Compliance with data protection, ensuring data security and transparency in data processing are essential for our services. The following information is intended to give you a quick and easy overview of the data we collect and process from you in connection with the use of our website. You will find a detailed description in our data protection declaration, as well as in the document on your additional options for objection (data protection opt-out).
1. Who is responsible for data protection?
2. How can you reach our data protection officer?
3. What data do we process?
GISA processes personal data that we receive from you in connection with a contact or an order (e.g. via our contact form or by means of a request sent to us electronically). Specifically, the following data are processed: Identification data (e.g. name, address and contact data of the user, inquirer) or correspondence data (e.g. correspondence with you).
4. For what purpose do we process your data (purpose of processing) and on what legal basis?
a) On the basis of your consent to data processing (Art. 6 Paragraph 1 Letter a DS-GVO)
If and insofar as you have given your consent to the processing of personal data, the respective consent is the legal basis for the processing mentioned therein. This concerns, for example, the receipt of electronic information. You can revoke your consent at any time with effect for the future.
b) In the context of balancing of interests (Article 6(1)(f) DS-GVO)
Your data may also be used by us on the basis of a balancing of interests in order to safeguard our legitimate interests. This is done, for example, for the purpose of further developing services or systems, ensuring IT security and IT operations, market and opinion research, direct advertising and profiling, asserting legal claims and defending in legal disputes, preventing and investigating criminal offences, as well as risk management and fraud prevention.
c) In the context of contract performance or in the context of pre-contractual measures (Art. 6 (1) (b) DS-GVO)
If there is a contractual relationship between GISA and you, or if there are contractual negotiations or other pre-contractual relationships, GISA will process your personal data within the framework of this.
d) On the basis of legal requirements (Article 6(1)(c) of the DS-GVO)
GISA is subject to various legal obligations that entail data processing. These include, for example, tax laws, as well as in the form of statutory accounting, the fulfilment of enquiries and requirements of supervisory or law enforcement authorities, and the fulfilment of fiscal control and reporting obligations.
5. To whom do we pass on the data?
Within GISA, your data will only be passed on to those departments that need it to fulfil their contractual and legal obligations or to fulfil their respective tasks. In addition, without exception, external bodies will only receive your data if they have been contractually bound by us to their obligations as processors (Art. 28 DS-GVO) and ensure that they process your data in accordance with our instructions. These include, for example, payment service providers and service providers in the IT and logistics sector. In addition, we will only pass on data to persons who are acting on your behalf (e.g. authorised representatives) or to bodies for which you have given us your consent to transfer data.
6. Do we transfer data to third countries?
7. How long do we store your data?
GISA only stores your personal data for as long as this is necessary to provide the associated contractual or legal services. In addition, GISA is subject to various storage and documentation obligations, which result, among other things, from the German Commercial Code (Handelsgesetzbuch) as well as tax regulations (Abgabenordnung – AO). The periods of retention or documentation stipulated there are five to ten years. Finally, the storage period is also assessed according to the statutory limitation periods, which, for example, according to the German Civil Code, are usually three years, but in certain cases (e.g. in the case of work performance) can also be up to five years. If there are no contractual relationships and no statutory retention periods apply, GISA will delete your personal data after two years.
8. Is there an obligation to provide the personal data?
9. Do we access automated decision making in individual cases?
As a matter of principle, we do not use automated decision-making in accordance with Art. 22 DS-GVO to establish and conduct the business relationship. Should we use these procedures in individual cases, we will inform you of this separately.
10. To what extent do we use your data for profiling?
GISA processes your data partially automatically with the aim of evaluating certain personal aspects (so-called “profiling” according to Article 4 No. 4 DS-GVO). Profiling is used, for example, to determine your potential interest in GISA services. This evaluation is carried out using statistical methods, for example, using current customer data and past customer data. We use the results in order to be able to address you in a more demand-oriented and targeted manner.
11. What rights do you have?
You have the right to request confirmation at any time as to whether we process personal data and the right to obtain information about such personal data. In addition, you have the right to correct, delete and restrict data processing, as well as the right to object to the processing of personal data at any time, or to withdraw your consent to data processing at any time, or to request data transmission. Furthermore, you have the right to complain to a supervisory authority in the event of data protection violations.
12. Separate reference to your right of objection
1. Right of objection on a case-by-case basis
You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you, which is carried out on the basis of Article 6 paragraph 1 letter f of the DS-GVO (data processing based on a balancing of interests). This also applies to profiling based on this provision within the meaning of
Art. 4 No. 4 DS-GVO that can be used, for example, for customer advice and customer service and for sales purposes. If you lodge an objection, your personal data will no longer be processed unless GISA proves compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
2. Right to object to the processing of data for direct marketing purposes
GISA may also process your data for direct marketing purposes within the framework of the legal provisions. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, without incurring any costs other than the transmission costs according to the basic tariffs. This also applies to profiling, insofar as it is related to such direct mail. If you object to processing for the purposes of direct advertising, we will no longer process your personal data for these purposes. The objection can be made in each case without any formality. You will find the contact details under point 1.