DATA PRIVACY

Responsible Authority:

GFA Consulting Group GmbH

Eulenkrugstraße 82
22359 Hamburg | Germany
Phone: +49 40 603 06 100
Fax: +49 40 603 06 199
E-mail: info@gfa-group.de

www.gfa-group.de

Data protection officer:

Susanne Eggers
Contact: datenschutz@gfa-group.de

Responsible authority:

Data Protection Authority of Hamburg
https://datenschutz-hamburg.de/

This Data Privacy Statement is also valid for:

GFA B.I.S. GmbH, Königswinterer Straße 827, 53227 Bonn, Germany

Projekt Consult GmbH, Eulenkrugstraße 82, 22359 Hamburg, Germany

GFA SysCom GmbH, Eulenkrugstraße 82, 22359 Hamburg, Germany

DATA PRIVACY

GFA Consulting Group GmbH, which operates this website, takes the protection of your personal data very seriously. We treat your personal data confidentially in accordance with statutory data protection regulations and this Data Privacy Statement.

It is possible to use our website without providing any personal data. Any personal data (for example name, address or email address) that is collected on our website is collected on a voluntary basis insofar as this is possible. This data will not be disclosed to any third party without your express consent.

Please note that data transmission via the internet (e.g., in the case of communication by email) may be subject to security gaps. It is not possible to protect such data completely against access by third parties.

Purpose of data collection, processing or use

GFA Consulting Group is an international, independent consulting firm in the fields of technical and developmental collaboration, with its headquarter in Hamburg. GFA activities include project planning, project management, evaluation in agriculture and forestry, resource protection, climate change and energy projects, labor and human resource development, decentralization and private sector development, water and sanitation, financial system development and health.

Within the context of these activities, personal data is collected, processed, used, and, where applicable, transmitted for the purpose of obtaining, implementing, and billing orders.

In the staff department, personal data is collected, processed, used, and, where applicable, transmitted for internal purposes (personnel and payroll management, recruitment, travel management) and also to meet the requirements under statutory obligations.

Description of affected groups and their related data / data categories

Within the context of normal business activities, addresses, contractual and payment infor-mation, and data concerning electronic information for clients, employers, consultants as well as freelance experts and employees of partner consulting companies are collected, processed, and used.

In the staff department (head office employees, visiting staff, national staff, integrated professionals, family members, applicants, former employees), additional information concerning qualifications and applications, duration of employment, remuneration, social security information, contact details, bank details, work documents are collected, processed, and used.

Recipients / categories of recipients, to whom the data may be disclosed

Responsible internal administrators (bookkeeping, accounting, contracts department, project management, telecommunications and IT); external clients (GIZ, KfW, Ministries, World Bank, EU, Asian and other development banks, etc.).

For staff management: any internal department involved in carrying out respective business processes (project management and administrative departments).

Public authorities on the basis of statutory regulations (social insurance carriers, tax authorities, health insurance companies); bank institutions (for salary transactions); creditors (in the case of wage / salary garnishment); travel agencies.

Standard periods for the deletion of data

Personal data is deleted on a regular basis when it is no longer needed to fulfill a contract, if the person in question has not provided their separate approval to retain said data or if statutory retention obligations and deadlines do not stipulate that data be retained for a longer period.

Planned transmission of data to third countries

In general, no personal data will be transmitted to third countries by electronic means. Exceptions to this are possible when there is a specific legal basis for such a transmission.

Your rights

You may at any time request information about the use of your personal data (according to § 15 DSGVO) or request the verification, correction or deletion of your personal data (§§ 16 and 17 DSGVO). You may also at any time request the restriction of the use or processing of your personal data (§§ 18 and 19 DSGVO), request the transmission of your personal data to third parties (§ 20 DSGVO), or object to the use of your personal data (§ 21 DSGVO).

If you want to exercise any of the above-mentioned rights, please send an e-mail to: datenschutz@gfa-group.de. We will endeavour to take the necessary measures as soon as possible. To that purpose, you will receive an access form to be completed, allowing you to indicate which rights you wish to exercise with regard to your personal data.

You also have the right to file a complaint against the use of your personal data. The competent complaints board is the Data Protection Supervisory Authority (Datenschutzaufsichtsbehörde) of the Free and Hanseatic City of Hamburg.

Integration of Fast.Fonts fonts

Fonts from Monotype GmbH (fonts.com or fast.fonts.net) are used for the standardised and attrac-tive presentation of our website content. Your IP address is transmitted to fonts.com when you call up the page and thus leads to the transmission of data to a third country. However, the use of web fonts is based on a legitimate interest within the meaning of Art. 6 (1) lit. F DSGVO in order to dis-play texts and fonts correctly.

Further information on these web fonts can be found at https://www.fonts.com/info/legal and in the privacy policy of Fonts.com: https://www.fonts.com/info/legal/privacy/ and in the privacy policy of Monotype GmbH: https://www.monotype.com/legal/privacy-policy/ .

Data privacy regarding the use of web analytics service Matomo

With your consent, GFA uses the open source software Matomo to analyze and statistically evaluate the use of the website. Cookies are used for this purpose. The information about website usage obtained in this way is transmitted exclusively to our servers and summarized in pseudonymous usage profiles. We use the data to evaluate the use of the website. The data collected is not passed on to third parties.

The IP addresses are anonymized (IP masking), so that an assignment to individual users is not possible.

The processing of the data is based on Art. 6 para. 1 p. 1 lit. a DSGVO. We thereby pursue our legitimate interest in optimizing our website for our external presentation.

You can revoke your consent at any time by deleting the cookies in your browser or changing your privacy settings on our website (see link "Your Cookie Settings" at the bottom of the page).

Data privacy regarding the use of Google Analytics

This website uses functions of the web analysis service, Google Analytics. The provider of that service is Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called cookies. Cookies are text files which are stored on your computer and which make it possible to analyse the use of the website. Information concerning your use of the GFA website that is generated by the cookie is sent to a Google server in the U.S.A. and stored there.

By activating IP anonymization on this website, your IP address will be truncated within Member States of the European Union or other parties to the Agreement on the European Economic Area. The full IP address will be sent to a Google server and truncated there only in exceptional cases. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports about web activity, and to provide the operator of this website with services associated with the use of this website and the Internet. The IP address transmitted within the context of Google analytics by your browser will not be merged with other data from Google.

You may refuse the use of cookies by adjusting your browser software. Please note that you may not be able to make full use of all the functions on this website after the browser adjustment. You can also prevent the data generated by the cookie from being recorded by Google (including your IP address) and prevent the data from being processed by Google by downloading and installing this browser plugin:

http://tools.google.com/dlpage/gaoptout?hl=de

Data privacy regarding the use of Google Fonts

This site uses so-called Google Fonts, which are provided by Google, for the uniform display of fonts. When you call up a page, your browser loads the required fonts into its browser cache in order to display texts and fonts correctly.
For this purpose, the browser you are using must connect to Google's servers. This enables Google to know that this website has been accessed via your IP address. The use of Google Fonts is based on Art. 6 para. 1 lit. f DSGVO. The website operator has a legitimate interest in the uniform presentation of the typeface on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) as defined by the TTDSG. The consent can be revoked at any time.
If your browser does not support Google Fonts, a standard font will be used by your computer.
You can find more information about Google Fonts at
https://developers.google.com/fonts/faq and in Google's privacy policy:
https://policies.google.com/privacy?hl=en.

Data privacy regarding the use of Google Maps

This site uses the map service Google Maps. The provider is Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to store your IP address. This information is usually transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. If Google Maps is activated, Google may use Google Fonts for the purpose of uniform display of fonts. When calling up Google Maps, your browser loads the required web fonts into its browser cache in order to display texts and fonts correctly.
The use of Google Maps is in the interest of an appealing presentation of our online offers and an easy location of the places indicated by us on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a DSGVO and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. The consent can be revoked at any time.
Data transfer to the USA is based on the standard contractual clauses of the EU Commission.Details can be found here:
https://privacy.google.com/businesses/gdprcontrollerterms/ and
https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
More information on the handling of user data can be found in Google's privacy policy:https://policies.google.com/privacy?hl=en.

Data privacy regarding the use of Facebook plugins (Like button)

The GFA website contains plugins for the social network Facebook, the provider of which is Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA. Facebook plugins on our website can be recognized by the Facebook logo or "Like” button. For an overview of the Facebook plugins, see:

http://developers.facebook.com/docs/plugins/

When you visit our website, the plugin establishes a direct connection between your browser and the Facebook server. Facebook thereby receives the information that you have visited our website using your IP address. If you click the Facebook "Like” button while you are logged in to your Facebook account, you automatically link the contents of our website to your Facebook profile. This allows Facebook to assign your visit to our website to your user account. Please note that GFA, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by Facebook. Additional information can be found in the Facebook data privacy statement:

http://de-de.facebook.com/policy.php

If you do not want Facebook to be able to assign your visit to our website to your Facebook account, please log out of your Facebook account.

Data privacy regarding the use of Instagram

Our website uses functions of Instagram. The Instagram Service is one of the Meta Platforms Ireland Limited provided Meta-products: Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland.

Meta Platforms Ireland Limited is a company registered under the laws of the Republic of Ireland. Commercial registration number: 462932 , e-mail: impressum@support.instagram.com

We would like to point out that you use this Instagram page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (for example, commenting or rating).

When you visit our Instagram page, Instagram collects, among other things, your IP address and other information that is present on your PC in the form of cookies. This information is used to provide us, as operators of the Instagram pages, with statistical information about the use of the Instagram page.

The data collected about you in this context is processed by Instagram Inc. and may be transferred to countries outside the European Union in the process. What information Instagram receives and how it is used is described in general terms by Instagram in its privacy policy:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect

Data privacy regarding the use of LinkedIn

Our website uses functions from the LinkedIn network. The provider of that service is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Each time a page of this website containing a LinkedIn functions is called up, a connection is established with the LinkedIn servers. LinkedIn is informed that you have visited our website using your IP address. If you click the Recommend button from LinkedIn and are logged in to your LinkedIn account, LinkedIn is able to assign your visit to our website to your user account. Please note that GFA, as the provider of this site, has no knowledge of the content of the data thus transmitted to or used by LinkedIn. Additional information can be found in the LinkedIn data privacy statement:

https://www.linkedin.com/legal/privacy-policy

Data privacy regarding the use of Xing

Our website uses functions of Xing network. The provider of that service is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time a page of this website containing a Xing functions is called up, a connection is established with the Xing servers. To our knowledge, no personal data is stored when doing so. In particular, no IP address is stored and usage behaviour is not evaluated.

Additional information concerning data privacy and the Xing Share button can be found in the Xing data privacy statement:

https://privacy.xing.com/en/privacy-policy

Server log files

The provider of this website automatically collects and stores information in so-called server log files which your browser automatically transmits to us. This information includes:

  • Browser type/ browser version
  • Operating system being used
  • Referrer URL
  • Host name of accessing computer
  • Time of server request

The data thus collected cannot be connected to a specific person. The data is not merged or compared with data from other sources. We reserve the right to subsequently examine this data if concrete evidence of unlawful use is made known to us.

Cookies

Parts of this website use so-called cookies. Cookies will not harm your computer and do not contain any virus. Cookies are used to make our offer more user-friendly, effective, and safe. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are "session cookies". Session cookies are automatically deleted at the end of your visit. Other cookies are stored on your computer until you delete them. These cookies make it possible for us to recognize your browser the next time you visit our website.

The data is processed according to Art. 6 paragraph 1 (f) of the EU General Data Protection Regulation (GDPR) with the legitimate interest of analyzing usage to improve the company’s website.

Regarding cookies, you can adjust the settings on your browser in different ways:

  • to be informed each time a cookie is used
  • to allow such use on a case-by-case basis
  • to prohibit the use of cookies in specific cases
  • to prohibt the use of cookies in general
  • to delete cookies when you close your browser

Deactivating cookies may limit the functionality of this website.

Contact form

If you send us an inquiry using the contact form, we shall store the information you provide in the inquiry form, including the contact information that you provide, so that we can process your inquiry, and in the case there is a follow-up inquiry. The data is processed according to Art. 6 paragraph 1 (b) of the EU GDPR for the purpose of receiving the query formulated in the contact form. This data will never be disclosed without your consent.

Objection to promotion mail

The use of the contact information included in the Legal Notice to send unsolicited advertising and informational materials is herewith prohibited. The operators of this website expressly reserve the right to take legal steps in the event that unsolicited advertising materials are sent, specifically through spam e-mail.

Newsletter data

If you would like to receive the newsletter offered on the website, we require an e-mail address from you as well as information that allows us to verify that you are the owner of the specified e-mail address and agree to receive the newsletter. Further data is not collected or only on a voluntary basis. For the handling of the newsletter, we use newsletter service providers, which are described below.

CleverReach

GFA currently uses the service provider CleverReach GmbH & Co. KG, Rastede (CleverReach). CleverReach processes your data on behalf of GFA on secure servers within the EU. GFA and CleverReach have signed an agreement on commissioned processing in accordance with the provisions of the General Data Protection Regulation. In this agreement, CleverReach agrees to provide full data protection in accordance with the European General Data Protection Regulation.

For more details, please refer to the data protection provisions of CleverReach at: https://www.cleverreach.com/de/datenschutz

Your personal data (first name, last name, gender and email address) are encrypted by CleverReach using SSL. The provision of your name and gender is voluntary and only used for the purpose of personal address. These data as well as your IP address are only stored and used for registration and for sending the GFA newsletter. They will not be passed on to third parties. Your e-mail address is encrypted by CleverReach SSL.

The legal basis for the data processing is your consent with the registration to receive our newsletter. Recipients can unsubscribe from the newsletter or revoke their consent to the storage of data at any time. The revocation can be made via a link in the newsletter itself or by sending a message to the contact person listed in the imprint.

The report data will be stored by CleverReach for a maximum of six months. Your personal data will be stored until you unsubscribe from GFA's newsletter. After cancellation, your data will be stored for a period of two weeks.