GFA Consulting Group GmbH
22359 Hamburg | Germany
Phone: +49 (0) 40 603 06 100
Fax: +49 (0) 40 603 06 199
Data protection officer:
Data Protection Authority of Hamburg
This Data Privacy Statement is also valid for:
GFA B.I.S. GmbH
Königswinterer Straße 827
53227 Bonn | Germany
Projekt Consult GmbH
22359 Hamburg | Germany
GFA SysCom GmbH
22359 Hamburg | Germany
GFA Consulting Group GmbH, which operates this website, takes the protection of your personal data very seriously. We treat your personal data confidentially in accordance with statutory data protection regulations and this Data Privacy Statement.
It is possible to use our website without providing any personal data. Any personal data (for example name, address or email address) that is collected on our website is collected on a voluntary basis insofar as this is possible. This data will not be disclosed to any third party without your express consent.
Please note that data transmission via the internet (e.g., in the case of communication by email) may be subject to security gaps. It is not possible to protect such data completely against access by third parties.
Purpose of data collection, processing or use
GFA Consulting Group is an international, independent consulting firm in the fields of technical and developmental collaboration, with its headquarter in Hamburg. GFA activities include project planning, project management, evaluation in agriculture and forestry, resource protection, climate change and energy projects, labor and human resource development, decentralization and private sector development, water and sanitation, financial system development and health.
Within the context of these activities, personal data is collected, processed, used, and, where applicable, transmitted for the purpose of obtaining, implementing, and billing orders.
In the staff department, personal data is collected, processed, used, and, where applicable, transmitted for internal purposes (personnel and payroll management, recruitment, travel management) and also to meet the requirements under statutory obligations.
Description of affected groups and their related data / data categories
Within the context of normal business activities, addresses, contractual and payment infor-mation, and data concerning electronic information for clients, employers, consultants as well as freelance experts and employees of partner consulting companies are collected, processed, and used.
In the staff department (head office employees, visiting staff, national staff, integrated professionals, family members, applicants, former employees), additional information concerning qualifications and applications, duration of employment, remuneration, social security information, contact details, bank details, work documents are collected, processed, and used.
Recipients / categories of recipients, to whom the data may be disclosed
Responsible internal administrators (bookkeeping, accounting, contracts department, project management, telecommunications and IT); external clients (GIZ, KfW, Ministries, World Bank, EU, Asian and other development banks, etc.).
For staff management: any internal department involved in carrying out respective business processes (project management and administrative departments).
Public authorities on the basis of statutory regulations (social insurance carriers, tax authorities, health insurance companies); bank institutions (for salary transactions); creditors (in the case of wage / salary garnishment); travel agencies.
Standard periods for the deletion of data
Personal data is deleted on a regular basis when it is no longer needed to fulfill a contract, if the person in question has not provided their separate approval to retain said data or if statutory retention obligations and deadlines do not stipulate that data be retained for a longer period.
Planned transmission of data to third countries
In general, no personal data will be transmitted to third countries by electronic means. Exceptions to this are possible when there is a specific legal basis for such a transmission.
You may at any time request information about the use of your personal data (according to § 15 DSGVO) or request the verification, correction or deletion of your personal data (§§ 16 and 17 DSGVO). You may also at any time request the restriction of the use or processing of your personal data (§§ 18 and 19 DSGVO), request the transmission of your personal data to third parties (§ 20 DSGVO), or object to the use of your personal data (§ 21 DSGVO).
If you want to exercise any of the above-mentioned rights, please send an e-mail to: . We will endeavour to take the necessary measures as soon as possible. To that purpose, you will receive an access form to be completed, allowing you to indicate which rights you wish to exercise with regard to your personal data.
You also have the right to file a complaint against the use of your personal data. The competent complaints board is the Data Protection Supervisory Authority (Datenschutzaufsichtsbehörde) of the Free and Hanseatic City of Hamburg.
Data privacy regarding the use of Google Analytics
This website uses functions of the web analysis service, Google Analytics. The provider of that service is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. Cookies are text files which are stored on your computer and which make it possible to analyse the use of the website. Information concerning your use of the GFA website that is generated by the cookie is sent to a Google server in the U.S.A. and stored there.
By activating IP anonymization on this website, your IP address will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. The full IP address will be sent to a Google server and truncated there only in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about web activity, and to provide the operator of this website with services associated with the use of this website and the Internet. The IP address transmitted within the context of Google analytics by your browser will not be merged with other data from Google.
Data privacy regarding the use of Facebook plugins (Like button)
The GFA website contains plugins for the social network Facebook, the provider of which is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook plugins on our website can be recognized by the Facebook logo or "Like” button. For an overview of the Facebook plugins, see:
When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our website using your IP address. If you click the Facebook "Like” button while you are logged in to your Facebook account, you automatically link the contents of our website to your Facebook profile. This allows Facebook to assign your visit to our website to your user account. Please note that GFA, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by Facebook. Additional information can be found in the Facebook data privacy statement:
If you do not want Facebook to be able to assign your visit to our website to your Facebook account, please log out of your Facebook account.
Data privacy regarding the use of LinkedIn
Our website uses functions from the LinkedIn network. The provider of that service is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time a page of this website containing a LinkedIn functions is called up, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our website using your IP address. If you click the Recommend button from LinkedIn and are logged in to your LinkedIn account, LinkedIn is able to assign your visit to our website to your user account. Please note that GFA, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by LinkedIn. Additional information can be found in the LinkedIn data privacy statement:
Data privacy regarding the use of Xing
Our website uses functions of Xing network. The provider of that service is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time a page of this website containing a Xing functions is called up, a connection is established with the Xing servers. To our knowledge, no personal data is stored when doing so. In particular, no IP address is stored and usage behaviour is not evaluated. Additional information concerning data privacy and the Xing Share button can be found in the Xing data privacy statement:
Data privacy regarding the use of Twitter
Our website uses functions of the Twitter. The provider of that service is:
(a) for accounts within the U.S.A.:
1355 Market Street, Suite 900
San Francisco, CA 94103
(b) for accounts outside of the U.S.A.:
Twitter International Company
One Cumberland Place, Fenian Street
Dublin 2, D02 AX07 IRELAND
Each time a page of this website containing a Twitter function is called up, a connection is established with the Twitter servers. To our knowledge, no personal data is stored when doing so. In particular, no IP address is stored and usage behaviour is not evaluated.
Additional information concerning data privacy of Twitter can be found in the Twitterdata privacy statement at
Server log files
The provider of this website automatically collects and stores information in so-called server log files which your browser automatically transmits to us. This information includes:
- Browser type/ browser version
- Operating system being used
- Referrer URL
- Host name of accessing computer
- Time of server request
The data thus collected cannot be connected to a specific person. The data is not merged or compared with data from other sources. We reserve the right to subsequently examine this data if concrete evidence of unlawful use is made known to us.
Parts of this website use so-called cookies. Cookies will not harm your computer and do not contain any virus. Cookies are used to make our offer more user-friendly, effective, and safe. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are "session cookies". Session cookies are automatically deleted at the end of your visit. Other cookies are stored on your computer until you delete them. These cookies make it possible for us to recognize your browser the next time you visit our website.
The data is processed according to Art. 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR) with the legitimate interest of analyzing usage to improve the company’s website.
Regarding cookies, you can adjust the settings on your browser in different ways:
- to be informed each time a cookie is used
- to allow such use on a case-by-case basis
- to delete cookies when you close your browser
Deactivating cookies may limit the functionality of this website.
If you send us an inquiry using the contact form, we shall store the information you provide in the inquiry form, including the contact information that you provide, so that we can process your inquiry, and in the case there is a follow-up inquiry. The data is processed according to Art. 6 paragraph 1 (b) of the EU GDPR for the purpose of receiving the query formulated in the contact form. This data will never be disclosed without your consent.
Objection to promotion mail
The use of the contact information included in the Legal Notice to send unsolicited advertising and informational materials is herewith prohibited. The operators of this website expressly reserve the right to take legal steps in the event that unsolicited advertising materials are sent, specifically through spam e-mail.
If you wish to receive the newsletter offered on the website, we need your email address as well as information that would allow us to verify that you are the owner of the email address provided, and that you agree to receive the newsletter. We do not collect any additional data. This data will only be used to send the requested information and will not be disclosed to third parties. You may revoke your consent to the storage of the data, your email address and the use thereof to send the newsletter at any time by simply clicking the "Unsubscribe" button contained in the newsletter, or by writing us directly at .