Data Protection Notice in accordance with GDPR
I. Name and address of the Controller
GSI Office Management GmbH
Landsberger Straße 314
Tel.: +49 89 89544 500
is the Controller as defined by the EU General Data Protection Regulation (GDPR) and other national data protection laws.
II. Name and address of the Data Protection Officer
60329 Frankfurt am Main
Tel: +49 69 949432 410
III. General information on data processing
1. Scope of processing of personal data
As a general rule, we only collect and use the personal data of users of our homepage if this is necessary to provide a functional website, our content and our services.
The personal data of our users are only collected and used after they have given their consent. An exception to this principle applies in cases where statutory regulations permit the processing of the data or it is not possible for practical reasons to obtain their prior consent.
The legal basis for processing personal data is given by:
- Art. 6 (1)(a) GDPR if consent is obtained from the data subject.
- Art. 6 (1)(b) GDPR in the case of processing which serves to fulfil a contract to which the data subject is a contracting party. Processing which is required to carry out pre-contractual steps is also covered here.
- Art. 6 (1)© GDPR in the case of processing required for the fulfilment of a legal obligation.
- Art. 6 (1)(d) GDPR if vital interests of the data subject or another natural person require the processing of personal data.
- Art. 6 (1)(f) GDPR if the processing is necessary to uphold the legitimate interests of our company or of a third party, and these are not outweighed by the interests, basic rights and fundamental freedoms of the data subject.
IV. Use of our website, General Information
1. Description and scope of data processing
Every time our website is visited, our system automatically registers the user’s data and information about their computer system. The following information is collected in the process:
- information on the browser type and version used
- the user’s operating system
- the user’s IP address
- date and time of access
- websites from which the user’s system reaches our website
- websites called up by the user’s system via our website
The data described — with the exception of the user’s IP address or other data which enable the data to be identified with a user — are described in our system’s log files. These data are not stored together with the user’s other personal data.
2. Purpose and legal basis for the data processing
Our system needs to temporarily store the IP address in order to facilitate delivery of the website to the user’s PC. To do so, the user’s IP address has to be retained for the duration of the session. The legal basis for the temporary storage of the data is given by Art. 6 (1)(f) GDPR.
It is essential for the operation of the website to register your personal data in order to deliver our website. For that reason, the user has no right of objection.
3. Length of storage
Your data will be erased as soon as they are no longer needed to meet the purpose of their collection. If your data are collected to guarantee delivery of the website, the data will be erased when the particular session is finished.
TTDPA (Ger.: TTDSG):
The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user’s terminal equipment and access to this information is the European ePrivacy Directive in conjunction with the Telecommunications and Telemedia Data Protection Act (TTDPA; Ger.: TTDSG).
Please note that the legal basis for the processing of personal data collected in this context then results from the GDPR. The relevant legal basis for the processing of personal data in each specific case can be found below the respective cookie or the respective processing itself.
The primary legal basis for the storage of information in the end user’s terminal equipment — consequently in particular for the storage of cookies — is their consent, §25 Abs.1 S.1 TTDPA (Ger.: TTDSG). Consent is given when visiting our website — although this does not have to be given, of course — and can be revoked at any time in the cookie settings.
According to §25 Abs.2 Nr.2 TTDPA (Ger.: TTDSG), consent is not required if the storage of information in the end user’s terminal equipment or access to information already stored in the end user’s terminal equipment is absolutely necessary for the provider of a telemedia service to be able to provide a telemedia service expressly requested by the user. You can see from the cookie settings which cookies are to be classified as absolutely necessary (often also referred to as “technically necessary cookies”) and therefore fall under the exception of §25 Para.2 TTDPA (Ger.: TTDSG) and therefore do not require consent.
The following data are stored and transferred in the process:
- log-in information
We point out that some functions of our website can only be offered if cookies are used. This applies to the following applications:
- identification of users
We do not employ user data collected by technically necessary cookies to prepare user profiles.
VI. Your rights / rights of the data subject
In accordance with the EU General Data Protection Regulation, you have the following rights as a data subject:
1. Right of access
You have the right to receive information from us as the controller as to whether we are processing personal data relating to yourself.
In addition, you could demand information on the following topics:
- purpose of the data processing;
- categories of personal data processed
- dthe recipients or categories of recipients to whom the personal data relating to yourself were disclosed or are still being disclosed;
- the planned duration of the storage of the personal data relating to yourself or, if no specific details can be given, the criteria for defining the length of storage;
- the existence of any right to rectification or erasure of the personal data relating to you, any right to restrict processing by the controller or any right of objection to such processing;
- the existence of any right of complaint to a supervisory authority
- all available information on the origin of the data if the personal data have not been collected from the data subject;
- the existence of an automated decision-making process including profiling in accordance with Article 22 (1) and (4) GDPR and — at least in these cases — meaningful information on the logic involved as well as the implications and specific effects of any such processing for the data subject
- Finally, you have the right to request information as to whether personal data relating to yourself are being transferred to a third country or to an international organisation. In this case, you can request information on the suitable guarantees in place in accordance with Art. 46 GDPR with respect to the transfer.
You can assert your right of information at:
GSI Office Management GmbH
Landsberger Straße 314
2. Right to rectification
Should the personal data relating to you and processed by us be incorrect or incomplete, you have a right of rectification or completion. Rectification will be performed without delay. Your right to rectification can be restricted to the extent that any such rectification may make it impossible to fulfil the research and statistical purposes or seriously hamper such work, and the restriction is necessary in order to meet such research and statistical purposes.
3. Right of restriction
The right to restrict the processing of personal data relating to yourself can be asserted in the following cases:
- the accuracy of the personal data is disputed for a length of time which will enable the controller to check their accuracy;
- the processing is unlawful, but erasure of the personal data is rejected and instead restrictions on the use of the personal data are demanded;
- the controller no longer needs the personal data for the purposes of the processing, but the data subject needs them to assert, exercise or defend legal claims, or
- the data subject has objected to the processing pursuant to Art. 21 (1) GDPR, and it has not yet been determined whether the controller’s legitimate reasons outweigh those of the data subject.
If the processing of the personal data relating to yourself has been restricted, such data may only be processed — apart from their storage — with your consent or to assert, exercise or defend legal claims or to protect the rights of another natural person or legal entity, or for reasons of an important public interest of the Union or a Member State.
If the processing has been restricted in accordance with the conditions outlined, you will be informed by us before the restriction is lifted.
Your right to restrict the processing can be limited to the extent that any such restriction may make it impossible to fulfil the research and statistical purposes or seriously hamper such work, and the limitation is necessary in order to meet such research and statistical purposes.
4. Right to erasure
If the reasons set out below apply, you can request that the personal data relating to yourself are erased immediately. The controller is obliged to erase such data without delay. The reasons are as follows:
- The personal data relating to yourself are no longer needed for the purposes for which they were collected or otherwise processed.
- The processing is governed by a consent granted under Art. 6 (1)(a) or Art. 9 (2)(a) GDPR, and you revoke the consent. A further prerequisite is that there is no other legal basis for the processing.
- You lodge an objection to the processing (Art. 21 (1) DSGVO), and there are no overriding legitimate justifications for the processing. A further option is to lodge an objection to the processing in accordance with Art. 21 (2) GDPR.
- The personal data relating to yourself are being processed unlawfully.
- Erasure of the personal data relating to yourself is required to meet a legal obligation in accordance with Union or Member State law to which the controller is subject.
- The personal data relating to yourself were collected with reference to services offered by the information society in accordance with Art. 8 (1) GDPR.
If we have published the personal data relating to yourself and we are obliged under Art. 17 (1) GDPR to erase them, we will take appropriate steps, including of a technical nature, taking into account the technology available and the implementation costs, to inform controllers responsible for data processing who are processing the personal data that you as the data subject have requested them to delete all links to these personal data or copies or duplicates of such personal data.
We point out that there is no right of erasure if the processing is necessary
- to exercise the right to free speech and information;
- zto meet a legal obligation which requires the processing in accordance with the law of the Union or that of Member States to which the controller is subject, or to perform a task which lies in the public interest or that is carried out in the exercise of official authority conferred on the controller;
- for reasons of public interest in the area of public health in accordance with Art. 9 (2) (h and i) as well as Art. 9 (3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR if the right specified in Section a) will probably render realisation of the objectives of this processing impossible or seriously compromise them, or
- to assert, exercise or defend legal claims.
5. Right to information
If you have asserted a right to rectification, erasure or restriction of processing, we are obliged to inform all recipients to whom the personal data relating to yourself have been disclosed, of such rectification or erasure of the data or restriction of the processing, unless this turns out to be impossible or is associated with a disproportionate amount of time and effort. You also have the right to be informed of these recipients.
- the processing is based on consent in accordance with Art. (6) (1)(a) GDPR or Art. 9 (2)(a) GDPR or on a contract in accordance with Art. 6 (1)(b) GDPR, and
- the processing is performed with the aid of automated procedures.
Finally, in exercising this right to data portability, you have the right to have the personal data relating to yourself transferred directly from one controller to another if this is technically feasible and no freedoms or rights of other persons are impaired in the process.
The right to data portability does not apply to the processing of personal data required for the performance of a task which lies in the public interest or is carried out in the exercise of official authority conferred on the controller.
You are entitled at any time to revoke your declaration of consent with respect to data protection laws. We point out that revocation of your consent will not affect the lawfulness of the data processed on the basis of such consent prior to its revocation.
You also have the right, for reasons stemming from your particular situation, to object at any time to the processing of personal data relating to yourself carried out on the basis of Art. 6 (1) (e) or (f) GDPR. The right of objection also applies to any profiling based on these provisions.The controller will no longer process the personal data relating to yourself unless he can show compelling, sensitive reasons for the processing which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If your personal data are processed for the purpose of direct mail marketing, you have the right to object at any time to the processing of your personal data for the purpose of such advertising. This also applies to profiling provided it is associated with such direct advertising. If you lodge an objection to processing for the purpose of direct mail marketing, the personal data relating to yourself will no longer be processed for these purposes.You are also free to exercise your right of objection in connection with the use of services of the information society (notwithstanding Directive 2002/58/EC) by means of automated procedures in which technical specifications are used.
You also have the right, for reasons resulting from your particular situation, to object to the processing of your personal data for scientific or historical research purposes or for statistical purposes under Art. 89 (1) GDPR.
Your right of objection can be restricted to the extent that any such objection may make it impossible to fulfil the research and statistical purposes or seriously hamper such work, and the restriction is necessary in order to meet such research and statistical purposes.
Under the EU General Data Protection Regulation, you also have the right not to be subject to a decision based exclusively on automated processing — including profiling — which is legally binding on you or which has a considerably adverse effect on you in some other way. An exception to this principle applies, however, if the decision
- is necessary for the conclusion or fulfilment of a contract between yourself and the controller,
- is permitted due to legal regulations of the Union or Member States to which the controller is subject, and such legal regulations contain appropriate measures for preserving your rights and freedoms as well as your legitimate interests, or
- is made with your explicit consent.
If the processing is performed within the confines of cases specified in (1) and (3), the controller will take appropriate steps to safeguard rights and freedoms as well as your legitimate interests. At the least, this includes the right to obtain the intervention of a person on the part of the controller, to present your own point of view and to challenge the decision.
The decision under (1) and (3) may not be based on special categories of personal data in accordance with Art. 9 (1) GDPR unless Art. 9 (2)(a) or (g) applies and suitable steps have been taken to safeguard rights and freedoms as well as your legitimate interests.
If you are of the view that the processing of your personal data breaches the GDPR, you have the ultimate right to complain to a regulatory authority, particularly in the member state of your place of residence, your place of work or the place where the suspected breach has been committed.
VII. Electronic contact
You will find a contact form on our homepage that you can use to contact us electronically. The data entered into the input mask are transmitted to us and stored. These data include:
- First name
- Phone number
- Content of the message
The date of the message is also stored once the message has been sent.
It is also possible to contact us via our provided email address. In this case, the user’s personal data transmitted by email will be stored.
A transfer of your data to third parties will not take place in this context; this data will be used exclusively for processing the communication record.
The legal basis for processing the data is in submitting user consent as defined in Art. 6 Section 1 lit. a GDPR. The legal basis for processing the data transmitted while sending an email is Article 6 Section 1 lit. f GDPR. If the email contact aims to conclude a contract, then additional legal basis for the processing is Art. 6 Section 1 lit. b GDPR.
Processing personal data in this context is solely for processing the contact. In the case of contact via e‑mail, this also includes the required legitimate interest in processing the data.
If further personal data are processed during the sending process, then they serve only to prevent misuse of the contact form and to ensure the security of our information technology systems.
Your data will be deleted as soon as they are no longer necessary for achieving the purpose of the inquiry. Regarding the personal data from the input form on the contact form and those sent by e‑mail, this is the case when the respective conversation with the user has ended. The conversation is ended when it can be inferred from the circumstances that the relevant facts have been finally clarified.
The additional personal data collected during the sending process will be deleted at the latest after a period of seven days.
You will have the opportunity to revoke your consent to the processing of personal data at any time. Even when contacting us by email, you can object to the storage of your personal data at any time. However, we would like to point out that in such a case, the conversation cannot continue.
All personal data stored while contacting will be deleted in this case.
VIII. Login MyGSI
As a registered customer you can log into the protected space “MyGSI” on our website with use of your user name and your personal password.
At the time of logging in the following information is collected as well:
- Username and e‑mail
- Date and time of login
- User IP
The purpose of the login is to provide a personal project room for project management.
The legal basis for processing personal data is Art. 6 para. 1 sent. 1 lit. b GDPR.
IX. Career Portal
On this website, we display job offers for which interested individuals can apply by e‑mail. Speculative applications can also be sent by e‑mail. In case of an received application, we process data from the applicant strictly for the purpose of potentially filling the relevant position.
The primary legal basis for this is Art. 88 GDPR in conjunction with § 26 para. 1 BDSG.
Within our company only personnel that is relevant to the application procedure and responsible for the decision over the application receive access to your personal data.
We delete your personal data as soon as it is no longer required for the above-mentioned purposes. If we enter into a contract of employment with an applicant, the data transmitted will be stored for the purpose of administering the employment relationship in compliance with the statutory provisions. If no contract of employment is signed with the applicant, the application documents will be deleted after 6 months at most, after notification of the rejection, provided that no other legitimate interests of the processor conflict with erasure of the applicants personal data. Other legitimate interests in this sense include, for example, a duty of proof in proceedings under the German General Equal Treatment Act (AGG).
Your personal data will not be disclosed to third parties.
You can subscribe to a free newsletter on our homepage in which we will keep you up to date on our latest interesting offers. The data which you provide in the entry window in the course of registering, will be transmitted to us.
In the process, we will collect the following data on the basis of the consent obtained from you as part of the registration process:
- First and last name
- Email address
- Your company
- IP address of the requesting processor
- Date and time of registration
Your data collected in connection with processing data for the despatch of newsletters will not be passed on. The data will be used exclusively for the despatch of the newsletter.
1. Double opt-in and log
Registration for our newsletter is made in a so-called double opt-in procedure. After registration, you will receive an email in which you are asked to confirm your registration. This confirmation is required to ensure that no-one can register with an email address that does not belong to them.
Registrations for the newsletter will be logged to enable the registration process to be verified in accordance with legal requirements. This includes storing the time of registration and confirmation as well as the IP address.
2. Legal basis
The legal basis for processing the data is given by Art. 6 (1)(a) GDPR as long as the user’s consent has been obtained. Collection of the user’s email address serves to deliver the newsletter.
3. Erasure, revocation and objection
Your data will be erased as soon as they are no longer needed to meet the purpose of their collection. Your email address will therefore be stored for as long as the subscription to the newsletter is active. You can terminate your subscription to the newsletter at any time by revoking your consent. You will find a corresponding link in every newsletter for this purpose.
We also draw your attention to the fact that you can object at any time to the future processing of your personal data in accordance with the statutory requirements set out in Art. 21 GDPR. In particular, the objection can relate to processing for the purposes of direct mail marketing.
4. Email marketing service providers
The newsletter is sent through “Brevo” (formerly Sendinblue), a newsletter despatch platform operated by Brevo, Köpenicker Str. 126, 10179 Berlin, Germany.
The email addresses of our newsletter subscribers as well as further data described in the course of these notes, are stored on the servers of Brevo. Brevo uses this information to despatch the newsletter and for evaluations on our behalf. Furthermore, according to Brevo, it can use these data to optimise or improve its own services, e.g. for the technical optimisation of the despatch process and the display of the newsletter or for business purposes to determine which countries the recipients come from. However, Brevo will not use the data of our newsletter subscribers to write to them itself or pass them on to third parties.
We trust Brevo’s reliability as well as their IT and data security. You can view the data protection provisions of Brevo here: https://www.brevo.com/legal/privacypolicy.
XI. Use of Google Analytics
This website uses the web analysis service Google Analytics to analyse the use of our website and to enable us to regularly improve it. We can use the statistics received to improve our product and to make our website more attractive to you as the user.
Cookies are stored on your computer for this evaluation. The controller saves the information thus collected exclusively on its server in Germany. You can halt the evaluation by deleting existing cookies and preventing the storage of new ones. If you prevent the storage of cookies, we point out that you may not be able to use this website in its entirety. You can prevent the storage of cookies through a setting in your browser.
We use Google Analytics with the extension “AnonymizeIP”. This means that IP addresses are processed in abbreviated form making it impossible to directly identify them with a person. The IP address transmitted from your browser by means of Google Analytics is not combined with other data collected by us.
You can find information on the data protection offered by this external supplier at https://policies.google.com/privacy.
XII. Integrating Google Maps
We use Google Maps offer on our website. This allows us to show you interactive maps right on the website and allow you to conveniently use the map feature.
By visiting the website, Google receives the information that you have accessed the corresponding subpage for our website. In addition, the information referred to in Section IV of this statement will be transmitted to Google. This is done regardless whether Google provides a user account that you are logged in to, or if there is no user account. When you’re logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your profile on Google, you must log out before activating the button. Google stores your data as usage profiles and uses them for advertising, market research and/or needs-based website design. This type of an evaluation is carried out (even for users who are not logged in) for the purpose of providing appropriate advertising and to inform other users of the social network about your activities on our website. You have a right of objection to the formation of these user profiles, and you must contact Google to exercise this right.