Go to content

Privacy Policy

Privacy Statement from GANTNER Ltd.

1 Privacy notice
This privacy notice serves as an explanation of the manner, scope, and purpose of processing personal data (hereinafter “data”) as part of our online presence and the websites, functions, and content associated with this, as well as external online presences, such as our social media profiles. (Hereinafter mutually referred to as “online content”). With regard to the terms used, such as “processing” or “controller”, we refer to the definitions given in Art. 4 of the General Data Protection Regulation (GDPR).

1.1  Controller
GANTNER Electronic GmbH
Bundesstr. 12
6714 Nüziders, Austria
Contact: info@gantner.com

1.2 Data protection officer

Belgium / Netherlands / UK:
Rozendaalstraat 53
8900 Ypres, Belgium
Contact: privacy@gantner.be

GANTNER Electronic GmbH Deutschland
Michael Kniehöfer
Industriestr. 40f
44894 Bochum, Germany
Contact: datenschutz@gantner.de

Graf Consultings GmbH
Karwendelstr. 7
86949 Windach, Germany
Contact: datenschutz@gc-gmbh.com

1.3 Types of data processed:
  • Contact data (e.g. name, email, telephone numbers)
  • Usage data (e.g. websites visited, interest in content, access times)
  • Meta/communication data (e.g. device information, IP addresses)

1.4 Categories of data subjects
Visitors and users of the online content.

1.5 Purpose of processing
  • Provision of the online content, its functions and content
  • Responding to contact inquiries and communication with users
  • Security measures

1.6 Terms used
“Personal data” refers to any information relating to an identified or identifiable natural person (hereinafter “data subject”); a natural person is considered as identifiable if they can be identified directly or indirectly, in particular by means of assignment to an identifier such as a name, to an identification number, to location data, to an online identifier (e.g. cookie), or to one or more particular characteristics that are the expression of the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person. “Processing” refers to any process carried out with our without the use of automated procedures or any such series of processes in connection with personal data. The term is applied broadly and includes practically any handling of data.

2  Relevant legal basis
In accordance with Art. 13 GDPR, we would like to inform you about the legal basis for our data processing. If the legal basis is not specified in the privacy notice, the following applies: The legal basis for obtaining consent is Article 6 Para. 1 (a) and Art. 7 GDPR, the legal basis for processing in the performance of our services and the execution of contractual measures, as well as for responding to inquiries, is Art. 6 Para. 1 (b) GDPR, the legal basis for processing in order to fulfill our legal obligations is Art. 6 Para. 1 (c) GDPR, and the legal basis for processing in order to safeguard our legitimate interests is Article 6 Para. 1 (f) GDPR. In the event that crucial interests of the data subject or any other natural person require the processing of personal data, Art. 6 Para. 1 (d) GDPR serves as the legal basis.

2.1 Cooperation with contractual processors and third parties
If, as part of our processing, we disclose data to other persons and companies (order processors or third parties), transmit data to them, or otherwise grant access to the data, this is done only on the basis of a legal permission (e.g. if a transmission of the data to third parties, or to payment service providers, pursuant to Art. 6 Para. 1 (b) GDPR is necessary to fulfill a contract), which you have granted, a legal obligation requires this, or on the basis of our legitimate interests (e.g. when commissioning agents, web hosters, etc.). Provided that we commission third parties to process data on the basis of so-called “order processing agreements”, this is carried out on the basis of Art. 28 GDPR.

2.2 Transmissions to third countries
If we process data in a third country (meaning outside the European Union (EU) or the European Economic Area (EEA)) or in the context of using third party services or disclosing or transmitting data to third parties, this will only be done to fulfill our (pre)contractual obligations, on the basis of your consent, on the basis of a legal obligation, or on the basis of our legitimate interests. Subject to legal or contractual allowances, we will process data in a third country only if the special conditions of Art. 44 (ff) GDPR exist. This means that processing will only occur on the basis of specific guarantees, such as the officially recognized level of EU data protection (e.g. the Privacy Shield for the USA) or in compliance with officially recognized special contractual obligations (so-called “standard contractual clauses”).

2.3 Rights of the data subject
You have the right to request confirmation on whether related data is processed as well as information on this data and further information on copies of the data in accordance with Art. 15 GDPR. According to Art. 16 GDPR, you have the right to request completion of data that pertains to you or correction of incorrect data that pertains to you. According to Art. 17 GDPR, you have the right to request the immediate erasure of data that pertains to you, or, according to Art. 18 GDPR, request a limitation on processing this data. You have the right to demand that data pertaining to you, which you have provided to us, be obtained in accordance with Art. 20 GDPR and request its transmission to other responsible parties. You also have the right, according to Art. 77 GDPR, to submit a complaint to relevant regulatory authorities. You can exercise your rights at any time by emailing the following address: datenschutz(@)gc-gmbh.com or datenschutz(@)gantner.de

2.4 Right of revocation
You have the right, according to Art. 7 Para 3. GDPR, to revoke consent given with effect for the future.

2.5 Right of objection
You can refuse the future processing of data pertaining to you at any time according to Art. 21 GDPR. In particular, you may object to processing for purposes of direct advertising.

2.6 Cookies and right of refusal for direct advertising
Cookies are small files that are saved to a user’s computer. Various pieces of information can be stored in cookies. A cookie primarily serves to save information on a user (or the device on which the cookie is stored) during or after a user makes use of online content. Temporary cookies, or session cookies or transient cookies, are cookies that are erased after a user leaves a website and closes their browser. Such a cookie may contain, for example, the contents of a shopping cart on an online shop or a login status. “Permanent” or “persistent” cookies remain saved even after the browser is closed. This allows the login status to be saved if the user visits again after several days. These cookies can also contain the user’s interests, which are used to measure reach or for marketing purposes. Third-party cookies are cookies that are provided by parties other than the data controller administering the online content (otherwise, when speaking of just the controller’s cookies, the term “first-party cookie” is used). We use temporary and permanent cookies and provide an explanation of such as part of our privacy notice. If the user does not want their cookies to be saved to their device, we request that they deactivate the corresponding option in their browser settings. Saved cookies can be deleted in your browser’s settings. Preventing the use of cookies can lead to limited functionality with respect to this online content. Various services provide information on how to make a general objection to the use of cookies used for online marketing purposes, especially in the case of tracking: via the US website http://www.aboutads.info/choices/ or the EU site http://www.youronlinechoices.com/. In addition, you can turn off the saving of cookies in your browser settings. Please note that this may prevent you from making full use of this online content.

2.7 Erasure of data
We erase the data we process, or limit the processing of such, in accordance with Art. 17 and 18 GDPR. Unless explicitly stated in this privacy statement, the data we store will be deleted as soon as it is no longer necessary for its intended purpose and this deletion does not conflict with any statutory storage requirements. If this data is not deleted because it is required for other and legally-permitted purposes, its processing will be limited. This means that the data will be locked and not used for other purposes. This also applies to data that must be stored for commercial or tax reasons. According to legal requirements in Germany, this storage period is 6 years in particular according to § 257 Para. 1 HGB (trading books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents, etc.) and 10 years according to § 147 Abs. 1 AO (books, records, management reports, accounting documents, commercial and business letters, tax documents, etc.). According to legal requirements in Austria, this storage is 7 years in particular according to § 132 Para. 1 BAO (accounting documents, receipts/invoices, accounts, documents, business papers, statement of income and expenses, etc.), 22 years in connection with real estate, and 10 years in the case of documents related to electronically supplied services, telecommunications, broadcasting and television services provided to non-EU companies in EU Member States for which the Mini-One-Stop-Shop (MOSS) is used.

2.8 Hosting
The hosting services we utilize serve to provide the following services: Infrastructure and platform services, computing capacity, storage space, and database services, security services, as well as technical maintenance services that we utilize for the purpose of administering this online content. Here, we, or our hosting providers, process inventory data, contact data, content data, contract data, usage data, and meta and communication data of customers, interested parties, and visitors to this online content on the basis of our legitimate interests in the efficient and secure provision of this online content pursuant to Art. 6 Para. 1 (f) GDPR in connection with Art. 28 GDPR (closing of order processing agreement).

2.9 Collection of access data and log files
We, or our hosting provider, collects data on every access to the server on which this service is located (so-called server log files) on the basis of our legitimate interests in the sense of Art. 6 Para. 1 (f) GDPR. This access data includes the name of the web page retrieved, file, date, and time of retrieval, amount of data transferred, notification of successful retrieval, browser type and version, the user’s operating system, referrer URL (the page previously visited), IP address, and the requesting provider. Log file information is stored for security purposes (e.g. to investigate abusive or fraudulent activities) for a maximum of 7 days and then deleted. Data whose further storage is required for evidence purposes is excluded from erasure until the incident is finally resolved.

3 Making contact
When contacting us (e.g. via the contact form, email, telephone, or social media), the user’s information is processed in order to handle and settle the contact request in accordance with Art. 6 Para. 1 (b) GDPR. The user’s information may be saved in a customer relationship management system (“CRM-System”) or similar inquiry organization system. We delete requests as soon as they are no longer required. We review their necessity every two years. In addition, legal archiving obligations apply.

4 Newsletter
The following information serves to inform you of the content of our newsletter and the registration, distribution, and statistical evaluation processes, as well as your right to object. By subscribing to our newsletter, you provide your agreement to receive such and your agreement with the processes described. Content of the newsletter: We send out newsletters, emails, and other electronic messages with advertising information (hereinafter “newsletter”) only with the consent of the recipient or legal permission to do such. If the content of a newsletter is concretely described when subscribing to the newsletter, this content is decisive for the consent of the user. Apart from that, our newsletters contain information on us and our services. Double opt-in and logging: Interested parties register for our newsletter via a so-called double out-in procedure. This means that, after registration, they receive an email requesting confirmation of their registration. This confirmation is necessary to prevent anyone from registering with email addresses that are not their own. Registrations to the newsletter are logged in order to substantiate the registration process in accordance with legal requirements. This includes saving the time of registration and confirmation as well as the IP address. Similarly, changes to your data stored with the dispatch provider will be recorded. Registration data: When registering for the newsletter, all you need to provide is your email address. We will also request that you optionally provide your name for the purpose of personally addressing the newsletter. Germany: The dispatch of the newsletter and related performance measurement is based on the recipient’s consent according to Art. 6 Para. 1 (a), Art. 7 GDPR in connection with § 7 Para. 2 Clause 3 UWG, or on the basis of legal permission pursuant to § 7 Para. 3 UWG. The registration process is recorded on the basis of our legitimate interests according to Art. 6 Para. 1 (f) GDPR. Our interest is based on the use of a user-friendly and secure newsletter system that both serves our commercial interests and meets the expectations of the user, as well as allowing us to prove consent. Cancellation/revocation – You can cancel the receipt, or revoke your consent, of our newsletter at any time. You can find a link to unsubscribe from the newsletter at the bottom of every newsletter. We may save the email addresses provided for up to three years on the basis of our legitimate interests, before we erase them for the purpose of sending out the newsletter, in order to provide evidence of prior consent. The processing of this data is limited to the purpose of potential defense against claims. You may request an individual erasure at any time, provided the former existence of consent is confirmed at the same time.

4.1 Newsletter – dispatch provider
The newsletter is distributed by the dispatch provider MailChimp, a newsletter distribution platform from the US provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. You can view the dispatch provider’s privacy policy here: https://mailchimp.com/legal/privacy/. The Rocket Science Group LLC d/b/a MailChimp is certified under the Privacy Shield Framework and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TO6hAAG&status=Active). The dispatch provider is used on the basis of our legitimate interests pursuant to Art. 6 Para. 1 (f) GDPR and an order processing agreement pursuant to Art. 28 Para. 3 Clause 1 GDPR. The dispatch provider can use the recipient’s data in a pseudonymized form, meaning without assignment to a user, in order to optimize or improve its own services, e.g. for the technical optimization of distribution and presentation of the newsletter, or for statistical purposes. However, the dispatch provider does not use the data of our newsletter recipients in order to write to them itself or to provide the data to third parties.

4.2 Newsletter – performance measurement
The newsletters contain a so-called “web beacon”, meaning a pixel-sized file that is called up from our server when the newsletter is opened, or that is called up from the dispatch provider’s server if we are using one. When this beacon is called, technical information, such as information on your browser and system, as well as your IP address and the time of access, is collected first. This information is used for technical improvements of the services using technical data or target groups and their reading behavior using the location of the request (which is determined using the IP address) or access times. Statistical analyses also include a determination of whether the newsletter is opened, when it is opened, and which links are clicked. This information can be assigned to the individual newsletter recipients for technical reasons. However, it is not our intention nor, if used, that of the dispatch provider, to monitor individual users. These evaluations serve to help us determine the reading habits of our users and adapt our content to them, or send them different content based on their interests.

5 Links to other websites
This privacy notice applies only to our own internet presence. The web pages of this presence may contain links to third-party websites. Our privacy notice does not apply to these websites. When you leave our website, we recommend carefully reading the privacy policy of each individual website that collects personal data.

6 Online presences in social media
We maintain online presences on social networks and platforms in order to communicate there with active customers, interested parties, and users, and to inform them there of our services. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of the respective operators apply.
Unless otherwise specified in our privacy notice, we process user data if they communicate with us on social networks and platforms, e.g. if they submit posts on our online presence or send us messages.

7 Google Analytics
On the basis of our legitimate interests (meaning an interest in the analysis, optimization, and efficient administration of our online content in the sense of Art. 6 Para. 1 (f) GDPR), we use Google Analytics, a web analysis service from Google LLC (“Google”). Google uses cookies. The information derived from cookies on how a user uses the online content is normally sent to a Google server in the USA and saved there. Google is certified under the Privacy Shield Framework and thus provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). Google will use this information on our behalf to evaluate how users use our online content, to compile reports on actions taken within this online content, and to provide us with additional services related to the use of this online content and the internet. In doing so, pseudonymous usage profiles of the user can be created from the processed data . We use Google Analytics only with active IP anonymization. This means that user IP addresses are shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. Google will not match the IP address sent by the browser with other data. Users can prevent cookies from being saved via the corresponding setting in their browser software; users can also prevent the collection, on the part of Google, of the data generated by the cookie concerning how they use this online content, as the processing of this data on the part of Google, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de. You can find more information on how Google uses data, as well as settings and refusal options, on Google’s websites: https://www.google.com/intl/en/policies/privacy/partners (“How Google Uses Information from Sites or Apps That Use Our Services”), http://www.google.com/policies/technologies/ads (“How Google Uses Cookies in Advertising”), http://www.google.de/settings/ads (“Control the Information Google Uses to Show You Ads”).

Valid as of April, 2020
Back to content