Data Privacy

Data protection information of the G2K Group GmbH

The handling of your personal data is carried out in accordance with the provisions of the General Data Protection Regulation (“GDPR”) and the German federal data protection act (“BDSG”) as well as other legal requirements as the basis for a trustful business relationship with our partners, customers and suppliers. We respect the confidentiality of your personal data and guarantee the protection of your personal data by technical and organizational security measures that comply with current security standards.

1. RESPONSIBLE AND DATA PROTECTION OFFICER

1. Name and contact details of the Data Controller:

G2K Group GmbH

Karlsplatz 7
80335 Munich
+ 49 (0)30 322 915 0
info@g2k-group.com
www.g2k.ai


(hereinafter the “company” or “we”) 

2. Name of the Managing Directors
Karsten Neugebauer (CEO), Omar El Gohary (CTO)

3. Contact details of the Data Protection Officer

Königin-Luise-Str. 31
to the attention of Data Protection Officer
14195 Berlin
Germany
+ 49 (0)30 322 915 0
dsb@g2k-group.com

2. DEFINITIONS

  1. Personal data” shall mean any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (e.g. a cookie) or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. controller” shall mean the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.
  4. Special categories of personal data” means data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, health or sex life, as well as genetic data, biometric data revealing the unique identification of a natural person.

3. TYPE OF DATA

We process the following personal data:

  1. personal information such as name, identification number, date of birth, customer identity documents (including a copy of your identity card or passport), contact details that you provide us with and all details of our business relationship, such as contract data, customer ID, customer number and bank details (IBAN, BIC, bank, account holder) and payment information
  2. data when accessing our website, which is transmitted by your browser and automatically recorded by our server, such as the date and time of your visit, your IP address, data on the device with which you interact with the customer portal (e.g. browser settings; browser type, operating system, device ID), name of the file accessed and the amount of data transmitted. Additional data is only collected if you actively provide it, e.g. when registering or submitting a request.
  3. data that third parties make available to us within the scope of contract initiation or fulfilment, such as data records of contractual partners, cooperation partners and suppliers, as well as other third parties.
  4. special categories of personal data: In principle, we do not collect and process special categories of personal data. Should it be necessary in individual cases to collect or otherwise process special categories of personal data, we will always process them in accordance with the GDPR/BDSG and the relevant national regulations.

4. LEGAL BASIS FOR THE PROCESSING OF YOUR DATA

We only process your personal data if there is a legal basis in the GDPR or if you have given your consent:

  1. consent: Based on your prior explicit and voluntary consent. You have the right to revoke your consent at any time with effect for the future (Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, possibly Art. 9 para. 2 lit. a), Art. 7 GDPR)
  2. performance of a contract/pre-contractual measures: For the initiation and execution of your contractual relationship with the company (Art. 6 para. 1 sentence 1 lit. b) GDPR)
  3. protection of legitimate interests: To safeguard our legitimate interests, subject to the mandatory condition that your interests do not outweigh our own (Art. 6 para. 1 sentence 1 lit. f) GDPR)

we will only pass on your personal data to third parties if:

  1. you have given your express consent (Art. 6 para. 1 sentence 1 lit. a) GDPR)
  2. the disclosure is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your personal data (Art. 6 para. 1 sentence 1 lit. f) GDPR)
  3. in the event that there is a legal obligation to pass on the information (Art. 6 para. 1 sentence 1 lit. c) GDPR), and
  4. this is legally permissible and, pursuant to Art. 6 para. 1 sentence 1 lit. b) GDPR, necessary for the processing of contractual relationships with you.

5. PURPOSE OF THE DATA PROCESSING

We always process your personal data for a specific purpose and only process the personal data relevant for achieving this purpose (data minimization principle). We process personal data in particular for the following purposes:

  1. to fulfil the contract concluded with you and to manage our business relationship, including communication with you, as well as to handle customer service-related questions and complaints and to facilitate the management of accounts receivable
  2. to learn more about you as a customer, about the products and services you use and about other products and services you may wish to use
  3. for measures to improve our products and services and the technologies we use, including reviewing and updating our systems and processes, and for market research purposes to learn how we can improve our existing products and services or what other products and services we can offer
  4. marketing and advertising, e.g. to contact you regarding products and services that we believe may be of interest to you and to conduct marketing campaigns
  5. to carry out measures to improve and develop services and products in order to be able to offer you a customer-specific approach with tailor-made offers and products
  6. purposes for which you have given us prior consent
  7. to enter into consultation and data exchange with credit agencies (e.g. Schufa, Creditreform) to determine creditworthiness or non-payment risks, especially if the requirements of § 31 BDSG are met
  8. the assertion, exercise or defence of legal claims
  9. to guarantee IT security and IT operation
  10. managing risks

If we intend to further process your personal data for a purpose other than that for which the personal data were collected, we will provide you with information about this other purpose and any other relevant information in accordance with this Privacy Notice prior to such further processing.

6. DELETION, RETENTION PERIOD OF YOUR DATA

An operational deletion concept ensures that all your personal data is deleted in accordance with the principle of data minimization and Art. 17 GDPR.

In accordance with Art. 17 GDPR, we only retain your personal data for as long as necessary for the respective purposes for which we process your personal data. If we process personal data for several purposes, they will be automatically deleted or blocked as soon as the last specific purpose has been fulfilled, unless deletion is prevented by legal, statutory or contractual retention periods.

The commercial and tax law periods for storage or documentation are up to ten years. In addition, the storage period also depends on the statutory limitation periods according to § 195 et seq. BGB, which are up to 30 years, whereby the regular limitation period is 3 years. if the data is required for the assertion, exercise or defence of (civil) legal claims. The regular limitation period is 3 years.

Under certain circumstances, your data must also be kept longer due to official or court orders.

Furthermore, data may be stored if the European or national legislator has provided for this in EU ordinances, laws or other regulations to which the Company is subject.

7. TECHNICAL AND ORGANISATIONAL MEASURES FOR THE PROTECTION OF YOUR DATA

We process your personal data in accordance with the security requirements of Art. 32 GDPR. To this end, we have implemented appropriate technical and organisational measures that comply with recognised IT standards and are constantly monitored. In this way, we ensure that your data is adequately protected against misuse or any other unauthorised data processing at all times. Personal data that you transmit to us via our website is transmitted in encrypted form. We use Secure Socket Layers (SSL) encryption technology for this purpose.

8. DATA TRANSMISSION TO THIRD PARTIES

We may also transfer your personal data to third parties for the purposes described in this data protection information as well as within the scope of legal obligations to provide information and to report. This includes companies and institutions in the following categories:

  • Tax consultants/auditing firms
  • Authorities
  • Insurance
  • Collection agencies and lawyers
  • Suppliers
  • Public bodies and institutions (e.g. social security institutions, supervisory authorities, etc.) if there is a corresponding obligation/authorisation

In the course of fulfilling our business relationship, we also transfer your personal data to subcontractors (order processors) who support us in handling our business processes. These subcontractors process your data according to our instructions “on behalf” on the basis of a so-called contract for processing on behalf of us. We use contract processors of the following categories:

  • Internet provider
  • (IT) service provider
  • IT provider
  • Tracking service provider
  • Credit institutions and payment service providers

Transmisión de datos a Estados no miembros de la UE

Cuando los datos se procesen en países fuera de la UE o del Espacio Económico Europeo (“EEE”), la empresa se asegurará de que sus datos personales se procesen de acuerdo con las normas europeas de protección de datos. Si el tercer país no tiene un nivel de protección de datos reconocido como adecuado por la Comisión Europea, nos aseguraremos, antes de la divulgación, de que el receptor pueda demostrar un nivel adecuado de protección de datos conforme al  Art. 44 et seq. GDPR (por ejemplo, a través de la autocertificación del destinatario o de que acordamos con el destinatario las denominadas cláusulas contractuales estándar de la Unión Europea).

Use of references to social media (Facebook and others)

On our website we link to the social media platforms Facebook and LinkedIn. This is done via appropriately designated buttons on our website, behind which a corresponding link to our corresponding social media presence is hidden. 

Our links to the social media services do not transfer any data from you to these services. These are normal hyperlinks, via which no data is regularly transmitted. If you click on the link, you will be redirected directly to our social media presence at the respective social media service (independent third-party provider, not affiliated with the G2K Group GmbH). Data will only be transferred if you are logged in to your user account on the relevant social media service. When clicking on the links, you yourself are responsible for the transfer of data to the aforementioned social network services, as by logging into your respective social network account and following the respective link, you yourself become active and thus initiate the subsequent data processing by the respective social network service.

Responsible for the social network services linked by us are:

  • For facebook: Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland
  • For LinkedIn: LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA

Further information about the purpose and scope of data collection and about the further processing and use of your data by the respective social media service can be found in the data protection regulations of the respective service. These are available on the Internet:

Facebook: https://www.facebook.com/about/privacy
LinkedIn: https://www.linkedin.com/legal/privacy-policy  

Among other things, you will also find information on setting options for protecting your privacy and on your further rights regarding the collection, processing and use of your data by the respective social media service.

Social plugins (such as the Facebook “Like” button) are not integrated on our website.

Facebook fan page

The G2K Group operates a fan page together with Facebook as a jointly responsible party in accordance with Art. 26 GDPR. The person responsible for processing personal data, if a data subject lives outside the USA or Canada, is Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

During a visit to our fan page, personal data of the users is collected, e.g. through the use of cookies. The data collection is primarily carried out by Facebook. Visitors to this fan page who are not logged in or registered with Facebook are also recorded.

In what way Facebook uses the data from the visit of Facebook pages for its own the extent to which activities on the Facebook page are used for individual purposes users, how long Facebook will store this data and whether data from a visit to the Facebook page to third parties, will not be passed on to third parties by Facebook not conclusively and clearly named and is not known to us. When accessing a Facebook page, the IP address assigned to your end device is sent to Facebook. According to Facebook, this IP address is anonymized (for “German” IP addresses). Facebook also stores information about the terminal equipment of its users (e.g. in the context of the “login notification” function); if applicable, Facebook is thus an assignment of IP addresses to individual users possible.

Information about data collection and further processing by Facebook can be found in Facebook’s privacy policy also Information on how to manage or delete information about you: https://facebook.com/about/privacy/

If you are currently logged in to Facebook as a user, there is a cookie with your Facebook ID on your device. This allows Facebook to understand that you have visited this page and how you have used it. This also applies to all other Facebook pages. Using Facebook buttons embedded in websites, Facebook is able to record your visits to these pages and assign them to your Facebook profile. This data can be used to tailor content or advertising to you.

If you wish to avoid this, you should log off from Facebook or use the deactivate the function “stay logged in”, the cookies available on your device and exit and restart your browser. This way, Facebook-Information by which you can be directly identified is deleted. Thus you can use our Facebook page without revealing your Facebook identification will. When you access interactive features of the site (I like, comment, Share, Messages, etc.), a Facebook login screen appears. After a possible login, you are once again recognisable to Facebook as a specific user.

In individual cases, the G2K Group can only view the information in your profile that you have made public. You can decide which information is public in your Facebook settings. Furthermore, in your Facebook settings (https://www.facebook.com/settings?tab=privacy), you have the option of actively hiding your “likes” or no longer following the fan page. Then your profile will no longer appear in the list of fans on this fan page.

Some of the data collected by Facebook during the use will also be made available to the G2K Group as a statistical analysis in anonymised form. This statistical analysis only applies to the visits to our Facebook page. These are aggregated values that do not allow conclusions to be drawn about individual users. The evaluation includes the following data:

  • Number of likes of our posts
  • Number of comments on our posts
  • Number of people who have reached a contribution
  • Number of times a post has been shared
  • Number of times a post has been clicked
  • Number of times a photo has been viewed
  • Number of times a link has been clicked
  • Number of times a post has been hidden
  • Number of times all posts have been hidden
  • Number of times a post has been reported as spam
  • Number of times the user has been clicked that the page is no longer liked by the user

This information provided by Facebook to the G2K Group is anonymised and cannot be associated with you by us. However, this does not necessarily mean that the data collection and processing of data at Facebook itself is carried out anonymously.

We use these statistics, from which we cannot draw conclusions about individual users, to constantly improve our online offering on Facebook and to better respond to the interests of our users. The legal basis for these usage statistics is Art. 6 para.1 lit. f) GDPR.

We cannot link the statistical data with the profile data of our fans. You can decide via your Facebook settings in which form targeted advertising is displayed to you.

The G2K Group only receives concrete personal data via Facebook if you actively communicate this to us via a personal message on Facebook. We then use your data (e.g. first name, surname, …) to answer your request in our customer service. Your data will be stored in our CRM system for this purpose. This takes place on the legal basis of Art. 6 para.1 lit. a) GDPR. You must give your consent to the processing of the personal data used in this context before we process them. In this context, a reference to this data protection information is also provided.

This applies in the same way if you send us your request via a Facebook form.   

Since in the case of a fan page, both Facebook and the fan page operator, in this case the G2K Group, are jointly responsible under Art. 26 GDPR, we have a Joint-Controllership agreement with Facebook:

Facebook Page Controller Addendum: https://www.facebook.com/legal/terms/page_controller_addendum

We hereby inform you about how you can exercise your rights as a data subject:

If you have any questions about the data specifically collected by Facebook, please contact Facebook directly:  https://www.facebook.com/about/privacy

If you have any questions regarding the Insights data processed by the G2K Group, please contact our data protection officers (see 1. Who is your contact (responsible) for your data protection concern); the other rights of data subjects can be found in chapter X.

LinkedIn company page

The G2K Group operates a company page together with LinkedIn as a jointly responsible party in accordance with Art. 26 GDPR. The operating company of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. The responsible for processing personal data, if a data subject lives outside the USA or Canada, is LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland.

During a visit to our company page, personal data of the users is collected, e.g. through the use of cookies. The data collection is primarily carried out by LinkedIn. Visitors to this fan page who are not logged in or registered with LinkedIn are also recorded. Information about data collection and further processing by LinkedIn can be found in LinkedIn’s privacy policy.

https://www.linkedin.com/legal/privacy-policy

In individual cases, the G2K Group can only view the information in your profile that you have made public. You can decide which information is public in your LinkedIn settings.

The G2K Group has no direct access to the user data collected by LinkedIn. Instead, we only receive highly condensed, i.e. anonymous evaluations from LinkedIn, e.g:

  • Followers: Number of people following the G2K Group – including growth and development over a defined time frame.
  • Reach: Number of people who see a specific post. Number of interactions on a contribution. From this it can be deduced, for example, which content is better received in the community than others.
  • Ad performance: How many people have seen an ad?
  • Demographics: Average age of visitors, gender, location, language.

We use these statistics, from which we cannot draw conclusions about individual users, to constantly improve our online offering on LinkedIn and to better respond to the interests of our users. The legal basis for these usage statistics is Art. 6 para.1 lit. a) GDPR. You must give your consent to the processing of the personal data used in this context before we process them. In this context, a reference to this data protection information is also provided.

We cannot link the statistical data with the profile data of our followers. You can decide via your LinkedIn settings in which form targeted advertising is displayed to you.

Since in the case of a company page, both LinkedIn and the company page operator, in this case the G2K Group, are jointly responsible under Art. 26 GDPR, weh ave concluded an agreement with LinkedIn:

LinkedIn Joint Controller Addendum: https://legal.linkedin.com/pages-joint-controller-addendum

You can exercise your rights to the data specifically collected by LinkedIn by contacting:  https://www.linkedin.com/legal/privacy-policy.

If you have any questions or concerns regarding the Insights data processed by the G2K Group, please contact our data protection officers (see I. Responsible and Data Protection Officer); the other rights of data subjects can be found in chapter X.

9. INDIVIDUAL DATA COLLECTIONS

Automated decision making

We do not use automated decision making according to Art. 22 GDPR. Should we use these procedures in individual cases, we will inform you of this separately within the framework of the statutory provisions.

Google Web Fonts

Our website uses so-called web fonts, which are provided by Google, for the uniform display of fonts. The Google Fonts are installed on our server. A connection to servers of Google does not take place therefore.

10. DATA COLLECTION ON OUR WEBSITE

1. Visit of the website

a) Categories of data:

When you call up our website, data is automatically stored in the server statistics (so-called server log files), which your browser automatically transmits to us. This information is temporarily stored in a so-called log file. The following information is recorded without your intervention and stored until it is automatically deleted:

  • Date and time of the retrieval
  • IP address of the accessing device or server
  • Request details and destination address
  • Name of the retrieved file and transferred data volume
  • Message whether the retrieval was successful
  • Name of your Internet service provider
  • Information about the browser type and version used
  • the operating system of the user
  • For data protection reasons, the IP address is anonymised in the log files, the log files in which this data is contained.

b) Processing purpose:

We process the above data for the following purposes:.

  • Ensuring a smooth connection of the website
  • Guarantee a comfortable use of our website
  • Evaluation of system security and stability
  • for administrative purposes

c) Legal basis for the data processing:

Art. 6 para. 1 sentence 1 lit. f) GDPR. Our legitimate interest follows from the data collection purposes listed above.

d) Deletion of your data:

For security reasons (e.g. to clarify acts of abuse) the log file information is stored anonymously by the provider for a short period of time and deleted when it is no longer required.

2. Activities via the website

a) Categories of data:

When you register for an event, subscribe to our newsletter, send an application or use one of our web contact forms, you will be asked to provide us with some of your personal information.

These data processed in this process are in addition to the data collected when you access the website:

  • First and last name
  • E-mail address
  • Company name
  • Position
  • The IP address of the user
  • Date and time of registration

b) Purpose of processing:

The processing of personal data provided by you is necessary to process your request, to communicate with you and to conduct our business.

c) Legal basis for the data processing

The legal basis for the data processing is your consent according to Art. 6 para. 1 sentence 1 lit. a) GDPR.

Enquiries: For the processing of data, your consent will be obtained in advance by opt-in and reference will be made to this privacy policy. By activating the checkbox and sending the contact form or inquiry, you agree to the transmission and storage of your personal data and IP address in accordance with Art. 6 Para. 1 lit. a GDPR.

Newsletter: The double opt-in procedure is used for the newsletter, i.e. after your registration we will send you an e-mail to the e-mail address provided, which contains a link to the final registration. Your confirmation ensures that the newsletter has also been ordered by you. Only by confirming the link in the e-mail will your data for the newsletter be stored for the duration of your use of our newsletter offer.

Events: If you register for an event via our event form, your personal data will be collected, stored and processed by us for the purpose of organizing and conducting the event. You declare your consent to this by sending the registration form.

d) Deletion periods:

Enquiries: We store your data only for the purpose of processing your request. Your data will be deleted after it has been processed, at the latest after four weeks, unless the request results in new processing purposes (e.g. a contractual relationship) with other legal retention periods.

Newsletter: If you do not confirm the registration of the newsletter in the double opt-in procedure, your data will be deleted after 48 hours.

Events: Your data will be deleted at the latest 30 days after your visit. You can unsubscribe from the newsletter at any time using the links contained in our messages or by sending an e-mail to marketing@g2k-group.com with the subject “UNSUBSCRIBE”. The data provided by you will be deleted.

3. First Party Cookies: Functional Cookies

Cookies are small text files that are automatically created by your browser and stored on your end device (PC, laptop, tablet, smartphone or similar) when you visit our site. First Party Cookies are cookies that are set directly from our website.

a) Categories of data

Our website uses so-called session cookies. The use of session cookies, which are technically necessary cookies (functional cookies) for our Internet services, serves to make the use of our offer more pleasant for you. Session cookies store data about your visit to the website and thus increase its user-friendliness: If you visit our site again, your entries and settings from your first visit are automatically applied so that you do not have to enter them again.

The following data is stored and transmitted in the cookies:

  • Language settings
  • Log-in information
  • Shopping cart information

Please also read the section “Google Analytics”.

b) Purpose of processing

The purpose of using technically necessary cookies is to simplify the use of websites for users.

c) Legal basis for the data processing

The data processed by session cookies are required for the above-mentioned purposes in order to safeguard our legitimate interests in accordance with Art. 6 para. 1 sentence 1 lit. f) GDPR, namely to provide our services in a form that enables user-friendly perception of the online offer and to provide certain functions such as the shopping basket function. The storage of log files serves the integrity and security of the website.

d) Duration of storage

The session cookies are temporary cookies and are automatically deleted when you close the browser.

e) Possibility of opposition and removal (opt-out)

Most browsers automatically accept cookies. You can object to the use of cookies at any time with effect for the future by changing the settings in your browser so that it does not accept any cookies or only certain cookies or by informing you as soon as cookies are sent. Already stored cookies can be deleted at any time. This can also be done automatically. Every browser differs in the way it manages the cookie settings. This is described in the help menu of each browser, which explains how you can change your cookie settings.

You can find these for each browser under the following links:

If cookies are deactivated for our website, it is possible that not all functions of the website can be used to their full extent.

If you use our website with several terminals, you must object to the use of each terminal.

4. Google Analytics

For the purpose of customer-oriented advertising, we create pseudonymised user profiles using Google Analytics, a web analysis service of Google USA. Google Analytics and Google Analytics 360 is operated by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (hereinafter “Google USA”). First Party Cookies are used to provide the service.

a) Categories of data

The following data categories are collected by Google Analytics:

  • the anonymized IP address of the calling system of the user
  • the website accessed
  • the website from which the user has accessed the accessed website (referrer)
  • the subpages that are called from the called web page
  • the time spent on the website
  • the frequency of access to the website the time of the server request

This information generated by the cookie about your use of this website may be transmitted to Google servers located in the USA or Google may receive access to data from the USA. We have activated IP anonymisation on this website (“anonymizeIP”), so that your IP address will be shortened by Google within member states of the European Union or in other states which are party to the Agreement on the European Economic Area. In exceptional cases, the full IP address will be transferred to a Google server and shortened there. It cannot be ruled out that data processing may take place outside the scope of EU law. The appropriate level of data protection is guaranteed by Google USA:

Google USA has undertaken to comply with the EU-U.S. Privacy Shield Agreement published by the U.S. Department of Commerce on the collection, use and storage of personal data from EU member states. Google Analytics and Google Analytics 360 are ISO 27001 certified.

We have concluded an agreement with Google USA on order processing, which obliges Google to handle your data in accordance with data protection regulations.

When accessing our website, the user is informed about the use of Google Analytics and his or her consent to the processing of personal data used in this context is obtained. In this context, reference is also made to this data protection information.

Google Analytics stores information about which pages you visit, how long you are on the website, from which page you came and what you click. This Analytics data is collected in the pages of our website, but is not linked to personal information, so this information cannot be used to identify you personally. The IP address transmitted by your browser in the context of Google Analytics is not combined with other data from Google. Only after the anonymisation described above is an evaluation of user behaviour carried out.

b) Purpose of processing

Optimisation of our respective web offer by personalisation/individualisation of the offer as well as recognition and allocation of characteristics of the users in the case of advertising-financed offers.

c) Legal basis for the data processing

The legal basis for data processing is based on your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR, which we obtain from you via opt-in before you use the website.

d) Google’s data protection position

Further information on Google’s data protection position with regard to its analysis service can be found at http://www.google.com/intl/en_uk/analytics/privacyoverview.html

5. Third Party Cookies

Third party cookies are cookies that are placed on your computer by external websites whose services are used on this website.

We integrate content or services from third parties within our online offer. When integrating third-party content, the IP address of the user is transmitted to the third-party provider. In addition, the providers of the third-party content set their own cookies (third party cookies). When calling up our website, the user is informed about the use of third party cookies for analysis purposes and his/her consent to the processing of the personal data used in this context is obtained. In this context, reference is also made to this data protection information.

a) Purpose of processing

The processing purpose for this is a user-friendly design of the website and our offered products and services.

b) Legal basis for the data processing

The legal basis for data processing is your consent in accordance with Art. 6 Para. 1 Sentence 1 lit. a) GDPR, which we obtain from you by opt-in before you use the website.

We currently use services from the following third party providers, to which the statements in section 4 above apply:

Youtube Videos

On some of our websites we embed Youtube videos. The company providing the service on de.youtube.com in the European Economic Area and Switzerland is Google Ireland Limited. 

The videos are embedded in “extended privacy mode”. This means that only when you play the videos will a connection be established between your browser and a server of the operator in the USA. The following information about your visit and your IP address is stored there:

  • Date and time of retrieval
  • IP address of the accessing device or server
  • Request details and destination address
  • Called up page
  • Information about the browser type and version used
  • the operating system of the user

The data transfer takes place regardless of whether you have a user account with YouTube or Google. If you have a user account and are logged in at YouTube or Google, your data will be directly assigned to your account. To avoid this, you must log out before activating the button. Google stores your data as user profiles. You have a right of objection to this, which you must exercise against Google.

Data protection and data security: https://www.alphabet.com/en-ww/privacy-policy.

Before using the YouTube video, users must give their consent to the processing of personal data used in this context. In this context, reference is also made to this data protection information.

Use of script libraries (Google Webfonts)

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries from Google Web Fonts (www.google.com/webfonts) on this website. Google Web fonts are cached in your browser to avoid multiple loading. If your browser does not support Google Web Fonts or prevents access, content will be displayed in a default font.

Calling up script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – although it is currently unclear whether and for what purposes – that the operators of such libraries collect the following data.

The following information about your visit and your IP address will be saved there:

  • Date and time of retrieval
  • IP address of the accessing device or server
  • Request details and destination address
  • Called up page
  • Information about the browser type and version used
  • the operating system of the user
  • Data protection and data security: see the information on Google Maps.

Google Recaptcha

We include the function for detecting bots, e.g. for entries in online forms (“ReCaptcha”). Provider is Google Ireland Limited.

The following information about your visit and your IP address will be saved there:

  • Date and time of retrieval
  • IP address of the accessing device or server
  • Request details and destination address
  • Called up page
  • Information about the browser type and version used
  • the operating system of the user

Data protection and data security: see the information on Youtube.

Possibility of opposition and removal (opt-out): You can object to the use of this information at any time with effect for the future here: https://adssettings.google.com/authenticated

11. DATA SUBJECT RIGHTS AND YOUR RIGHT OF APPEAL TO THE SUPERVISORY AUTHORITY

As a person affected by the processing of your personal data, you can assert the following rights with us in accordance with the GDPR and the BDSG (“data subject rights”):

1. Data subject rights

a) Right to information in accordance with Art. 15 GDPR:

You have the right to request information about your stored personal data, in particular

  • the processing purposes
  • the categories of data
  • the recipients to whom your data are transferred, in particular recipients in third countries or international organisations
  • the planned storage period or, if not possible, the criteria for determining this period
  • the existence of a right to rectify or erase data or to limit processing or a right to object to such processing
  • the existence of a right of appeal to a supervisory authority
  • the origin of the data, if we have not collected it directly from you
  • the existence of automated decision making, including profiling, in particular meaningful information about the logic involved and the scope and intended impact of such processing on the data subject
  • the appropriate guarantees in accordance with Art. 46 GDPR when transferring your data to a third country or to an international organisation.

The exceptions according to § 34 BDSG apply.

b) Right of rectification under Art. 16 GDPR

You can demand from us the immediate correction of incorrect personal data concerning you and if necessary the completion of incomplete personal data.

c) Right of cancellation according to Art. 17 GDPR

You can request us to delete your personal data, provided that the legal requirements for this are met. This may be the case if

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed
  • you revoke your consent, which is the basis of the data processing, and there is no other legal basis for the processing
  • you object to the processing of your personal data and there are no legitimate overriding reasons for processing, or you object to data processing for direct marketing purposes
  • the personal data were processed unlawfully
  • the deletion of the data is necessary to comply with a legal obligation under Union or national law
  • the data relating to information society services offered have been collected in accordance with Art. 8 para. 1 GDPR

The exceptions of Art. 17 para. 3 GDPR and the supplements according to § 35 BDSG apply here.

d) Right to limit processing in accordance with Art. 18 GDPR

You may request us to limit the processing of your personal data if

  • you dispute the accuracy of the personal data, for as long as we need to verify the accuracy of the data
  • the processing is unlawful and you object to the deletion of your personal data and request instead the restriction of its use
  • we no longer need your personal data, but you need it to assert, exercise or defend legal claims
  • you have lodged an objection to the processing as long as it is not yet clear whether our legitimate reasons outweigh yours

e) Right to data transferability according to Art. 20 GDPR

Upon your request, we will provide you with your personal data that you have provided to us in a structured, common, machine-readable format so that you can transfer it to another responsible party. However, you will only have this right if the data processing is based on your consent or is necessary to perform a contract and the processing is carried out using automated procedures.

f) Right of revocation according to Art. 7 para. 3 GDPR

You have the right to revoke your consent to us at any time. As a result, we will no longer continue to process the data that was based on this consent in the future.

g) Right of appeal under Art. 21 GDPR

If your personal data are processed on the basis of legitimate interests in accordance with Article 6 para. 1, first sentence, lit. f) of the GDPR, you have the right to object to the processing of your personal data for reasons relating to your particular situation or to direct marketing, or to profiling, in so far as it relates to such direct marketing. In the event of an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for processing which outweigh your interests or we need your personal data for the purpose of exercising or defending legal claims.

The exception of § 37 BDSG applies to profiling.

If you wish to make use of your right of revocation or objection, an e-mail to dsb@g2k-group.com is sufficient.

2. Complaint to the Supervisory Authority

They also have the right to complain to a supervisory authority in accordance with Art. 77 GDPR. As a rule, you can turn to the supervisory authority of your usual place of residence or workplace.

3. Time limits for the fulfilment of rights of persons concerned

We always respond to requests within one month. However, this period may be extended if necessary due to the specific rights of the person concerned or the complexity of your request. In this case we will inform you of the reasons for this within the one-month period.

As of: 01.05.2021