GFA Consulting Group GmbH
22359 Hamburg | Germany
Phone: +49 40 603 06 100
Fax: +49 40 603 06 199
Data protection officer:
Data Protection Authority of Hamburg
This Data Privacy Statement is also valid for:
GFA B.I.S. GmbH, Königswinterer Straße 827, 53227 Bonn, Germany
Projekt Consult GmbH, Eulenkrugstraße 82, 22359 Hamburg, Germany
GFA SysCom GmbH, Eulenkrugstraße 82, 22359 Hamburg, Germany
GFA Consulting Group GmbH, which operates this website, takes the protection of your personal data very seriously. We treat your personal data confidentially in accordance with statutory data protection regulations and this Data Privacy Statement.
It is possible to use our website without providing any personal data. Any personal data (for example name, address or email address) that is collected on our website is collected on a voluntary basis insofar as this is possible. This data will not be disclosed to any third party without your express consent.
Please note that data transmission via the internet (e.g., in the case of communication by email) may be subject to security gaps. It is not possible to protect such data completely against access by third parties.
Purpose of data collection, processing or use
GFA Consulting Group is an international, independent consulting firm in the fields of technical and developmental collaboration, with its headquarter in Hamburg. GFA activities include project planning, project management, evaluation in agriculture and forestry, resource protection, climate change and energy projects, labor and human resource development, decentralization and private sector development, water and sanitation, financial system development and health.
Within the context of these activities, personal data is collected, processed, used, and, where applicable, transmitted for the purpose of obtaining, implementing, and billing orders.
In the staff department, personal data is collected, processed, used, and, where applicable, transmitted for internal purposes (personnel and payroll management, recruitment, travel management) and also to meet the requirements under statutory obligations.
Description of affected groups and their related data / data categories
Within the context of normal business activities, addresses, contractual and payment infor-mation, and data concerning electronic information for clients, employers, consultants as well as freelance experts and employees of partner consulting companies are collected, processed, and used.
In the staff department (head office employees, visiting staff, national staff, integrated professionals, family members, applicants, former employees), additional information concerning qualifications and applications, duration of employment, remuneration, social security information, contact details, bank details, work documents are collected, processed, and used.
Recipients / categories of recipients, to whom the data may be disclosed
Responsible internal administrators (bookkeeping, accounting, contracts department, project management, telecommunications and IT); external clients (GIZ, KfW, Ministries, World Bank, EU, Asian and other development banks, etc.).
For staff management: any internal department involved in carrying out respective business processes (project management and administrative departments).
Public authorities on the basis of statutory regulations (social insurance carriers, tax authorities, health insurance companies); bank institutions (for salary transactions); creditors (in the case of wage / salary garnishment); travel agencies.
Standard periods for the deletion of data
Personal data is deleted on a regular basis when it is no longer needed to fulfill a contract, if the person in question has not provided their separate approval to retain said data or if statutory retention obligations and deadlines do not stipulate that data be retained for a longer period.
Planned transmission of data to third countries
In general, no personal data will be transmitted to third countries by electronic means. Exceptions to this are possible when there is a specific legal basis for such a transmission.
You may at any time request information about the use of your personal data (according to § 15 DSGVO) or request the verification, correction or deletion of your personal data (§§ 16 and 17 DSGVO). You may also at any time request the restriction of the use or processing of your personal data (§§ 18 and 19 DSGVO), request the transmission of your personal data to third parties (§ 20 DSGVO), or object to the use of your personal data (§ 21 DSGVO).
If you want to exercise any of the above-mentioned rights, please send an e-mail to: . We will endeavour to take the necessary measures as soon as possible. To that purpose, you will receive an access form to be completed, allowing you to indicate which rights you wish to exercise with regard to your personal data.
You also have the right to file a complaint against the use of your personal data. The competent complaints board is the Data Protection Supervisory Authority (Datenschutzaufsichtsbehörde) of the Free and Hanseatic City of Hamburg.
Integration of Fast.Fonts fonts
Fonts from Monotype GmbH (fonts.com or fast.fonts.net) are used for the standardised and attrac-tive presentation of our website content. Your IP address is transmitted to fonts.com when you call up the page and thus leads to the transmission of data to a third country. However, the use of web fonts is based on a legitimate interest within the meaning of Art. 6 (1) lit. F DSGVO in order to dis-play texts and fonts correctly.
Data privacy regarding the use of Google Analytics
This website uses functions of the web analysis service, Google Analytics. The provider of that service is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. Cookies are text files which are stored on your computer and which make it possible to analyse the use of the website. Information concerning your use of the GFA website that is generated by the cookie is sent to a Google server in the U.S.A. and stored there.
By activating IP anonymization on this website, your IP address will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. The full IP address will be sent to a Google server and truncated there only in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about web activity, and to provide the operator of this website with services associated with the use of this website and the Internet. The IP address transmitted within the context of Google analytics by your browser will not be merged with other data from Google.
Data privacy regarding the use of Google Fonts
This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
If your browser does not support Google Fonts, a standard font will be used by your computer.
You can find more information about Google Fonts at
Data privacy regarding the use of Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.Details can be found here:
Data privacy regarding the use of Facebook plugins (Like button)
The GFA website contains plugins for the social network Facebook, the provider of which is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook plugins on our website can be recognized by the Facebook logo or "Like” button. For an overview of the Facebook plugins, see:
When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our website using your IP address. If you click the Facebook "Like” button while you are logged in to your Facebook account, you automatically link the contents of our website to your Facebook profile. This allows Facebook to assign your visit to our website to your user account. Please note that GFA, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by Facebook. Additional information can be found in the Facebook data privacy statement:
If you do not want Facebook to be able to assign your visit to our website to your Facebook account, please log out of your Facebook account.
Data privacy regarding the use of Instagram
Our website uses functions of Instagram. The Instagram Service is one of the Meta Platforms Ireland Limited provided Meta-products: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.
Meta Platforms Ireland Limited is a company registered under the laws of the Republic of Ireland. Commercial registration number: 462932 , e-mail: firstname.lastname@example.org
We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (for example, commenting or rating).
When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page.
Data privacy regarding the use of LinkedIn
Our website uses functions from the LinkedIn network. The provider of that service is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time a page of this website containing a LinkedIn functions is called up, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our website using your IP address. If you click the Recommend button from LinkedIn and are logged in to your LinkedIn account, LinkedIn is able to assign your visit to our website to your user account. Please note that GFA, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by LinkedIn. Additional information can be found in the LinkedIn data privacy statement:
Data privacy regarding the use of Xing
Our website uses functions of Xing network. The provider of that service is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time a page of this website containing a Xing functions is called up, a connection is established with the Xing servers. To our knowledge, no personal data is stored when doing so. In particular, no IP address is stored and usage behaviour is not evaluated.
Additional information concerning data privacy and the Xing Share button can be found in the Xing data privacy statement:
Data privacy regarding the use of Twitter
Our website uses functions of the Twitter. The provider of that service is:
(a) for accounts within the U.S.A.:
(b) for accounts outside of the U.S.A.:
Each time a page of this website containing a Twitter function is called up, a connection is established with the Twitter servers. To our knowledge, no personal data is stored when doing so. In particular, no IP address is stored and usage behaviour is not evaluated.
Additional information concerning data privacy of Twitter can be found in the Twitterdata privacy statement at
Server log files
The provider of this website automatically collects and stores information in so-called server log files which your browser automatically transmits to us. This information includes:
- Browser type/ browser version
- Operating system being used
- Referrer URL
- Host name of accessing computer
- Time of server request
The data thus collected cannot be connected to a specific person. The data is not merged or compared with data from other sources. We reserve the right to subsequently examine this data if concrete evidence of unlawful use is made known to us.
Parts of this website use so-called cookies. Cookies will not harm your computer and do not contain any virus. Cookies are used to make our offer more user-friendly, effective, and safe. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are "session cookies". Session cookies are automatically deleted at the end of your visit. Other cookies are stored on your computer until you delete them. These cookies make it possible for us to recognize your browser the next time you visit our website.
The data is processed according to Art. 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR) with the legitimate interest of analyzing usage to improve the company’s website.
Regarding cookies, you can adjust the settings on your browser in different ways:
- to be informed each time a cookie is used
- to allow such use on a case-by-case basis
- to delete cookies when you close your browser
Deactivating cookies may limit the functionality of this website.
If you send us an inquiry using the contact form, we shall store the information you provide in the inquiry form, including the contact information that you provide, so that we can process your inquiry, and in the case there is a follow-up inquiry. The data is processed according to Art. 6 paragraph 1 (b) of the EU GDPR for the purpose of receiving the query formulated in the contact form. This data will never be disclosed without your consent.
Objection to promotion mail
The use of the contact information included in the Legal Notice to send unsolicited advertising and informational materials is herewith prohibited. The operators of this website expressly reserve the right to take legal steps in the event that unsolicited advertising materials are sent, specifically through spam e-mail.
If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.
This website uses CleverReach to send newsletters. The provider is CleverReach GmbH & Co. KG, Schafjückenweg 2, 26180 Rastede, Germany (hereinafter: "CleverReach"). CleverReach is a service with which the newsletter dispatch can be organized and analyzed. The data you enter for the purpose of receiving newsletters (e.g. e-mail address) is stored on CleverReach's servers in Germany or Ireland.
The data processing is based on your consent (Art. 6 para. 1 lit. a DSGVO). You can revoke this consent at any time by unsubscribing from the newsletter. The legality of the data processing operations already carried out remains unaffected by the revocation.
If you do not want any analysis by CleverReach, you must unsubscribe from the newsletter. For this purpose, we provide a corresponding link in each newsletter message.
The data you have provided to us for the purpose of receiving the newsletter will be stored by us or the newsletter service provider until you unsubscribe from the newsletter and will be deleted from the newsletter distribution list after you unsubscribe. Data that has been stored by us for other purposes remains unaffected by this.
After you have unsubscribed from the newsletter distribution list, your e-mail address may be stored by us or the newsletter service provider in a blacklist to prevent future mailings. The data from the blacklist will only be used for this purpose and will not be merged with other data. This serves both your interest and our interest in complying with legal requirements when sending newsletters (legitimate interest within the meaning of Art. 6 (1) lit. f DSGVO). The storage in the blacklist is not limited in time. You can object to the storage if your interests outweigh our legitimate interest.
For more details, please refer to the data protection provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz/.