Information about the processing of your data under Articles 13 and 14 of the General Data Protection Regulation (GDPR) – Privacy Policy
We are thrilled about your interest in our company. Data protection is a high priority for our
company. With digitization, personal data will inevitably be collected on the one hand (e.g., when you make a request) and processed (e.g., when we respond to this request). We attach great importance to transparency, so we will explain here how we handle personal data, the legal foundations of our data processing, and your rights. If you have any questions about data protection, please send them to: info@gis-consult.de
Data protection is a dynamic topic. Due to the implementation of new technology, changes in legislation or case law, amendments to the information under Art. 13 and 14 (Data Protection Declaration) may be necessary. We will inform you appropriately and always keep an eye on your interests. At the same time, we cordially invite you to revisit this page from time to time to check for any possible updates.
Notice concerning the responsible party
The responsible party is a natural or legal person who decides on the objectives and methods of processing personal data (e.g., names, email addresses, etc.) either alone or jointly with others. In our case, this is:
GIS Consult GmbH
Society for Applied Geographic Information Systems
Schultenbusch 3
45721 Haltern am See
Telephone: +49 (0) 23 64 / 9 21 80
Email: info@gis-consult.de
Our external data protection officer will also gladly answer any questions you have about data protection:
Data Protection Officer Münsterland – Anke Blömer
Aulendorf 55
48727 Billerbeck
Telephone: +49 (0) 25 43 / 9 30 20 29
Email: service[ät]datenschutzbeauftragter-muensterland.de
In the following, we explain the processing of personal data in various applications:
A. Data processing on this website
Privacy Policy
1. Data protection at a glance
General Information
The following information provides a simple overview of what happens with your personal data when you visit this website. Personal information is any data that could personally identifiy you. Detailed information on the subject of data protection can be found in our privacy policy found below.
Data collection on this website
Who is responsible for data collection on this website?
Data is processed on this website by the website operator. You can find their contact details in the section “Notice concerning the responsible party” in this Privacy Policy.
How do we collect your data?
On the one hand, your data will be collected when you communicate it to us. This could, for example, be data you enter on a contact form.
Other data is collected either automatically by our IT systems or with your consent when you visit the website. This data is primarily technical data (such as the browser and operating system you are using or when you accessed the page). This data is collected automatically as soon as you visit this website.
What do we use your data for?
Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.
What rights do you have regarding your data?
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected or deleted. If you have given your consent to data processing, you may revoke this consent at any time. You also have the right to request that the processing of your personal data be restricted under certain circumstances. You may also, of course, file a complaint with the competent regulatory authorities.
You can contact us at any time regarding this and other concerns related to data protection.
2. Hosting
We host the contents of our website with the following provider:
DomainFactory
The provider is DomainFactory GmbH, c/o WeWork, Neuturmstraße 5, 80331 Munich (hereinafter DomainFactory). When you visit our website, DomainFactory collects the following data in a log file with a retention period of 7 days: domain, IP, inquiries, user agent, time stamp, status code.
Details can be found in DomainFactory’s privacy policy: https://www.df.eu/de/support/df-faq/service-infos/datensicherheit/#accordion-22953
The use of DomainFactory is carried out based on Art. 6 Para. 1 lit. f GDPR. We have a legitimate interest in presenting our website in the most reliable way. If corresponding consent has been requested, processing proceeds exclusively based on Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 of the Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes cookie storage or access to information in the user’s end device (e.g., device fingerprinting) within the terms of the TDDDG. Consent can be revoked at any time.
Order Processing
We have concluded a contract for order processing (AVV) to use the above-mentioned service. This is a contract prescribed by data protection laws, which ensures that the provider only processes the personal data of our website visitors per our instructions and in compliance with the GDPR.
3. General and Mandatory Information
Privacy Policy
The operator of this website takes the protection of your personal data very seriously. We handle your personal data as confidential and in compliance with the statutory data protection regulations and this Privacy Policy.
If you use this website, various items of personal data will be collected. Personal information refers to any data that could personally identify you. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.
Please note that the transfer of data on the internet (e.g., communication via email) may be subject to security gaps. It is not possible to fully protect data from third-party access.
Storage Period
Unless a specific storage period is stipulated in this Privacy Policy, we will retain your personal data until the purpose for the data processing no longer applies. If you make a legitimate request for deletion or revoke your consent to data processing, your data will be deleted unless we have other legally permissible reasons for storing your personal data (e.g., tax or commercial retention periods); in the latter case, the deletion takes place once these reasons no longer apply.
General information on the legal basis for data processing on this website
If you have consented to data processing, we will process your personal data based on Art. 6 Para. 1 lit. a GDPR and/or Art. 9 Para. 2 lit. a GDPR, if special data categories per Art. 9 1 GDPR are processed. In the event of express consent to the transmission of personal data to third countries, the data processing of data will also be based on Art. 49 Para. 1 lit. a GDPR. If you have consented to the storage of cookies or to accessing information on your end device (e.g., via device fingerprinting), data processing will also be carried out on based in Art. 25 Para. 1 Telecommunications Digital Services Data Protection Act (TDDDG). Consent can be revoked at any time. If your data is required to fulfil the contract or carry out pre-contractual measures, we will process your data based on Art. 6 Para. 1 lit. b GDPR. Furthermore, we process your data if it is required to fulfil a legal obligation based on Art. 6 Para. 1 lit. c GDPR. Data processing can also be based on our legitimate interest per Art. 6 Para. 1 lit. f GDPR. The following paragraphs of this Privacy Policy provide information on the relevant legal bases in each individual case.
Recipient of personal data
We work with various external bodies in the context of our business activities. In some cases, it is also necessary to transfer personal data to these external bodies. We only transfer personal data to external bodies if this is necessary for contract fulfillment, if we are legally obliged to do so (e.g. data transfer to tax authorities), if we have a legitimate interest per Art. 6 Para. 1 lit. f GDPR, or if another legal basis permits data transfers. When using data processing companies, we only transfer the personal data of our customers for a valid contract for order processing. In the case of joint processing, a contract for joint processing is concluded.
Revoking your consent to data processing
Many data processing operations are only possible with your express consent. You may revoke your consent at any time. The legality of the data processing carried out before the revocation remains unaffected.
Right to object to the collection of data in special cases and to direct advertising (Art. 21 GDPR)
If data is processed based on Art. 6 Para. 1 lit. e or f GDPR, you have the right, for reasons arising from your particular situation, to object to the processing of your personal data at any time; this also applies to profiling based on these provisions. The respective legal basis applied to processing can be found in this Privacy Policy. If you file your objection, we will no longer process the data that concerns you, unless we can prove compelling legitimate reasons for the processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims (objection based on Art. 21 Para. 1 GDPR).
If your personal data is processed to conduct direct advertising, you have the right to object to the processing of your personal data for the purpose of such advertising at any time; this also applies to profiling insofar as it is related to such direct advertising. If you object, your personal data will subsequently no longer be used for the purpose of direct advertising (objection per Art. 21 Para. 2 GDPR).
Right to file complaints with regulatory authorities
In the event of infringements of the GDPR, the persons concerned shall have the right to appeal to a supervisory authority, particularly in the member state of their habitual residence, workplace or place of presumed infringement. The right of appeal shall be without prejudice to other administrative or judicial remedies.
Right to Data Portability
You have the right to have data which we process automatically based on your consent or in fulfillment of a contract delivered to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another data controller, this will only be completed if technically feasible.
Information, Correction, and Deletion
As permitted by law, you have the right to be provided with information about your personal data that is stored as well as its origin, the recipient, and the purpose for which it has been processed at any time free of charge. You also have the right to have this data corrected or deleted. You can contact us at any time concerning this and any other questions you may have on the subject of personal data.
Right to Restrict Processing
You have the right to request the restriction of the processing of your personal data. You can contact us at any time to do this. The right to restrict data processing exists in the following cases:
- If you dispute the accuracy of your personal data stored with us, we usually need time to verify this. For the duration of the examination, you have the right to demand the restriction of the processing of your personal data.
- If the processing of your personal data was done/is done unlawfully, you may request the restriction of data processing instead of deletion.
- If we no longer need your personal data, but you need it for the exercise, defense, or assertion of legal claims, you have the right to demand the restriction of the processing of this data instead of deletion.
- If you have objected according to Art. 21 Para. 1 GDPR, a balance must be made between your interests and ours. As long as it is not yet clear whose interests take presidense, you have the right to demand that the processing of your personal data be restricted.
If you have restricted the processing of your personal data, this data – apart from being stored – may be processed only with your consent or for the purpose of asserting, exercising, or defending rights; protecting the rights of another natural or legal person; or on the grounds of an important public interest of the European Union or of a Member State.
SSL or TLS Encryption
This site uses SSL or TLS encryption for security reasons and the protection of the transmission of confidential content, such as the orders or inquiries you send to us as the site operators. You can recognize an encrypted connection in your browser’s address line when it changes from “http://” to “https://” and the lock icon is displayed in your browser’s address bar.
If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.
Objection to Advertising Emails
We hereby object to using contact data published in the context of legal notice requirements for sending promotional and informational materials that were expressly not requested. The website operator reserves the right to take specific legal action if unsolicited advertising material, such as email spam, is delivered.
4. Data Collection on this Website
Cookies
Our websites use cookies. Cookies are small data packages and do not cause any damage to your device. They are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your device. Session cookies are automatically deleted after your visit. Permanent cookies remain stored on your device until you delete them yourself or your web browser automatically deletes them.
Cookies can come from us (first-party cookies) or from third-party companies (third-party cookies). Third-party cookies enable the integration of certain third-party services within websites (e.g. cookies for processing payment services).
Cookies perform various functions. Numerous cookies are technically necessary because certain website functions would not work without them (e.g., the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
Cookies that are necessary to carry out the electronic communication process, provide certain functions that you have requested (e.g., the shopping cart function), or optimize the website (e.g., cookies to measure web audience) (necessary cookies) are stored based on Art. 6 Para. 1 lit. f GDPR, unless another legal basis is specified. The website operator has a legitimate interest in storing necessary cookies to ensure the optimized provision of its services without technical errors. If consent to the storage of cookies and comparable recognition technology has been requested, processing takes place exclusively based on this consent (Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 of the Telecommunications Digital Services Data Protection Act (TDDDG); consent can be revoked at any time.
You can configure your browser so that you are informed when cookies are set and only allow cookies in individual cases, exclude the acceptance of cookies in certain cases or in general, and activate the automatic deletion of cookies when the browser is closed. Disabling cookies may limit the functionality of this website.
This Privacy Policy explains which cookies and services are used on this website.
Consent with Compliance
Our website uses the consent technology from Complianz to obtain your consent to store certain cookies on your device or the use of specific technologies and document them in compliance with data protection regulations. The provider of this technology is Complianz B.V., Kalmarweg 14-5, 9723 JG Groningen, The Netherlands (hereinafter referred to as “Complianz”).
Complianz is hosted on our servers, so no connection is made to the servers of the Complianz provider. Complianz then stores a cookie in your browser to be able to assign the issued consents or their revocation to you. The data collected in this way will be stored until you ask us to delete it, delete the Complianz cookie yourself, or the purpose for data storage no longer applies. Mandatory statutory retention requirements remain unaffected.
Complianz is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.
Server Log Files
The website provider automatically collects and stores information in server log files, which your browser automatically transmits to us. These include:
- Browser type and browser version
- Operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data will not be combined with data from other sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically correct display and optimization of its website; for this purpose, the server log files must be recorded.
Contact Form
If you use our contact form to send us an inquiry, we will store the details you enter on the form, including your contact details, in order to address your inquiry and to ask any follow-up questions that may arise. We do not pass on these data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request relates to the execution of a contract or is required to carry out pre-contractual activities. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested; consent can be revoced at any time.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage is no longer applicable (e.g., after processing your request). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.
Request by email, phone, or fax
If you contact us by email, phone, or fax, your request, including all ensuing personal data (name, request), is stored and processed by us to process your request. We do not pass on these data without your consent.
This data is processed on the basis of Art. 6 para. 1 lit. b GDPR, if your request relates to the execution of a contract or is required to carry out pre-contractual activities. In all other cases, the processing is based on our legitimate interest in the effective handling of enquiries addressed to us (Art. 6 para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if this was requested; consent can be revoced at any time.
We will retain the data you provide on the contact form until its deletion is requested, your consent for storage is revoked, or the purpose for its storage is no longer applicable (e.g., after the handling of your request has been completed). Any mandatory statutory provisions, especially those regarding mandatory data retention periods, remain unaffected.
5. Newsletter
Newsletter Data
If you would like to receive our newsletter, we require a valid email address and information that enables verification that you are the owner of the provided email address and you agree to receive this newsletter. No additional data are collected, or they are only collected on a voluntary basis. We only use this data to send the requested information and do not pass it on to third parties.
We will therefore process any data you enter onto the contact form only with your consent per Art. 6 1 lit. a GDPR). You can revoke your consent to the storage of the data as well as the use of your email address for receiving the newsletter at any time (by clicking the “unsubscribe” link in the newsletter). The data processing operations already carried out remain legally unaffected by the cancellation.
The data you provide for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe from the newsletter. We reserve the right to delete or block email addresses from our newsletter distribution list at our own discretion within the scope of our legitimate interest based on Art. 6 Para. 1 lit. f GDPR.
Data that we have stored for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your email address may be saved in a blacklist either with us or the newsletter service provider if this is necessary to prevent future mailings. The data from the blacklist is only used for this purpose and is not combined with other data. This serves both your interest and our interest in complying with the legal requirements for sending newsletters (legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR). Storage on the blacklist is not limited in time.You may object to the storage if your interests outweigh our legitimate interests.
6. Plugins and Tools
YouTube with Extended Data Protection
This website integrates videos from YouTube. Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland, is the provider of the page.
We use YouTube in the extended data protection mode. In this mode, YouTube, according to them, does not store any information about visitors to this website before they watch the video. The disclosure of data to YouTube partners is, however, not mandatorily excluded by the extended data protection mode. With this, YouTube establishes a connection to the Google DoubleClick network, regardless of whether you are viewing a video or not.
You will be linked to the YouTube servers as soon as you start a YouTube video on our website. This informs the YouTube server about which of our pages you have visited. If you are logged in to your YouTube account, YouTube allows you to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account.
In addition, YouTube can save various cookies on your device after starting a video or using comparable recognition technologies (e.g. device fingerprinting). This enables YouTube to receive information about visitors to this website. Such information is used to gather video statistics, improve user-friendliness, and prevent attempted fraud, among other things.
If applicable, starting a YouTube video may trigger further data processing operations. We have no control over this.
YouTube is used in the interest of establishing a respectible online presence. This constitutes a legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. If corresponding consent has been requested, processing proceeds exclusively based on Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes cookie storage or access to information in the user’s end device (e.g., device fingerprinting) within the meaning of TDDDG. Consent can be revoked at any time.
For more information about privacy at YouTube, please see their privacy policy: https://policies.google.com/privacy?hl=de.
The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Each DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Google Web Fonts (local hosting)
This page uses web fonts provided by Google for a uniform representation of fonts. Google fonts are installed locally. This does not establish a connection to Google services.
Further information on Google Fonts can be found at https://developers.google.com/fonts/faq and in Google’s Privacy Policy at: https://www.google.com/policies/privacy/hl=de.
Font Awesome (local hosting)
This page uses Font Awesome for uniform representation of fonts. Font Awesome is installed locally. There is no connection to Fonticons, Inc. servers.
Further information about Font Awesome can be found in Font Awesome’s Privacy Policy at: https://fontawesome.com/privacy.
Google Maps
This site uses the Google Maps service. The provider is Google Ireland Limited (hereinafter referred to as “Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
It is necessary to store your IP address to use Google Maps. This information is generally transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts to display fonts uniformly. When you access Google Maps, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
The use of Google Maps serves to make our website appealing and locate the sites indicated on the website with ease. This constitutes a legitimate interest pursuant to Art. 6 para 1 lit. f GDPR. If corresponding consent has been requested, processing proceeds exclusively based on Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes cookie storage or access to information in the user’s end device (e.g., device fingerprinting) within the terms of TDDDG. Consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. More information can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
For information on the handling of user data, please refer to Google’s Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Each DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Friendly Captcha
We use Friendly Captcha (hereinafter referred to as “Friendly Captcha”) on this website. The provider is Friendly Captcha GmbH, Am Anger 3-5, 82237 Woerthsee, Germany.
Friendly Captcha is used to check whether the data entered on this website (e.g., on a contact form) have been entered by a human or by an automated program. For this purpose, Friendly Captcha analyzes the behavior of the website visitor on the basis of various characteristics. For analysis, Friendly Captcha evaluates various information (e.g., anonymised IP address, referrer, visit time, etc.). Further information can be found at: https://friendlycaptcha.com/legal/privacy-end-users/.
The data is stored and analyzed based on Art. 6 Para. 1 lit. f GDPR. The website operator has a legitimate interest in protecting their website from abusive automated crawling and SPAM. If corresponding consent has been requested, processing proceeds exclusively based on Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 TDDDG, insofar as the consent includes cookie storage or access to information in the user’s end device (e.g., device fingerprinting) within the terms of TDDDG. Consent can be revoked at any time.
Order Processing
We have concluded a contract for order processing (AVV) to use the above-mentioned service. This is a contract prescribed by data protection laws, which ensures that the provider only processes the personal data of our website visitors per our instructions and in compliance with the GDPR.
7. Audio and Video Meetings
Data Processing
We use online conference tools, among other things, to communicate with our customers. The specific tools we use are listed below. If you communicate with us by video or audio conference via the Internet, your personal data will be collected and processed by us and the provider of the respective conference tool.
The conference tools collect all data that you provide/enter to use the tools (email address and/or your telephone number). Furthermore, the conference tools process the duration of the conference, start and end (time) of participation in the conference, number of participants, and other “context information” in connection with the communication process (metadata).
The provider of the tool also processes all technical data necessary for the processing of online communication. This includes, in particular, IP addresses, MAC addresses, device IDs, device type, operating system type and version, client version, camera type, microphone or speaker, and the type of connection.
If content is exchanged, uploaded or otherwise provided within the tool, it will also be stored on the tool provider’s servers. This content includes, but is not limited to, cloud recordings, chat/instant messages, voice mail uploaded photos and videos, files, whiteboards, and other information shared while using the service.
Please note that we do not have full control over the data processing operations of the tools used. Our options depend to a large extent on the corporate policy of the respective provider. Further information on data processing by the conference tools can be found in the privacy statements of the tools used, which we have listed below this text.
Purpose and Legal Basis
The conference tools are used to communicate with prospective or existing contractual partners or offer certain services to our customers (Art. 6 Para. 1 lit b GDPR). Furthermore, the use of the tools serves the general simplification and acceleration of communication with us or our company (legitimate interest within the terms of Art. 6 Para. 1 lit. f GDPR). Insofar as consent has been requested, the use of the relevant tools is based on this consent; the consent can be revoked at any time with effect for the future.
Storage Period
The data we collected directly via the video and conference tools will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer pertains. Stored cookies remain on your device until you delete them. The statutory retention periods remain unaffected.
We have no influence on the storage period of your data, which is stored by conference tool operators for their own purposes. For details on this, please inquire directly with the conference tool operators.
Conference tools used
We use the following conference tools:
TeamViewer
Our software support uses TeamViewer. The provider is TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göppingen, Germany. For details on data processing, please refer to TeamViewer’s Privacy Policy: https://www.teamviewer.com/de/datenschutzerklaerung/.
Order Processing
We have concluded a contract for order processing (AVV) to use the above-mentioned service. This is a contract prescribed by data protection laws, which ensures that the provider only processes the personal data of our website visitors per our instructions and in compliance with the GDPR.
Microsoft Teams
We use Microsoft Teams. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland. For details on data processing, please refer to the Microsoft Teams Privacy Policy: https://privacy.microsoft.com/de-de/privacystatement.
The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Each DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
Order Processing
We have concluded a contract for order processing (AVV) to use the above-mentioned service. This is a contract prescribed by data protection laws, which ensures that the provider only processes the personal data of our website visitors per our instructions and in compliance with the GDPR.
8. Social Media
Social media elements with Shariff
This website uses elements of social media (e.g., Facebook, X, Instagram, Pinterest, XING, LinkedIn, Tumblr).
You can usually identify the social media elements by the respective social media logos. To ensure data protection on this website, we only use these elements together with the Shariff solution. This application prevents the social media elements integrated on this website from transferring your personal data to the respective provider the first time you visit the site.
Only when you activate the respective social media element by clicking on the corresponding button will a direct connection to the provider’s server be established (consent). As soon as you activate the social media element, the respective provider receives the information that you have visited this website with your IP address. If you are logged into your respective social media account (e.g., Facebook) at the same time, the respective provider can assign the visit to this website to your user account.
Activating the plugin constitutes consent within the terms of Art. 6 Para. 1 lit. a GDPR and Section 25 Para. 1 Telecommunications Digital Services Data Protection Act (TDDDG). This consent may be revoked at any time with future effect.
The service is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 Para. 1 lit. c GDPR.
9. Analysis tools and advertising
Matomo
This website uses the open source web analysis service Matomo.
With the help of Matomo, we are able to collect and analyze data about the use of our website by website visitors. This enables us to find out, among other things, when which pages were accessed and from which region. We also record various log files (e.g. IP address, referrer, browser and operating system used) and can measure whether our website visitors perform certain actions (e.g. clicks, purchases, etc.).
This analysis tool is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the analysis of user behavior in order to optimize both its website and its advertising. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.
IP anonymization
We use IP anonymization for the analysis with Matomo. Your IP address is shortened before the analysis so that it can no longer be clearly assigned to you.
Cookie-free analysis
We have configured Matomo so that it does not store any cookies in your browser.
Hosting
We host Matomo with the following third-party provider:
Domainfactory GmbH
Neuturmstrasse 5
80331 München
Order processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which guarantees that it processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.
10. Data Processing in the Company
The current information on the processing of your data in accordance with Articles 13 and 14 of the
General Data Protection Regulation (GDPR) for interested parties and customers
can be downloaded here (in German).
11. Data processing in the employment application process
The current information on the processing of your data in accordance with Articles 13 and 14 of the
General Data Protection Regulation (GDPR) for applicants
can be downloaded here (in German).
12. Data Security
At GIS Consult GmbH, technical and organizational
security measures are used to protect your submitted data from accidental or
intentional manipulation, loss, destruction or access by unauthorised persons.
Our security measures are continuously
revised to conform with technological developments.
13. Your Rights as a Data Subject
In the context of data processing — regardless of whether your data is processed on the website, within the company, or during the application process –, you have the following rights against us concerning your personal data:
- Right to information based on Art. 15 GDPR;
- Right to rectification based on Art. 16 GDPR;
- Right to deletion based on Art. 17 GDPR;
- Right to restriction of processing based on Art. 18 GDPR;
- Right to data portability based on Art. 20 GDPR;
- Right to object to processing based on Art. 21. GDPR.
If the processing of your personal data is based on consent (Art. 6 Para. 1 lit. a GDPR), you can revoke this at any time; the legality of the data processing carried out based on consent until the revocation remains unaffected.
To exercise these rights, please send an email to: info@gis-consult.de or contact us at the address of the data protection officer mentioned above. Contact us at the same address for further questions concerning personal data. We will gladly review whether the legal requirements for the assertion of the rights of the data subject are being met.
Based on Art. 77 GDPR, you also have the right to file a complaint with a data protection supervisory authority concerning the processing of your personal data.
The responsible supervisory authority is:
LDI – State Commissioner for Data Protection and
Freedom of Information North Rhine-Westphalia
Kavalleriestrasse 2-4
40213 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle@Ldi.nrw.de
8.1 Privacy policy for our social media sites
We operate the following social media sites – the following privacy policy applies to the listed sites:
Data processing through social networks
We maintain publicly accessible profiles on social networks. You can find details on the social networks we use below.
Social networks such as Facebook, X, etc. can generally analyze your user behavior extensively when you visit their website or a website with integrated social media content (e.g., like buttons or advertising banners). Visiting our social media pages triggers numerous processes relevant to data protection. In detail:
If you are logged into your social media account and visit our social media presence, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection takes place, for example, via cookies that are stored on your device or by recording your IP address.
With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. In this way, interest-related advertising can be displayed inside and outside the respective social media presence. If you have an account with the relevant social network, interest-based advertising can be displayed on all the devices you are or were logged in.
Please also note that we cannot track all processing on social media portals. Depending on the provider, the operators of the social media portals may be able to carry out further processing operations. For details, please refer to the terms of use and privacy policies of the respective social media portals.
Legal basis
Our social media sites are designed to ensure the widest possible presence on the Internet. This constitutes a legitimate interest pursuant to Art. 6 Para. 1 lit. f GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which operators of social networks are obligated to state (e.g., consent within the terms of Art. 6 Para. 1 lit. a GDPR).
Data controller and assertion of rights
If you visit one of our social media pages (e.g., Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can exercise your rights (information, correction, deletion, limitation of processing, data transferability and complaint) both against us and the operator of the respective social media portal (e.g., against Facebook).
Please note that despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options depend to a large extent on the corporate policy of the respective provider.
Storage Period
The data collected directly by us via the social media presence will be deleted from our systems as soon as you request deletion, revoke your consent to storage, or the purpose for data storage no longer pertains. Stored cookies remain on your device until you delete them. Mandatory statutory provisions, in particular retention periods, remain unaffected.
We do not influence the storage period of your data, which is stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).
Your Rights
You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to object, to data portability and to file a complaint with the competent supervisory authority. You may also request the rectification, blocking, deletion, and, in certain circumstances, restriction of the processing of your personal data.
Social networks in detail
Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (hereinafter Meta). According to Facebook, the data collected will also be transferred to the USA and other third countries.
We have concluded an agreement on joint processing (Controller Addendum) with Meta. This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook page. This agreement can be found under the following link: https://www.facebook.com/legal/terms/page_controller_addendum
You can adjust your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Please refer to Facebook’s privacy policy for details: https://www.facebook.com/about/privacy/
The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Each DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt000000001L5AAI&status=Active
XING
We have a profile at XING. The provider is New Work SE, Dammtorstraße 30, 20354 Hamburg, Germany. For details on how they handle your personal information, see XING’s privacy policy at: https://privacy.xing.com/de/datenschutzerklaerung
LinkedIn
We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.
If you would like to deactivate LinkedIn advertising cookies, please use the following link: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.
Details on how they handle your personal data can be found in LinkedIn’s Privacy Policy: https://www.linkedin.com/legal/privacy-policy.
Instagram
We have a profile on Instagram. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission. You can find details here: https://www.facebook.com/legal/EU_data_transfer_addendum und https://de-de.facebook.com/help/566994660333381.
Details on how they handle your personal data can be found in Instagrams Privacy Policy: https://privacycenter.instagram.com/policy/.
The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Each DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/4452
Youtube
We have a profile on YouTube. The provider of this service is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Details on how they handle your personal data can be found YouTubes Privacy Policy: https://policies.google.com/privacy?hl=de.
The company is certified according to the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the United States that ensures compliance with European data protection standards for data processing in the United States. Each DPF-certified company undertakes to comply with these data protection standards. Further information can be obtained from the provider under the following link: https://www.dataprivacyframework.gov/participant/5780