Data Protection & Data Security at GFA Certification GmbH:
New EU General Data Protection Regulation
From 25 May 2018, the General Data Protection Regulation (GDPR) will apply directly in all member states of the European Union and will be applicable to all legal questions of data protection in the future.
Data protection is important to us
We take our task of ensuring the confidentiality of your data within the framework of applicable data protection law very seriously. The legally compliant collection, processing and use of your data is therefore of great importance to us. GFA Certification GmbH therefore uses both technical and organisational measures to protect your data against manipulation, loss, destruction or access by unauthorised persons. Our security measures are constantly being developed in line with technological progress.
To make you feel secure when visiting our website and using our online services, such as the customer portal, we would like to inform you about our data collection, processing and usage as well as our data security. In order to continuously improve our website and our customer portal and provide you offers and information tailored to your requirements and individual needs, we require your consent, which is described in the “User data” section on this page.
Our service regarding data protection
If you would like to receive further information on data protection at GFA Certification GmbH, you can access additional information on data processing in the “Public documents” area on this page.
If you wish to receive data about your personal data stored by us, you can either send us an e-mail at email@example.com or contact the company data protection officer at GFA Certification GmbH in writing. We will gladly provide you the information you need free of charge.
If we have stored incorrect data about you, please let us know so that we can correct the data.
Our external data protection officer is:
Ms Susanne Eggers
What is personal data?
Personal data is information about the factual or personal circumstances of a specific or identifiable natural person. This includes, for example, your name, your telephone number, your address and any basic data that you provide to us when making the online request for an offer via our contact form or the customer portal. Statistical data, which we collect, for example, when you are visiting our website and which cannot be directly associated with your person, are not covered here.
When and for what purpose is data collected?
In the collection, processing and use of your personal data, we strictly adhere to the statutory provisions, in particular the Federal Data Protection Act, the General Data Protection Regulation and the Telemedia Act. We collect and process/store your data regarding use of the online questionnaire, the contact form, the customer portal and the customer-satisfaction rating, for the purpose of offer and contract fulfilment, technical administration and for our own quality assurance and improvement.
Your personal data will be disclosed to third parties or otherwise transmitted only if this is necessary for the purpose of the contract, serves your care as a customer or prospect of our company, is required by law, or you previously consented.
Secure data transfer
Your personal data is securely transmitted by us using encryption. This applies to the online offer and application process as well as to the customer portal and the contact form of GFA Certification GmbH. We use the coding system SSL (Secure Socket Layer). Through technical and organisational measures, we safeguard our internet pages and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons. Nevertheless, no transmission over the internet and no storage method is 100% secure. In addition, you should always treat your access information for our customer portal confidentially and close the browser window when you have finished communicating with us, especially if you share the computer with others.
Individual offers and information
All the information we receive from you helps us to constantly improve our service and our product portfolio and to make it customer-friendly and personalised. This also allows us to send you an offer for your requested service. We use existing information such as information about the computer and connection to the internet, operating system and platform, information generated by cookies, date and time of visiting the website, and the usage behaviour on our customer portal.
If you wish to make use of our service or our product portfolio or have made use of it, you agree that GFA Certification GmbH collects, processes and uses the above-mentioned data in order to present you with special offers and services.
If you wish to object to the collection, processing or use of this data with effect for the future, you can either send us an e-mail at firstname.lastname@example.org or write to the data protection officer of GFA Certification GmbH, Alter Teichweg 15, 22081 Hamburg.
“Cookies, web and app analytics”
What are cookies?
Cookies are small files that are stored on your hard disk and that store certain settings and data for exchange with our system via your browser.
Cookies do not harm your device and do not contain viruses. Also, no personal data is stored in cookies.
Which cookies do we use and for what purpose?
How can cookies be deactivated?
You can set your browser to notify you when cookies are placed. You can also completely disable the acceptance of cookies through your browser. If you only want to accept the GFA Certification cookies, but not the cookies of our service providers, you can change the setting in your browser
Select “Block third-party cookies”.
Please note, however, that the use of certain services on our website and in the customer portal may be restricted or impossible .
Web and app analytics
To both improve our offerings and fix bugs faster, we use web/app analytics technologies. Our web/app analytics service providers can be found in the “Miscellaneous” section of this page.
As part of the use of our website, information transmitted by your browser or mobile application is anonymised/partially pseudonymised, collected and evaluated. Here, data such as browser type/version, operating system, screen resolution, IP address (is collected only anonymously and deleted immediately after use), the website from which you visit us, as well as the pages you visit with us is collected.
According to the Telemedia Act, you have the right to object to the storage of your (anonymous) visitor data for the future so that it will no longer be recorded in the future. Please use the corresponding opt-out functions under the “Miscellaneous” section on this page.
Standard deadlines for the deletion of data
Storage obligations may arise both from a contractual relationship as well as from legal regulations. The legal deadlines are usually six or ten years. After the expiration of these deadlines, the data will be deleted if it is no longer needed to fulfil the purpose of use (for example, to fulfil the contract). If personal data is not subject to retention requirements, it will be deleted if the above-mentioned purposes of storage no longer apply.
Data transmission to third countries
Transfer to third countries does not occur.
Measures to ensure the security of data processing
The processing of personal data is subject to technical and organisational security measures to protect the data from loss, destruction, manipulation and access by unauthorised persons.
Our security measures are state-of-the-art and evolve according to technological developments.
Our website uses social plugins (“plugins”) of various social networks. The plugins are recognisable by the corresponding logo and serve to pass on contents or recommendations to other users.
The plugins are inactive when entering the respective pages or mobile applications; this means that at this time no data is transmitted to the social networks. A connection is established and data is transmitted to the respective operator of the social network only when you activate the plugins by clicking and declare your consent to communication with the corresponding social network.
The purpose and scope of the data collection and the further processing and use of the data by the social networks, as well as your rights in this regard and setting options for the protection of your privacy can be found in the data protection policy of the respective social networks.
If you do not want social networks to collect data about you through cookies, you can choose to block third-party cookies in your browser settings. However, with this setting, other cross-page features may not work.
For more information on social plugins and social networking, see the “Miscellaneous” section of this page.
Service providers for web/app analysis and opt-out
We use the technologies of the following providers for the statistical evaluation of our website:
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Our website uses Google Analytics. This is a web analytics service provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA.
Google Analytics uses so-called cookies. The cookies are files. By storing cookies on your computer, Google may analyse your use of our website. This information and your IP address will be transmitted to and stored by the Google servers in the United States.
Google evaluates the information about your use of our website. It will generate reports on your activities on our website and make them accessible to us. This may also be used to offer or provide other services related to the use of our website or the use of the internet. Google may share this information with third parties, if required by law, or in the event that Google commissions third parties to carry out data processing. However, Google will never associate your IP address with other Google data.
You have the option of preventing the mentioned cookies from being stored on your computer. To do this, you must make a corresponding setting on your internet browser. However, this may give rise to the possibility that our website is only partially usable for you. You can prevent Google from collecting, transmitting and processing your data and IP address. To do this, you can download and install a plugin for your internet browser. This plugin is available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de
Alternatively, the use of third-party cookies may be disabled via a network advertising initiative deactivation page (http://www.networkadvertising.org/choices).
Facebook Inc., 1601 South California Avenue, Palo Alto, CA 94304, USA
Our website uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square Grand Canal Harbour, Dublin 2, Ireland.
We would like to point out here that you use this Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating).
When visiting our Facebook page, Facebook collects your IP address and other information which is present on your PC in the form of cookies. This information is used to provide us as the operator of the Facebook pages with statistical information on the use of the Facebook page. For more information, please contact Facebook at the following link: http://de-de.facebook.com/help/pages/insights.
The data collected about you in this context is processed by Facebook Ltd. and, where appropriate, transferred to countries outside the European Union. What information Facebook receives and how it is used is described by Facebook in general terms in its data usage policies. There you will also find information about contact options for Facebook as well as the setting options for advertisements.
The data usage policies are available at the following link:
The complete data policies of Facebook can be found here:
In which way Facebook uses the data from the visit of Facebook pages for its own purposes, to what extent activities on the Facebook page are assigned to individual users, how long Facebook stores this data and whether data from a visit to the Facebook page is forwarded to third parties is not clearly and decisively stated by Facebook and is not known to us.
When accessing a Facebook page, the IP address assigned to your device will be transmitted to Facebook. According to information provided by Facebook, this IP address is anonymised (for “German” IP addresses) and deleted after 90 days. In addition, Facebook stores information about the end devices of its users (e.g. as part of the “Login Notification” function); if applicable, assignment by Facebook of IP addresses to individual users is possible.
If you are currently logged in to Facebook as a user, you will find a cookie with your Facebook ID on your device. As a result, Facebook is able to see that you visited this page and how you used it. This also applies to all other Facebook pages. Via Facebook buttons embedded in webpages, Facebook is able to record your visits to these webpages and assign them to your Facebook profile. Content or advertising can be tailored to suit you based on this data.
If you want to avoid this, you should log out of Facebook or disable the “stay logged in” feature, delete the cookies on your device and close and restart your browser. This will delete Facebook information that can be used to immediately identify you. This allows you to use our Facebook page without revealing your Facebook ID. When you access the site’s interactive features (like, comment, share, news, etc.), a Facebook login screen appears. After login, you will be recognisable as a specific user for Facebook again.
For information on how to manage or delete existing information about you, visit the following Facebook support pages:
How does withdrawal or deactivation via the link work?
By confirming the links, a so-called opt-out cookie is set on your data carrier. Please note that deleting all cookies on your device also deletes these opt-out cookies, which means that if you wish to continue objecting to anonymised data collection, you must set the opt-out cookies again. The opt-out cookies are set per browser and device. If you visit our website from home and work or with different browsers, you must activate the opt-out cookies in the different browsers or on the different terminals.
Overview of social networks used
Our websites use the plugin of the social network Facebook, which is operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA.
You can recognise this plugin on our websites or mobile applications by the Facebook logo or the addition “recommend”.
Our website uses the buttons of the service “Twitter”. These buttons are provided by Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA. They are recognisable by terms such as “Twitter” or “Follow”, combined with a stylised blue bird. It is possible to share a post or page from this website on Twitter or to follow the provider on Twitter using these buttons.