
The data will only be used to make a decision on the establishment of an employment relationship for a specific (advertised) position or, in the case of unsolicited applications, for the respective current requirement. This processing is carried out on the basis of § 26 BDSG (2018). The data is deleted after the decision-making process has been completed, unless the person applying has given their consent to further storage.
3.4.1 Lever
We use the applicant tracking system Lever from Lever Hire, 1125 Mission Street, San Francisco, CA 94103, United States of America ("Lever") for our recruitment process.
Your data will only be processed by us in this process if you apply for a job with us through Lever and have previously registered with Lever. We do not store any applicant data in Google from you in Lever without your registration and application with us via Lever. Your applicant data includes: first and last name, contact details and application documents (e.g. cover letter, CV, references, etc.).
Lever will act as our order processor in accordance with Art. 28 GDPR. We have concluded a corresponding order processing agreement and the associated EU standard contractual clauses with Lever. You can find further data protection information on Lever at: Lever Privacy Policy (https://www.lever.co/privacy-notice/)
All data that you send us about your application will be processed and stored by Lever and automatically deleted after six months if we reject your application. The same applies if you are hired by us. From that point on, your data will only be stored in special personnel management systems.
If you would like us to delete your data before this period has expired or if you would like information about your stored data, please contact us at: datenschutz@gl-systemhaus.de
We only use this data for G+L Systemhaus GmbH's recruitment process and only people in our recruitment team have access to this data. We do not use this data for any other purpose. For statistical purposes of the recruitment team, we store anonymized data that has no relation to actual persons. Legal bases for this data processing is § 26 BDSG in conjunction with Art. 6 para. 1 sentence 1 lit. b) GDPR. Regarding the autonomous processing of your data on the Lever website, we refer to the data protection information there (https://www.lever.co/privacy-notice/).
3.5 Processing of telephone enquiries
In order to process general telephone enquiries and to answer customer support enquiries by telephone, we process the surname, first name, telephone number, customer number of the caller, the other personal data provided by the caller by telephone and information on the content of the telephone enquiry. The processing is necessary to deal with the caller's request (Art. 6 para. 1 b GDPR). Depending on the content of the request, processing is restricted immediately after completion of the processing of the request of the caller to the processing for the specific purpose of the request (e.g. use of our products by the customer, advertising for our services as part of the acquisition of new customers). After the fulfillment of the respective purpose and all legal, in particular commercial and tax law retention obligations, the data is automatically deleted.
3.6 Processing of enquiries via social media
In order to process enquiries sent to us via our presence on social networks such as Facebook, Twitter, LinkedIn, Xing or Instagram, we process the personal data that you have provided to the respective social network. The processing of your data is necessary to process your request (Art. 6 para. 1 b GDPR). Depending on the content of the request, processing is restricted immediately after completion of the processing of the request of the caller to the processing for the specific purpose of the request (e.g. use of our products by the customer, advertising for our services as part of the acquisition of new customers). After the fulfillment of the respective purpose as well as all legal, in particular commercial and tax law retention obligations, the data will be deleted.
3.7 Processing of e-mails
In order to process all enquiries that reach us by e-mail, we process the surname, first name, e-mail address, customer number or user ID of the sender, the other personal data provided in the e-mail and information on the content of the request. This data is transmitted via the Google-Mail service to Google Ireland Limited, Gordon House, Barrow Street Dublin 4, Ireland as a processor (Art. 28 GDPR), which provides the e-mail service technically for us (hosting). The processing is required for the fulfillment of the request (Art. 6 para. 1 b GDPR). The transfer to the United States of America takes place on the basis of the EU standard contractual clauses pursuant to Art. 46 para. 5 p. 2 GDPR. Depending on the content of the request, processing is restricted immediately after completion of the processing of the request of the inquirer(s) to processing for the specific purpose of the request (e.g. use of our products by the customer, advertising for our services as part of new customer acquisition). After the fulfillment of the respective purpose as well as all legal, in particular commercial and tax law retention obligations, the data will be deleted.
3.8 New customer acquisition
In order to advertise our company's products by telephone, letter post, e-mail and electronic messages via the Xing and LinkedIn platforms, we process the surname, first name, postal address, e-mail address, telephone number, electronic identifier on the platform used in each case, position in the company and the information available on the company's specific interest in our products and services. Insofar as we have not received this data from the (representative of a) potential customer (e.g. as a contact at a trade fair or event, via the contact form on the website or as part of a call), we collect the data via the platform used in each case (Xing or LinkedIn), insofar as this is generally visible there or has been released, as well as from public directories. The processing is necessary to protect our overriding legitimate interest (Art. 6 para. 1 f GDPR) to provide our customers with direct advertising for our products and thus to increase the sales of our products. Data processing for direct advertising only takes place if no objection has been raised and only to the extent that the potential customer can expect within the framework of the contractual relationship, without it being assumed that this constitutes unreasonable harassment. The data will be deleted or the connection on the Xing or LinkedIn platforms terminated if the employee objects to being contacted for advertising purposes. The data will also be deleted manually at the discretion of the sales department if, during the course of the conversation, it becomes clear that there is no current or future interest in the products and services of our company, or if so much time has passed since the potential customer failed to respond that a response can no longer be expected.
3.9 Data transfer for website maintenance
We will not share your personal information with third parties unless we inform you that we will share it with them.
Our IT service providers have access to our stored data in order to correct errors and enable us to carry out the required technical organizational measures. In doing so, we invoke our legitimate interest in securing our IT pursuant to Art. 6 para. 1 lit. f GDPR or the fulfillment of legal obligations pursuant to Art. 6 para. 1 lit. c GDPR.
The IT service provider(s) were carefully selected by us and commissioned in writing. They are bound by our instructions and are regularly monitored by us. The service providers will not pass on this data to third parties.
3.10 Video conferencing via Zoom
We use the "Zoom" tool to conduct telephone conferences, online meetings, job interviews, video conferences and/or webinars (hereinafter: "Online Meetings"). "Zoom" is a service provided by Zoom Video Communications, Inc, 55 Almaden Boulevard, 6th Floor, San Jose, CA 95113, USA.
The form of data processing depends on how the service is used. Zoom allows for a flexible design of online meetings. As a host or moderator, the personal data stored in your Zoom account is processed for the administration of the Zoom rooms. As a participant, you can decide whether you want to take part in the chat or whether you want to share your microphone or camera. You can find more information about this under: https://zoom.us/de-de/privacy.html
3.11 Visitor management with Envoy
For the purpose of our visitor management, we use the service provider Envoy. Envoy is a US company. It stores user data on servers in the USA. The USA is considered a so-called unsafe third country. There is an AVV with Envoy. Furthermore, Envoy is subject to the standard contractual clauses. The legal basis for processing the data of our visitors is based on Art. 6 (1) lit. f DSGVO. Our legitimate interest is the documentation of visitors, which is necessary for data security reasons and the tracking of crimes or security incidents in the company.
For more information about Envoy, please visit their website: https://envoy.com/gdpr-dpa/
4. Your rights as a person affected by data processing
4.1 Your rights against us can be asserted at any time by post to our address mentioned in section 2.1 above or by email to the email address mentioned in section 2.2 above. Please understand that we do not process enquiries about personal data by telephone, as the identity of the caller cannot usually be established with sufficient certainty.
4.2 You have the following rights with regard to the personal data concerning you:
4.2.1 You can assert your right to information (Art. 15 GDPR), right to correction (Art. 16 GDPR), right to deletion (Art. 17 GDPR) and right to restriction of processing, i.e. blocking for certain purposes (Art. 18 GDPR) at any time vis-à-vis us if the respective legal requirements are met.
4.2.2 Your right to data portability (Art. 20 GDPR) further prescribes that you may, if the legal requirements are met, request that we transfer the personal data concerning you to you – or, if technically feasible, to another controller designated by you – in a structured, common and machine-readable format.
4.2.3 You have a right to object to processing (Art. 21 GDPR) for certain processing purposes, in particular advertising purposes. Insofar as we carry out processing of your data on the basis of a balance of interests (pursuant to Art. 6 para. 1 f GDPR), you have the right to object to this processing at any time on grounds arising from your particular situation. Such reasons exist in particular if they give special weight to your interests and therefore outweigh our interests, for example, if these reasons are not known to us and therefore could not be taken into account within the context of the weighing of interests.
You can send your objection to the following e-mail address: datenschutz@gl-systemhaus.de.
4.2.4 You have the right to revoke the consent you have given us (Art. 7 para. 3 GDPR) to process your data. The revocation can be declared at any time, related to all or only individual processing based on your consent, and without giving reasons with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected. We show you simple ways in which you can declare the revocation in section 3 above for the respective processing activity.
4.3 You also have the right to contact the competent data protection supervisory authority with questions or complaints regarding our processing of your personal data.
They can be found here: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
5. SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operators, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If the SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
6. Whistleblower Protection System
In accordance with the Hinweisgeberschutzgesetz or HinSchG (Whistleblower Protection Act), we would like to emphasize that we take the protection of whistleblowers seriously. All reports received under this law will be treated confidentially and processed strictly in accordance with legal provisions. To facilitate this, our Whistleblower Protection Portal is at your disposal, accessible at: https://gundl.integrityline.com/frontpage
We are committed to protecting the identity of whistleblowers and using information only for the intended purpose. Any disclosure of data will only occur if legally mandated or necessary for the investigation of reported incidents. Our employees are bound by confidentiality regarding all reports. If you have any questions regarding whistleblower protection or the processing of reports, we are happy to assist.