Privacy Policy – GEFASOFT

I General Information
In the following, we inform you about the collection of personal data when using our website, in accordance with Art. 13 GDPR. Personal data is any data that can be related to you personally, e.g., name, address, email addresses, user behavior.
The controller according to Art. 4 para. 7 of the EU General Data Protection Regulation (GDPR) is
GEFASOFT Automatisierung und Software GmbH Regensburg
(see our imprint).
The Data Protection Officer according to the EU General Data Protection Regulation (GDPR) is Projekt 29 GmbH & Co. KG; Ostengasse 14; 93047 Regensburg (Email: anfragen@projekt29.de; Tel.: +49 (0)941 – 2986930).

II Your Rights
If personal data concerning you as a user is processed, you are considered a data subject under the GDPR. Data subjects have the following rights vis-à-vis the controller:
Right of access (Art. 15 GDPR)
Right to rectification or erasure of personal data (Art. 16, 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to notification in connection with the rectification or erasure of your personal data or the restriction of processing (Art. 19 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR)
Right to withdraw declarations of consent. The lawfulness of data processing carried out until the withdrawal remains unaffected due to the consent valid until then. (Art. 7 para. 3 GDPR)
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR)

III Hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computing capacity, storage space and database services, email dispatch, security services, and technical maintenance services that we use for the purpose of operating this online offering.
In doing so, we, or our hosting provider, process inventory data, contact data, content data, contract data, usage data, meta and communication data of customers, interested parties, and visitors to this online offering on the basis of our legitimate interests in an efficient and secure provision of this online offering in accordance with Art. 6 para. 1 lit. f GDPR in conjunction with Art. 28 GDPR (conclusion of a data processing agreement).

Our host(s) will only process your data to the extent necessary to fulfill their service obligations and will follow our instructions regarding this data.

We use the following host(s):

IN-Solution GmbH
Prüfeninger Str. 20
D – 93049 Regensburg

IV Contacting Us
a. Type and Purpose of Processing
The data you enter in the contact form will be stored for the purpose of individual communication with you. This requires providing a valid email address and your name. This serves to assign the inquiry and subsequently answer it. Providing further data is optional.
If you contact us additionally by email or phone, we will process your contact data used to respond to your request.

b. Legal Basis for Processing
The processing of your personal data is based on a legitimate interest (Art 6 para. 1 lit. f GDPR). By providing the contact form, we want to enable you to contact us easily. Your information will be stored for the purpose of processing the inquiry and for possible follow-up questions. If you contact us to request an offer, the processing of the provided data takes place for the implementation of pre-contractual measures (Art 6 para. 1 lit. b GDPR).

c. Data Categories
IP address, contact details, your message
d. Recipients
Recipients of the data are internal employees of the Marketing, Sales departments, and, if applicable, processors.

e. Storage Periods
Data will be deleted at the latest 6 months after the inquiry has been processed. If a contractual relationship arises, we are subject to statutory retention periods according to the German Commercial Code (HGB) and will delete your data after these periods have expired.

f. Legal / Contractual Requirement
The provision of your personal data is voluntary. However, we can only process your inquiry if you provide us with your name, email address, and the reason for the inquiry.

g. Third-Country Transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Right to Object
You have the right to object to the processing of your personal data at any time. You can notify us of your withdrawal at any time using the contact option provided at the beginning of this privacy policy.

i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling in this data processing.

V Application Process / Online Applications
a. Type and Purpose of Processing
On our website, you have the option to apply for advertised positions via an application form. We use the WordPress plugin “WP Job Openings” to provide and manage job postings and applications.
As part of the application process, we process the personal data you submit. This includes, in particular, your first and last name, contact details, application documents (e.g., cover letter, CV and certificates), information on qualifications and professional experience, as well as other information submitted voluntarily.
Personal data is processed exclusively for the purpose of carrying out the application process and deciding on the establishment of an employment relationship.
Applications are received via our website and stored within our WordPress system.

b. Legal Basis for Processing
Your personal data is processed to carry out pre-contractual measures and/or to decide on the establishment of an employment relationship in accordance with Art. 6 para. 1 lit. b GDPR in conjunction with Section 26 BDSG.

c. Data Categories
Contact data
Application documents
Qualification and professional data
Communication data
Other information submitted voluntarily

d. Recipients
Recipients of the data are internal employees of the responsible departments and, where applicable, processors.

e. Retention Periods
Your personal data will only be stored for as long as this is necessary to carry out the application process and no statutory retention obligations conflict with this.
After completion of the application process, your personal data will be deleted unless there is a legal basis for further storage or you have expressly consented to longer storage.

f. Statutory / Contractual Requirement
Providing your personal data is voluntary. However, without providing the required information and application documents, it is not possible to carry out the application process.

g. Third-Country Transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

h. Right of Withdrawal
You have the right at any time to object to the processing of your personal data or to withdraw consent you have given with effect for the future. To do so, it is sufficient to notify the contact details provided at the beginning of this privacy policy.

i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling as part of the application process.

VI Processing within the Business Relationship
a. Type and Purpose of Processing
We may process the personal data of our customers, prospective customers, suppliers, vendors, and partners for communication, planning, execution of the contractual relationship, marketing, administration, and security purposes.

b. Legal Basis for Processing
The processing of the provided data is based on a legitimate interest (Art. 6 para. 1 lit. f GDPR) and the fulfillment of the contract (Art. 6 para. 1 lit. b GDPR).

c. Data Categories
Contact information (full name, job title, professional email address, professional phone number, professional address)
Billing information and payment data
Further necessary information in a project or contractual relationship or information voluntarily provided to us, such as personal data relating to orders, payments, inquiries, and projects
If applicable, further data in the course of the business relationship

d. Recipients
Recipients of the data are the internal employees of the respective departments and, if applicable, the processors of the departments.

e. Retention Periods
We delete personal data when the storage of the personal data is no longer necessary for the purposes for which it was collected or processed, or to fulfill legal obligations (e.g., HGB, AO).

f. Transfer to Third Countries
Your personal data may be transferred to third parties located outside the European Union (EU) or the European Economic Area (EEA) who provide services for us, e.g., hosting services. To ensure the level of data protection in the third country, we have concluded so-called standard data protection clauses with our respective service providers.

g. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling in this data processing.

VII Website Access
a. Type and Purpose of Processing
When you access our website, i.e., if you do not register or otherwise transmit information, general information is automatically collected. This information (server log files) includes, for example, the type of browser, the operating system used, the domain name of your internet service provider, your IP address, and similar data. This is exclusively information that does not allow conclusions to be drawn about your person. It is processed in particular for the following purposes:
Ensuring a smooth connection to the website,
Ensuring comfortable use of our website,
Evaluating system security and stability, and
for other administrative purposes.
We do not use your data to draw conclusions about your person. Information of this kind may be statistically evaluated by us to optimize our internet presence and the underlying technology. Under certain circumstances, we may also use another service provider to display the privacy policy. An embedding code is used for this, through which your IP address is transmitted to the said service provider.
We process your data for a limited time based on our legitimate interest to derive personal data in the event of unauthorized access or attempted access to our servers and to properly display the privacy policy.

b. Legal Basis for Processing
Processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website.

c. Data Categories
Device, browser, operating system, location, and IP address

d. Recipients
Recipients of the data are internal employees of the Marketing and IT departments and, if applicable, processors who act as processors for the operation and maintenance of our website.

e. Storage Periods
The data will be deleted as soon as it is no longer required for the purpose of its collection. For data used to provide the website, this is generally the case when the respective session ends.

f. Legal / Contractual Requirement
The provision of the aforementioned personal data is neither legally nor contractually required. However, without the IP address, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

g. Third-Country Transfer
Processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling in this data processing.

VIII Use of Cookies
a. Type and Purpose of Processing
Like many other websites, we also use so-called “cookies”.
Cookies are simple files that store information about our web offering and your use. These small files are optionally created automatically by your browser when you use our website and are stored locally on your respective device. This does not mean that we have immediate knowledge of your identity. The use of cookies serves to make the use of our offering more pleasant for you.

Most of the cookies we use are so-called “session cookies”. They are automatically deleted after the end of your visit. Other cookies remain stored on your device for a longer period. These cookies allow us to recognize your browser on your next visit.

We generally distinguish between technically necessary and non-necessary cookies:

Technically necessary cookies (“First Party Cookies”)
are required for the operation of a website and are essential for navigating it and using its functions.

Non-necessary cookies, on the other hand, are mostly performance cookies and marketing & third-party cookies, which make it possible, for example, to record and count the number of visitors and traffic sources, thus measuring and improving the website’s performance. They also serve to find out if there are problems or errors on certain pages, which pages are most popular, and how visitors navigate the website.

Performance cookies are used to track visits and individual activities on websites. They serve to statistically record and evaluate the use of websites.
Marketing & third-party cookies originate, among others, from external advertising companies and are used to collect information about the websites visited by the user, e.g., to create target-group-oriented advertising for the user.
You can find a list of the cookies used in our cookie banner.

b. Legal Basis for Processing
The use of technically necessary cookies (“First Party Cookies”) is possible without the consent of the website visitor and is subject to a legitimate interest in the economic operation and optimization of our website and services within the meaning of Art. 6 para. 1 sentence 1 lit. f GDPR.

The use of non-necessary cookies, such as performance cookies and marketing & third-party cookies, is subject to the consent of the website visitor in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR.

c. Data Categories
IP address
Browser used
Operating system and device used
Internet connection
Session ID of the cookie
Time of visit

d. Recipients
Those mentioned in the course of the privacy policy

e. Storage Periods
The user can set their web browser to generally prevent the storage of cookies on their device or to ask each time if they agree to the setting of cookies. Once set, cookies can be deleted by the user at any time. How this works is described in the help function of the respective web browser.
A general deactivation of cookies may lead to functional restrictions of this website.

f. Legal / Contractual Requirement
The provision of your personal data in cookies is voluntary for non-necessary cookies, solely based on your consent (so-called opt-in cookies). You can also prevent the use of pre-set, technically necessary cookies (so-called opt-out cookies) via your browser settings. However, without consent, the service and functionality of our website cannot be guaranteed. In addition, individual services may not be available or may be restricted.

g. Third-Country Transfer
Processing also takes place outside the European Union (EU) or the European Economic Area (EEA). Further details can be found in the following paragraphs.

h. Withdrawal of Consent
You can withdraw your consent for all cookies at any time with effect for the future in your browser settings or change your selection in the cookie banner. To do this, you can use the “Cookie Settings” button displayed at the end of the privacy policy.

i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling when collecting cookies.

IX YouTube
a. Type and Purpose of Processing
We embed YouTube videos on some of our web pages. The operator of the corresponding plugins is YouTube, Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This informs YouTube which pages you visit. If you are logged into your YouTube account, YouTube can associate your browsing behavior with you personally. You can prevent this by logging out of your YouTube account beforehand. If a YouTube video is started, the provider uses cookies that collect information about user behavior. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the provider’s privacy policy. There you will also find further information about your rights in this regard and setting options for protecting your privacy (https://policies.google.com/privacy).

b. Legal Basis for Processing
The legal basis for the integration of YouTube and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

c. Data Categories
Device information – IP address – Referrer URL – Viewed videos

d. Recipients
Recipients of the data are internal employees of the Marketing and IT departments and YouTube as a service provider.

e. Storage Periods
Anyone who has deactivated the storage of cookies for the Google Ad program will not have to expect such cookies when watching YouTube videos. However, YouTube also stores non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in your browser. Further information on data protection at “YouTube” can be found in the provider’s privacy policy at: https://www.google.de/intl/de/policies/privacy/

f. Legal / Contractual Requirement
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may lead to functional restrictions on the website.

g. Third-Country Transfer
Processing also takes place outside the European Union (EU) or the European Economic Area (EEA). To ensure the level of data protection in this third country, we have concluded the standard data protection clauses with Google.

h. Withdrawal of Consent
You can withdraw your consent to the storage of your personal data at any time with effect for the future.

i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling in this data processing.

X Google Maps
a. Type and Purpose of Processing
On this website, we use the Google Maps service. Google Maps is operated by Google Cloud EMEA ltd. This allows us to display interactive maps directly on the website and enables you to conveniently use the map function. Further information about data processing by Google can be found in Google’s privacy policy. There you can also change your personal privacy settings in the privacy center. By visiting the website, Google receives information that you have accessed the corresponding subpage of our website. This occurs regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not wish for your profile to be associated with Google, you must log out of Google before activating the button. Google stores your data as usage profiles and uses them for purposes of advertising, market research, and/or needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles, for the exercise of which you must contact Google.

b. Legal Basis for Processing
The legal basis for the integration of Google Maps and the associated data transfer to Google is your consent (Art. 6 para. 1 lit. a GDPR).

c. Data Categories
IP address – Location information – Usage data – Date and time of visit – URLs

d. Recipients
Recipients of the data are internal employees of the Marketing and IT departments and Google as a processor.

e. Storage Periods
Data in this context will only be processed as long as the corresponding consent exists. After that, they will be deleted, unless there are legal retention obligations to the contrary. To contact us in this regard, please use the contact details provided at the beginning of this privacy policy.

f. Legal / Contractual Requirement
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may lead to functional restrictions on the website.

h. Withdrawal of Consent
If you do not want Google to collect, process, or use data about you via our website, you can deactivate JavaScript in your browser settings. In this case, however, you may not be able to use our website, or only to a limited extent. You can withdraw your consent to the storage of your personal data at any time with effect for the future.

i. Automated Decision-Making and Profiling
As a responsible company, we refrain from automated decision-making or profiling in this data processing.

j. Use of the Google Maps Static API
When using Google Maps, a call to the Google Maps Static API (gstatic.com) may occur.

XI Google Analytics
a. Type and Purpose of Processing
This website uses Google Analytics, a web analytics service provided by Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland. Google Analytics uses so-called “cookies”, which are text files stored on your computer that enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymization on these websites, your IP address will be truncated by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity, and to provide other services related to website and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The purposes of data processing are the evaluation of website usage and the compilation of reports on website activities. Further related services are then to be provided based on the use of the website and the internet.

b. Legal Basis for Processing
The processing of the entered data is based on the user’s consent (Art. 6 para. 1 lit. a GDPR).
c. Data Categories
IP address (truncated/anonymized)
Date and time of visit – Usage data – Click path – App updates – Browser information – Device information – JavaScript support – Visited pages – Referrer URL – Downloads – Flash version – Location information – Purchase activity – Widget interactions

d. Recipients
Employees of the company’s IT and Marketing departments
Google Building Gordon House, 4 Barrow Street, Dublin, D04 E5W5, Ireland

f. Legal / Contractual Requirement
The provision of your personal data is voluntary, solely based on your consent. If you prevent access, this may lead to functional restrictions on the website.

h. Withdrawal of Consent
You can withdraw your consent to the storage of your personal data at any time with effect for the future.
You can prevent the storage of cookies by adjusting your browser software settings; however, we point out that in this case, you may not be able to fully use all functions of this website. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (incl. your IP address) and from processing this data by Google by downloading and installing the available browser plugin: “Browser Add-on to deactivate Google Analytics”.

i. Automated Decision-Making and Profiling
With the help of the Google Analytics tracking tool, the behavior of website visitors can be evaluated and interests analyzed. For this purpose, we create a pseudonymous user profile.

XII Online Presences in Social Media
We maintain online presences within social networks to inform active users there about our services and to communicate directly via the platforms if interested. We are currently represented in the following networks:

LinkedIn: de.linkedin.com/company/gefasoft-automatisierung-und-software-gmbh
Facebook: de-de.facebook.com/gefasoft/
YouTube: www.youtube.com/user/Gefasoft2012
Xing: www.xing.com/pages/gefasoftautomatisierungundsoftwaregmbh

All our social media channels can only be accessed by visitors to the website via an external link. We do not use any plugins or other interfaces on our website that the respective networks offer for embedding their content on websites.
We have no influence on the data collection and its further use by the social networks. There is no knowledge of the extent, location, and duration for which the data is stored, to what extent the networks comply with existing deletion obligations, what evaluations and links are made with the data, and to whom the data is passed on. We therefore expressly point out that user data (e.g., personal information, IP address) is stored by the operators of the networks in accordance with their data usage policies and used for business purposes.
We process user data in social media presences insofar as they contact and communicate with us, for example, via comments or direct messages.
The legal basis for processing user data is Art. 6 para. 1 lit. b and f GDPR.
LinkedIn
Facebook
YouTube
Xing

Within our online offering, no functions and content of the LinkedIn service, offered by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, are integrated. The LinkedIn channels are only accessible via an external link. If visitors to our website are members of the LinkedIn platform, LinkedIn can associate the access to the social media channel with the user’s profile there if they visit the LinkedIn profile while logged in. We point out that we have no influence on the content or scope of use of the data collected by LinkedIn. For further information in this regard, we refer to LinkedIn’s privacy policy: www.linkedin.com/legal/privacy-policy
You can access the social media network Facebook via external links on our website. All functions in the social media network are offered by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. The Facebook channels are only accessible via an external link. If you are logged in to Facebook with your own profile and access our social media channel, Facebook can associate your visit with your logged-in profile. If you do not wish for your user account to be associated with your IP address, please log out of your Facebook account before using our website.
For further information on the processing of your data, we refer to Facebook’s privacy policy: facebook.com/privacy/explanation and our Facebook Fanpage Data Policy, which you will find below.

Within our online offering, no functions and content of the YouTube service, offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, are integrated. The YouTube channels are only accessible via an external link. If visitors to the website are members of the YouTube platform, YouTube can associate the access to the social media channel with the user’s profile if they visit our YouTube profile while logged in. We point out that we have no influence on the content or scope of use of the data collected by YouTube. For further information in this regard, we refer to YouTube’s privacy policy: policies.google.com/privacy. Furthermore, we want to point out that you can make appropriate changes in your YouTube account to protect your privacy.
Within our online offering, no functions and content of the Xing service, offered by New Work SE, Dammtorstraße 29-32, 20354 Hamburg, Germany, are integrated. The Xing channels are only accessible via an external link. If visitors to our website are members of the Xing platform, Xing can associate the access to the social media channel with the user’s profile there if they visit the Xing profile while logged in. We point out that we have no influence on the content or scope of use of the data collected by Xing. For further information in this regard, we refer to Xing’s privacy policy: www.xing.com/app/share

XIII Facebook Fanpage Data Policy
GEFASOFT Automatisierung und Software GmbH Regensburg operates an online presence on Facebook, a so-called Facebook Fanpage. The following information on data processing applies additionally to visits to our Fanpage. Information on data protection at Facebook in general can be found here (https://www.facebook.com/about/privacy/).
1. Joint Controllership, Contact Details, Company Data Protection Officer:
For the operation of our Facebook Fanpage, we are jointly responsible with Facebook in accordance with Art. 26 GDPR. For this purpose, we have agreed with Facebook in an agreement who fulfills which obligations with regard to data protection. This agreement can be accessed here (https://www.facebook.com/legal/terms/page_controller_addendum). According to this, Facebook is primarily responsible for providing the data subject with information about the joint processing and enabling them to exercise their data protection rights. Regardless of this, we hereby inform you about your visit to our Fanpage.
Our contact details are:

GEFASOFT Automatisierung und Software GmbH Regensburg
Franz-Mayer-Straße 10, 93053 Regensburg
info@gefasoft.com

You can reach Facebook at:
Meta Platforms Ireland Ltd.
4 Grand Canal Square,
Grand Canal Harbour,
Dublin 2, Ireland
You can reach Facebook online here (https://www.facebook.com/help/contact/2061665240770586)

You can reach our company Data Protection Officer at:
Projekt 29 GmbH & Co. KG
Ostengasse 14
D – 93047 Regensburg
Email: anfragen@projekt29.de
Tel.: 0941-2986930

You can reach Facebook’s Data Protection Officer at
www.facebook.com/help/contact/540977946302970.

2. Collection and Storage of Personal Data as well as Type and Purpose and their Use:
a) Data collected by Facebook:
If you are a Facebook user, Facebook collects the data described in the Facebook Data Policy under “What types of information do we collect?”. If you are not a Facebook user, cookies with identifiers, small text files, may still be stored in your browser, enabling so-called tracking of your user behavior.
As a rule, user data is also processed by Facebook for market research and advertising purposes when visiting Facebook. Based on user behavior (also when visiting our Fanpage), complex user profiles are created, which Facebook can use to display personalized advertisements to the visitor within and outside of Facebook. Further information on this can also be found in the Facebook Data Policy.
If you do not agree with this, you can object here (Opt-Out).

b) Data we use (“Page Insights”) and legal basis:
Facebook provides us with statistics and usage data that we can use to analyse how our fan page is used (so-called “Page Insights”). This enables us to continuously improve our offering on Facebook. As the operator, we do not make any decisions regarding the processing of Insights data, nor do we provide any further information arising from Art. 13 GDPR, such as the storage period of cookies on users’ end devices. Primary responsibility under the GDPR for the processing of Insights data lies with Facebook, and Facebook fulfils all obligations under the GDPR with regard to the processing of Insights data.
As page administrator, we have no other way—also not via user tracking—to evaluate user behaviour on our fan page. As a rule, it is also not possible for us to identify the visitor to the fan page on the basis of Page Insights. In particular, under the agreement we have no right to demand that Facebook disclose individual visitor data. We can only identify individuals if we are able to assign individual profile pictures to “Like” information for the page; however, this is only possible insofar as our fan page has been “liked” by the respective visitor and the “Like” information is set to “public”.
You can find out which information Facebook uses to create Page Insights here.
Operating the Facebook fan page and using Page Insights serves our legitimate interest in effective public presentation and efficient communication with our customers and interested parties. This interest justifies operating the page both vis-à-vis the legitimate interests of Facebook users and vis-à-vis visitors to our fan page who do not have a Facebook account. The legal basis is therefore Art. 6(1)(f) GDPR.

3. Disclosure of data to third parties:
Data collected by Facebook is exchanged and processed within the entire Facebook group. The Facebook group also includes, for example, Instagram, WhatsApp and Oculus. For example, information collected via Facebook is used to show the user personalised advertising on Instagram, or information from WhatsApp is used to take action on Facebook against accounts that send spam via WhatsApp. You can find this information in the Facebook Data Policy under “How do the Facebook Companies work together?”.
When Facebook processes data, user data may be transferred outside the European Economic Area (EEA), in particular to the USA.

4. Right to object:
If your personal data is processed on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR, you have the right, pursuant to Art. 21 GDPR, to object to the processing of your personal data insofar as there are grounds for doing so arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without requiring you to state a particular situation. If you wish to exercise your right of withdrawal or objection, an email to info@gefasoft.com is sufficient.

5. Data subject rights:
You have the right to withdraw your consent to us at any time. This means that we may no longer continue the data processing based on this consent in the future. In addition, you have the right of access under Art. 15 GDPR, the right to rectification under Art. 16 GDPR, the right to erasure under Art. 17 GDPR, the right to restriction of processing under Art. 18 GDPR, as well as the right to data portability under Art. 21 GDPR. You also have the right to lodge a complaint with a competent data protection supervisory authority (Art. 77 GDPR).
In principle, you can assert your data subject rights both against Facebook and against us. However, since only Facebook has direct access to your user data, you can exercise your data subject rights most effectively with Facebook.

LOCATION

CONTACT

SERVICE

PAGES