Privacy Statement

I. General Data Protection Information

Thank you for your interest in our website. Protecting your personal data is extremely important to us. Below, we would like to tell you in detail how we process your data. 

1. Name and contact details of the Processor and the company's Data Protection Officer

This Privacy Statement applies to data processing by (Controller):

Gesec Hygiene + Instandhaltung GmbH + Co. KG
Registered office in Augsburg
Augsburg District Court Registry Court
Register number: HR A 12312
Personally liable shareholder: Böhner + Schönfelder GmbH, registered office and registry court in, Register number: HR B 17083
Managing directors of personally liable shareholder:
Jörg Schönfelder, Manfred Schönfelder
Zdenko Engl, Anja Rothmund
VAT Reg. no pursuant to Section 27a of the German Value Added Tax Act (UStG): DE 160 636 323

Physical address: Gubener Straße 32, 86156 Augsburg, Germany
Postal address: Postfach 10 17 06, 86007 Augsburg, Germany

Telephone: + 49 821 790 15 0
Fax: +49 821 790 15 399
Email: gesec@gesa.de

and to their affiliated companies within the Gesa Hygiene-Gruppe, which include:

Gemex Hygiene + Vorratsschutz GmbH
Registered office in Augsburg, Germany
Augsburg District Court Registry Court
Register number: HRB 11278
Managing Director: Anja Stadie
VAT Reg. no pursuant to Section 27a of the German Value Added Tax Act (UStG): DE 127482488

Telephone: +49 821 790 15 200
Fax: +49 821 790 15 299
Email: gemex@gesa.de

Gecos Hygiene + Consulting GmbH
Registered office in Augsburg, Germany
Augsburg District Court Registry Court
Register number: HR B 13809
Managing Director: Jutta Schedler, graduate biologist
VAT Reg. no pursuant to Section 27a of the German Value Added Tax Act (UStG): DE 163126629

Telephone: +49 821 455 411 0
Fax: +49 821 455 411 29
Email: info@gecos.de

DHS Deutscher Hygiene Service GmbH + Co. KG
Registered office in Augsburg, Germany
Augsburg District Court Registry Court
Register number: HR A 13199
Personally liable shareholder: Pro Hygiene GmbH, Register number: HR B 16094
Managing Director: Manfred Schönfelder, Anja Rothmund
VAT Reg. no pursuant to Section 27a of the German Value Added Tax Act (UStG): DE 194 219 557

Telephone: +49 821 790 15 190
Fax: + 49 821 790 15 499
Email: dhs@gesa.de

Our Controller's data protection contact is Email: datenschutz@gesa.de.

 

2. Data Controller

The Controller provides information on the homepage about its own products and services and, within the corporate group, about the products and services offered by its affiliated companies. The content of the homepage is provided by the Controller alone. 

The Controller shall ensure that the obligations under the GDPR (valid from 25/05/2018) are complied with in the homepage section. This will apply in particular to the duty to inform pursuant to Art. 13 GDPR which is fulfilled by this Privacy Statement. Data subjects may assert their rights (see clause V below) with the Controller or its affiliated companies to which their personal data has been forwarded and which have processed such data.

 

3. Collection, processing and use of personal data

You may visit our website without providing personal details. We only save access details, without any reference to your identity, e.g. the name of your service provider, the page you visit our site from or the name of the requested file. This data is used purely to improve our offer and does not permit the deduction of your identity. 

Your visit to our websites is logged. Primarily, the anonymised IP address currently being used by your PC, the date and time, browser type and your PC's operating system are recorded along with the pages you view. It is not usually possible for us to link this data to your identity and we have no intention of doing so.

 

4. collection and storage of personal data as well as type and purpose of use

When visiting our websites and online offers

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling end device:

• Information about the type of browser and the version used.
• The operating system of the user
• The IP address of the user
• Date and time of access
• Websites from which the user's system accessed our website
• The data is stored in the log files of our system. This data is not stored together with other personal data of the user.

The legal basis for the temporary storage of the data and the log files is Art. 6 (1) lit. f DSGVO.

The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the IP address of the user must remain stored for the duration of the session.

The storage in log files is done to ensure the functionality of the website. In addition, we use the data to optimize the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context. These purposes are also our legitimate interest in data processing according to Art. 6 Para. 1 lit. f DSGVO.

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.

In the case of storage of data in log files, this is the case after 31 days at the latest.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website.

5. Legal basis for the processing of personal data

Where we obtain consent from the data subject for the processing of personal data, the legal basis for said personal data processing will be Art. 6(1)(a) of the EU General Data Protection Regulation (GDPR).
Where the processing of personal data is necessary to fulfil a contract to which the data subject is a contracting party, Art. 6(1)(b) GDPR will be the legal basis. This also applies to processing activities which are necessary in order to carry out precontractual measures.
Where the processing of personal data is necessary to comply with a legal obligation that our company is subject to, Art. 6(1)(c) GDPR will be the legal basis.
Where the vital interests of the data subject, or another natural person, make the processing of personal data necessary, Art. 6(1)(d) GDPR will be the legal basis.
Where the processing is necessary to safeguard our company's legitimate interests, or those of a third party, and where such interests are not overridden by the data subject's fundamental rights and freedoms, Art. 6(1)(f) GDPR will be the legal basis for the processing.

 

6. Use and disclosure of your data

The personal data you entrust to us via a website or by email (e.g. your name and address or your email address) will only be processed for the purposes of correspondence with you and solely for the purpose for which you provided us with said data. 
The same will apply when you send personal data by email directly to an affiliated company within the Gesa Hygiene-Gruppe whose email address is specified on this website. 

This data will also be used to send you occasional offers informing you about new products or services and other services that may be of interest to you. You are of course entitled to object to this use of your data by us at any time. 

The information collected on this website will be forwarded to the relevant unit within our corporate group (affiliated companies). We promise not to pass your personal data on to third parties unless we are legally obliged to do so or have obtained your consent to do so in advance. 

 

7. Data erasure and storage period

The data subject’s personal data will be erased or blocked as soon as the purpose of the storage ceases to apply. Data may also be stored when required by European or national legislators under union regulations, laws or other stipulations to which the controller is subject. The data will then be blocked or erased when a retention period stipulated by one of the specified standards expires, except where there is a need to continue to store the data for the conclusion of an agreement or fulfilment of an agreement. 

 

II. Use of cookies

1. Description and extent of the data processing

Our website uses cookies. Cookies are text files which can be saved in the internet browser or can be saved by the internet browser to the user’s computer system. When a user visits a website, a cookie may be saved in the user's operating system. This cookie contains a distinctive character string which enables the unique identification of that browser next time the user visits the website. 

On our website we also use cookies that enable analysis of the user's surfing behaviour. The following data may be transmitted in this way:

• Origin (country and city)
• Language
• Operating system
• Device (PC, tablet PC or smartphone)
• Browser and all add-ons used
• Computer resolution
• Traffic source (Facebook, search engine or referring website)
• What data has been downloaded?
• Which videos were viewed?
• Were any advertising banners clicked on?
• Where did the visitor go?
• How long did the visitor stay?

The user's data collected in this manner is anonymised by technical means. It is therefore no longer possible to link said data to the visiting user. The data is not stored together with other personal data about the user. 

Technically required cookies
Cookiename:	csrf_https-contao_csrf_token
Storage duration:	Current browser session
Provider:	System
Purpose:	Protects against cross-site request forgery attacks.
Cookiename:	PHPSESSID
Storage duration:	Current browser session
Provider:	System
Purpose:	Technical identification of a session (website visit). No personal data is collected.
Cookiename:	user_privacy_settings
Storage duration:	1 month
Provider:	System
Purpose:	To save the privacy settings on the page.
Comfort and statistics cookies
Cookiename:	_ga
Storage duration:	2 Years
Provider:	Google
Purpose:	Registers a unique ID that is used to generate statistical data about how the visitor uses the website.
Cookiename:	_gat_UA-80709424-5
Storage duration:	1 Minute
Provider:	Google
Purpose:	Used by Google Analytics to limit the request rate.
Cookiename:	_gcl_au
Storage duration:	3 Months
Provider:	Google
Purpose:	The campaign manager uses this cookie to display the actions of users who visit the website after viewing or clicking on an ad
Cookiename:	_gid
Storage duration:	1 Day
Provider:	Google
Purpose:	Registers a unique ID that is used to generate statistical data about how the visitor uses the website.

2. Legal basis for the data processing

The legal basis for the processing of personal data using cookies is Art. 6(1)f(f) of the GDPR.

 

3. Purpose of the data processing

Analysis cookies are used to improve the quality of our website and its content. Analysis cookies tell us how the website is being used so that we can continually optimise our offer. 

Our legitimate interest in the processing of personal data in accordance with Art. 6(1)(f) GDPR also lies in these purposes. 

 

4. Duration of storage, right to objection and removal

Cookies are saved to the user’s computer and send information to us from there. You, as the user, therefore have complete control over the use of cookies. By changing the settings in your browser, you can disable or restrict the transfer of cookies. Previously saved cookies can be deleted at any time. This can also be done automatically. If cookies are disabled for our site, it may not be possible to make full use of all of the website's functions.

 

5. Web Analysis

The provider of this website uses services of etracker GmbH from Hamburg, Germany (www.etracker.com) to analyze usage data. We do not use cookies for web analysis by default. Insofar as we use analysis and optimization cookies, we obtain your explicit consent separately in advance. If this is the case and you consent, cookies are used to enable statistical coverage analysis of this website, measurement of the success of our online marketing measures, and test procedures, for example, to test and optimize different versions of our online offering or its components. Cookies are small text files that are stored by the Internet browser on the user's terminal device. etracker cookies do not contain any information that enables identification of a user.

The data generated by etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to strict German and European data protection laws and standards. etracker has been independently audited and certified in this regard and awarded the ePrivacyseal data protection seal of approval.

Data processing is carried out on the basis of the legal provisions of Art. 6 para.1 lit. f (legitimate interest) of the German Data Protection Regulation (DSGVO). Our concern in terms of the DSGVO (legitimate interest) is the optimization of our online offer and our web presence. Since the privacy of our visitors is important to us, the data that may allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or transfer to third parties will take place.

You can object to the aforementioned data processing at any time. The objection has no adverse consequences.

6. Google Ads (formerly Google AdWords)

We use Google Ads Conversion Tracking to measure the success of our advertising measures. After certain target achievements on our website ("conversions") - such as the request for one of our services - this target achievement is recorded by Google. Google can thus measure the number of target achievements. In addition, Google will use previously set cookies to assign which advertisements were clicked on beforehand and were thus decisive for the target achievement. Google processes this data on servers in the USA, but will not associate it with personal data from your Google account.

7. social media (YouTube, Facebook, Twitter, Instagram, Xing)

We support social media communication and provide corresponding social media links (e.g. YouTube, Facebook, Twitter, Instagram, Xing) on our website. When you visit our site, no personal data is initially passed on to the social media providers as a matter of principle. You can recognize the provider of the plug-in by the mark on the box above its initial letter or logo. We open up the possibility for you to access the website of the respective provider via the stored link. If you access these websites, you will leave our website and your data will be processed by these social media in accordance with their privacy regulations. For more information on the purpose and scope of data collection and its processing by the respective social media provider, please refer to the privacy statements of these providers provided on their websites. There you will also receive further information about your rights in this regard and setting options for protecting your privacy.

7.1 Conditions of participation and privacy policy for the competition on Facebook and Instagram (period 28.09.2022 - 06.10.2022)

Conditions of participation in the competition

Participation in the sweepstakes of Gesa Hygiene Group, hereinafter referred to as the operator or organizer, is free of charge and is governed exclusively by these conditions of participation.

Procedure of the competition

The duration of the competition is from 28.09.2022, 10:00 am to 06.10.2022, 24:00 am. During this period, users will have the opportunity to participate in the competition online.

Participation

To participate in the sweepstakes, it is necessary to fill out and submit the entry form displayed on Instagram. Participation is only possible within the entry period. Entries received after the closing date will not be considered in the draw.

Only one submitted entry per participant will be entered into the Sweepstakes. It is strictly prohibited to use multiple email addresses or multiple Facebook profiles to increase your chances of winning.

Participation in the competition is free of charge.

Eligible participants

Eligible to participate are natural persons who are resident in Germany and have reached the age of 14. Participation is not restricted to customers of the organizer and is not dependent on the purchase of goods or services.

Should a participant be limited in his legal capacity, the consent of his legal representative is required.

Not eligible to participate in the competition are all persons involved in the conception and implementation of the competition. In addition, the operator reserves the right to exclude persons from participation at its own discretion if there are justified reasons, for example

(a) in the event of manipulation in connection with access to or implementation of the prize game, (b) in the event of violations of these conditions of participation, (c) in the event of unfair actions or (d) in the event of false or misleading information in connection with participation in the prize game.

Winning, notification and transmission of the prize

The following prizes will be awarded:

Composting bucket, microwave can, book "Is this still good or does it have to go?", plastic can, book "Don't throw me away", canning jars and labels, voucher from Rettergut and Sirplus.

The prize will be sent personally to the winner's home address as requested via the Facebook message function. The winner will be asked to send his/her address as a private message via the corresponding Facebook function. The prize will not be paid out in cash, an exchange is not possible. The prize is not transferable to third parties. The prize will be processed within 1 week after the announcement of the winner.

The winners will be determined after the closing date by means of a random draw among all participants. If the competition is linked to a task, only those participants who have completed the task correctly will be entered into the draw.

The winners of the raffle will be informed about the prize in a timely manner via a separate email.

The prize will only be handed over to the winner or to the legal representative of the underage winner. An exchange, a self-collection as well as a cash payment of the prize are not possible.

Any costs incurred for shipping the prizes will be borne by the operator. Any additional costs associated with claiming the prize shall be borne by the winner. The winner is responsible for any taxation of the prize.

If the winner does not respond after two requests within a period of 3 weeks, the prize can be transferred to another participant.

Termination of the competition

The organizer expressly reserves the right to terminate the competition without prior notice and without giving reasons. This applies in particular to any reasons that would disrupt or prevent the competition from running as planned.

Data protection

Participation in the competition requires the provision of personal data. The participant assures that the personal data provided by him/her, in particular first name, last name and email address, are true and correct.

The organizer points out that all personal data of the participant will neither be passed on to third parties nor given to them for use without consent.

In the event of a win, the winner agrees to the publication of his/her name and place of residence in the advertising media used by the organizer. This includes the announcement of the winner on the website of the operator and its social media platforms.

The participant can revoke his declared consent at any time. The revocation must be sent in writing to the email address datenschutz@gesa.de. After revocation of the consent, the collected and stored personal data of the participant will be deleted immediately.

Facebook Disclaimer

This promotion is in no way connected to Facebook and is in no way sponsored, supported or organized by Facebook.

Applicable law

Questions or complaints in connection with the competition should be addressed to the operator. Contact options can be found in the imprint area of the sweepstakes app.

The sweepstakes of the operator is subject exclusively to the laws of the Federal Republic of Germany. Legal recourse is excluded.

Severability clause

Should any provision of these Terms and Conditions of Participation be or become invalid in whole or in part, the validity of the remaining provisions of these Terms and Conditions of Participation shall not be affected thereby. In place of the invalid provision, the legally permissible provision that comes closest in economic terms to the meaning and purpose expressed in the invalid provision shall apply. The same shall apply in the event of a loophole in these Terms and Conditions of Participation.

III. Job or speculative applications

1. When submitting your application to work for us

When you apply for a job with Gesa Hygiene-Gruppe, or send us your speculative application, you consent to the relevant company in the Gesa Hygiene-Gruppe group saving the documents submitted and using the information contained therein to process your application.

This information is needed to make a decision about whether or not to embark on an employment relationship. If information is missing, we may not be able to consider your application.

If your application to a company in the Gesa Hygiene-Gruppe contains certain categories of personal data (e.g. marital status information which may provide information about your sexual activity or sexual orientation, health-related information, a photo that allows conclusions to be drawn regarding your ethnic origin and, where applicable, your eyesight and/or religion, other similar sensitive data as defined by Art. 9 GDPR), an application containing such data may only be processed with your consent. 

By submitting your application, you consent to the respective Gesa Hygiene-Gruppe company processing the specific categories of personal data contained in your application and any documents enclosed with it for the purposes of conducting the application process. The sole purpose of this consent is for the application to be generally considered in its current form.

The information will not be considered within the application process unless there is a legal obligation to do so. Your data will not be passed on to third parties. You are under no obligation to grant this consent and you may instead submit an application without personal data in the specific categories without this having any impact on your chances within the application process.

You may refuse your consent without providing reasons and you may revoke any previously granted consent at any time, for example by email. If you do revoke your consent, any data collected with said consent will be erased immediately. This means that the data processing the consent related to may no longer be continued in the future. If you refuse to grant, or revoke, your consent, the application you previously submitted cannot be considered in its current form.

If your application is unsuccessful, you consent to the relevant company within the Gesa Hygiene-Gruppe storing the personal information you provided throughout the application process (for example in cover letters, CV, references, applicant questionnaires, applicant interviews) beyond the end of the specific application process. You consent to the Gesa Hygiene-Gruppe company you applied to using this data to contact you at a later date and continuing the application process should another position suitable for you arise.

If your cover letter or other documents submitted by you in the application process contain specific categories of personal data pursuant to Art. 9 GDPR (e.g. a photo identifying your ethnic origin, information about disabilities, etc.), your consent will also relate to such data. Companies within the Gesa Hygiene-Gruppe only wish to consider applicants based on their qualifications however and therefore ask for such information to be omitted from the application where possible.

Your consent also applies to data about your qualifications and activities from generally accessible data sources (in particular professional social networks) lawfully collected by the relevant Gesa Hygiene-Gruppe company as part of the application process. Your data will not be passed on to third parties.

This consent is voluntary and has no impact on your chances within the current application process.

You may revoke your consent at any time. In this scenario, your data will be erased immediately once the application process ends. This means that we may no longer continue with the data processing that the consent related to in the future.

The legal basis for the processing of data in applications will be your consent pursuant to Art. 6(1)(1)(a) GDPR and, in the case of specific categories of personal data, Art. 9(2)(a) GDPR.

 

IV. Email contact

1. Description and extent of the data processing

nslated with www.DeepL.com/Translator (free version)The Controller and its affiliated companies within the Gesa Hygiene-Gruppe can be contacted using the email addresses provided on this website. In this case, the user’s personal data transmitted in the email will be saved by the company contacted. 

No data will be passed on to third parties in this context. The data will only be used to process the exchange.

 

2. Legal basis for the data processing 

The legal basis for the processing of data transmitted when sending an email is Art. 6(1)(f) GDPR. Where the purpose of the email contact is to conclude an agreement, Art. 6(1)(b) GDPR will also apply as the legal basis for the processing.

 

3. Purpose of the data processing

The personal data you entrust to us, or to an affiliated company within the Gesa Hygiene-Gruppe, by email (e.g. your name and address or your email address) will only be processed for the purposes of correspondence with you and solely for the purpose for which you provided us with said data. In the case of contact by email, this will constitute the required legitimate interest in the data processing.

 

4. Duration of storage, right to object

The data will be erased as soon as it is no longer needed for the purpose behind its collection. For personal data sent by email, this will be the case when the conversation with the user in question has ended. The conversation will end when it is clear from the circumstances that the facts in question have been clarified conclusively. 

When the user contacts us, or one of our affiliated companies within the Gesa Hygiene-Gruppe, by email, they may object to their personal data being stored at any time. In such cases, the conversation cannot be continued. Please send your objection to info@gesa.de All personal data saved when contact was made will be erased in this scenario. 

Please note V. point 4. Right to erasure b) exceptions here.

 

V. Rights of the data subject

When your personal data is processed, you are the Data Subject as defined in the GDPR and you have the following rights in respect of the Controller and in respect of the companies affiliated with the Controller within the Gesa Hygiene-Gruppe: 

1. Right of access (Art. 15 GDPR)

You may request confirmation from the Controller as to whether or not personal data relating to you is being processed by us. In the event of such processing, you may request the following information from the Controller:

• The purposes for which the personal data is being processed,
• The categories of personal data being processed,
• The recipient, or categories of recipients, to whom your personal data has been or will be disclosed,
• The envisaged period for which your personal data will be stored or, where specific details of this are not possible, the criteria for determining that storage period,
• The right to request from the controller the rectification or erasure of personal data, a right to restrict the processing of your personal data or to object to such processing,
• The right to lodge a complaint with a supervisory authority,
• All available information regarding the source of the data where said data was not collected from the Data Subject,
• Whether or not automated decision-making exists, including profiling, referred to in Art. 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the Data Subject.
• You are entitled to request information about whether or not your personal data will be transferred to a third country or an international organisation. In this respect, you may ask to be informed about appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.

 

2. Right to rectification (Art. 16 GDPR)

You have a right in respect of the Controller to rectification and/or completion where your processed personal data is incorrect or incomplete. The Controller must implement the rectification immediately.

 

3. Right to restriction of processing (Art. 18 GDPR)

You may ask to restrict the processing of your personal data under the following conditions:

• Where you contest the accuracy of your personal data, for a period enabling the Controller to verify the accuracy of the personal data,
• Where the processing is unlawful and you are opposed to having your personal data erased and request the restriction of its use instead,
• Where the Controller no longer needs the personal data for the purposes of the processing, but it is required by the Data Subject for the establishment, exercise or defence of legal claims, or
• Where you have objected to processing pursuant to Art. 21(1) GDPR pending verification of whether the Controller's legitimate grounds override yours.

If the processing of your personal data has been restricted, said data may only be processed – apart from its storage – with your consent or for the purposes of asserting, exercising or defending legal claims or protecting the rights of another natural or legal person or for the sake of an important public interest of the Union or of a Member State.
If the restriction on processing has been limited in accordance with the aforementioned conditions, the Controller will notify you before the restriction is lifted.

 

4. Right to erasure (Art. 17 GDPR)

a.     Duty to erase

You may ask the Controller to erase your personal data immediately and the Controller is obliged to erase said data immediately providing one of the following reasons applies:

• Your personal data is no longer required for the purpose for which it was collected or was otherwise processed.
• You revoke your consent on which the processing is based pursuant to Art. 6(1)(a) or Art. 9(2)(a) GDPR and there is no other legal basis for the processing.
• In accordance with Art. 21(1) GDPR you submit an objection to the processing and there are no overriding legitimate reasons for the processing, or you object to the processing in accordance with Art. 21(2) GDPR.
• Your personal data has been unlawfully processed.
• The erasure of your personal data is necessary to fulfil a legal obligation under union law or the law of the member states to which the Controller is subject.
• Your personal data was collected in relation to information society services pursuant to Art. 8(1) GDPR.

b.     Exceptions

There will be no right to erasure where the processing is necessary

• to exercise the right of free expression and to free information,
• to fulfil a legal obligation that the Controller is subject to under union law or the law of the member states, or to carry out a task that is in the public interest or in the exercise of official authority vested in the Controller,
• for reasons of public interest in the area of public health pursuant to Art. 9(2)(h) and (i) and Art. 9(3) GDPR,
• for archiving purposes, scientific or historic research purposes or for statistical purposes pursuant to Art. 89(1) GDPR and the right specified in section a) that would likely make achieving the purpose behind this processing impossible or seriously affect the same, or
• to assert, exercise or defend legal claims.

 

5. Right to be informed

If you have asserted your right in respect of the Controller to rectify, erase or restrict the processing of your data, the latter shall notify all recipients to whom your personal data has been disclosed about said rectification or erasure of the data or the restriction on processing, except where this is not possible or entails a disproportionate amount of effort.
You also have the right to be informed by the Controller about such recipients. 

 

6. Right to data portability (Art. 20 GDPR)

You are entitled to obtain the personal data you provided to the Controller in a structured, commonly used and machine-readable format. You also have the right to have such data sent to another Controller by the Controller to whom the personal data was provided without hindrance, providing that

• The processing is based on consent in accordance with Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR or on a contract pursuant to Art. 6(1)(b) GDPR, and
• The processing is carried out by automated means.

When exercising this right, you also have the right to have your personal data sent to a different Controller by the Controller directly where this is technically feasible. This will not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data that is necessary to carry out a task that is in the public interest or in the exercise of official authority vested in the Controller. 

 

7. Right to object (Art. 7(3) GDPR)

You have the right to object at any time, on grounds relating to your particular situation, to processing of your personal data which is based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions. 

The Controller and its affiliated companies within the Gesa Hygiene-Gruppe will no longer process your personal data unless the Controller is able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing is necessary for the establishment, exercise or defence of legal claims. 

Where your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of your personal data for the purposes of such direct marketing. This also applies to profiling where it is related to such direct marketing. 

If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. 

In connection with the use of information society services, you have the option, irrespective of Directive 2002/58/EC, to exercise your right to object by automated means using technical specifications. 

 

8. Decision making in individual cases including profiling

You have the right not to be subject to a decision solely based on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply where the decision is necessary for entering into, or performance of, a contract between you and the Controller,

a. authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests, or

b.     where said decision is made with your express consent.

Such decision may not be based on special categories of personal data referred to in Art. 9(1) GDPR however, unless Art. 9(2)(a) or (g) applies and suitable measures have been taken to safeguard your rights and freedoms and legitimate interests. 

With regard to the scenarios referred to in points (a) and (c), the Controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, which will include, at a minimum, the right to obtain human intervention on the part of the Controller, to give an opinion and to contest the decision. 

 

9. Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you are entitled to lodge a complaint with a supervisory authority, in particular in the member state where you reside or work, or where the alleged infringement took place, if you believe that the processing of your personal data violates the GDPR. The supervisory authority with which the complaint is lodged will inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy in accordance with Art. 78 of the GDPR. 

 

VI. General legal information

The data we receive via our website is processed on servers in Germany. You may always visit our website without providing personal details. 

We occasionally refer to third-party websites. Although we select these third parties carefully, we cannot guarantee the accuracy or completeness of the content or the data security of the third-party websites. We have no influence on whether their operators comply with data protection regulations. This privacy policy also does not apply to linked third-party websites.
We conduct our business in accordance with applicable German law. The laws of the Federal Republic of Germany shall apply exclusively, to the exclusion of the conflict of laws provisions.

Minors under the age of 18 should not submit any personal data to us without the consent of their parent or guardian. 

When we introduce new products or services, change our internet procedures or when our internet and IT security technology changes, this Privacy Statement must be updated. We therefore reserve the right to change or add to the statement as necessary. We will publish the changes here. You are therefore advised to visit this website regularly to ensure that you are aware of the latest version of this Privacy Statement. 

All information contained on this website has been carefully checked. We do not offer any guarantee however that the content of our website is correct, complete and up to date at any given time. 

 

VII. Data security information

We secure our website and other systems by technical and organisational means against the loss, destruction, access, modification or distribution of your data by unauthorised parties. However, despite regular checks, it is not possible to provide complete protection against all risks. 

A firewall system prevents external access. Multiple levels of encryption and identification prevent unauthorised information retrieval or the interception of customer data during transfers. In addition to the internal internet browser encryption procedures, we use even stronger encryption procedures to prevent decoding by unauthorised parties. 

We ensure the confidentiality and security of your personal data by only using your personal data provided via our website or in email communications to fulfil your request or address your concern, by ensuring that our employees comply with confidentiality obligations and that our security measures reflect state-of-the-art technology to a reasonable extent, that our system security is checked regularly so we can safeguard against any damage, loss or access to data held by us in the long term, and by ensuring that our Data Protection Officer complies with the Privacy Statement. 

 

VIII. Data protection contact

For queries regarding the collection, processing or use of your personal data, for information about or to correct, block or delete data, please contact our data protection contact: datenschutz@gesa.de.