Data protection

Privacy policy

(Last updated: 1 June 2021)

Thank you for visiting our website. We appreciate your interest in our company. We take the protection of your personal data very seriously. The following information describes the processing of your personal data when using our website www.gs1-germany.de and when establishing, performing and terminating a contract or event with us, in accordance with Articles 12, 13, 14 and 21 of the General Data Protection Regulation (GDPR).
Personal data refers to individual pieces of information relating to the personal or factual circumstances of a specific person or an identifiable person. This includes information such as the real name, address, telephone number and date of birth.

Table of contents

  1. Informational use of the website
  2. Active use of the website, conclusion of contracts and non-website-based data processing
  3. Data processing during performance of the contract
  4. Compliance with legal requirements
  5. Asserting legal rights
  1. Informational use of the website
  2. Active use of the website, as well as non-website-based enquiries, conclusion of contracts and registration for events

I. Data controller

Data controller within the meaning of the General Data Protection Regulation
GS1 Germany GmbH
Stolberger Straße 108 a
50933 Cologne
Germany
Email: info(at)gs1-germany.de
Fax: +49 221 94714-990

Contact details of our Data Protection Officer:
Thomas Happel
Maarweg 133
50825 Cologne
Germany
Email: datenschutz(at)gs1-germany.de
Fax: +49 221 94714-990

II. Purposes and legal basis of data processing

1. Informational use of the website

You can visit our website without providing any personal data. When you use our website solely for informational purposes (i.e. do not log in, register, place an order or otherwise send us any personal information), we do not process any personal data, with the exception of the data that your browser sends us in order to enable you to visit our website, as well as information that is transmitted to us from cookies for the purpose of statistically analysing the use of our website.

This cookie policy has been created and updated by CookieFirst.com.
a. Technical provision of the website

i. Purpose

To enable the technical functioning of the website, we need to process certain data from you. This data is automatically transmitted to us so that your browser can display our website and you can use the website. This information will be collected by us automatically every time you visit our website and is saved in our server log files. This information relates to the computer system that is accessing the website. The following information will be collected:

  • Host
  • User’s IP address
  • Auth name (optional)
  • Date and time of access
  • Access method (GET/POST)
  • Request
  • Protocol (e.g. http)
  • Status (e.g. error messages)
  • Data volume retrieved
  • Referral URL
  • User’s browser and operating system

We also use cookies to allow you to use our website. Cookies are text files that are stored in or by the internet browser when you access a website on your computer. A cookie contains a distinctive string of characters that enables a browser to be recognised clearly when the website is accessed again. We use these cookies solely to allow you to use our website and its technical functionalities. Without the use of cookies, certain functionalities of our website may not be available to you. We set cookies with various storage durations. Among other things, we use session cookies which are deleted when a user leaves the website. Other cookies are stored for a longer duration. For example, login cookies which save your access authorisation, are deleted automatically after 24 hours and cookies for our consent management (i.e. whether you decide to permit the use of cookies or not) are saved for up to one year.

ii. Legal basis

We process your personal data to ensure the technical functioning of our website on the following legal basis:

  • To perform a contract or to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR, insofar as you visit our website to acquire information about our products or services and events
  • To use consent management to fulfil a legal obligation we owe as the data controller within the meaning of Article 6 (1) (c) GDPR; the legal obligation concerns the information you receive about the cookies we use as well as obtaining and documenting your consent to data processing
  • To protect our legitimate interests in accordance with Article 6 (1) (f) GDPR, in order for us to be enable the technical functioning of the website; our legitimate interest consists of providing you with an attractive, technically sound and user-friendly website, and putting measures in place to protect our website from cyber risks and to prevent our website from being a source of cyber risks for third parties

b. Statistical analysis of website use, expansion of reach and advertising/tracking

i. Purpose

For the purpose of statistical analysis of the use of our website, we deploy various applications such as Google Analytics. This involves the use of cookies, which allow analysis of your surfing behaviour. This enables us to improve the quality of our website and its content. We learn how the website is used, which allows us to continually optimise our online presence.

The data collected for the purpose of statistically analysing our website is not combined with other personal data collected on our website.

In addition, we use applications such as Facebook Pixel and the associated cookies to display and optimise advertising and the associated tracking if appropriate.

Google Ads

We use Google Ads, an online advertising program, and conversion tracking as well as Google Dynamic Remarketing and Google Doubleclick. Google Conversion Tracking is an analytical service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click an ad that has been placed by Google, a conversion tracking cookie is saved to your computer. These cookies are stored for the duration stated above (see table), contain no personal data and therefore cannot be used to identify individuals. Google Dynamic Remarketing is an application to optimise the ads displayed to you based on the analysis of your interests, which are compared with the data about you collected by Google (e.g. demographic characteristics). DoubleClick is used to register your actions on the website after the ad is displayed or your clicks on a provider’s ad in order to measure the effectiveness of an ad and the display of targeted advertising.

If you visit certain pages of our website and the cookie has not yet expired, we and Google can see that you have clicked the ad and been redirected to this page. Every Google Ads customer receives a different cookie. This means that cookies cannot be tracked via the websites of Ads customers.

The information obtained using the conversion cookie is used to produce conversion statistics for Ads customers who have chosen conversion tracking. The customers are informed about the total number of users who have clicked on their ad and been redirected to a page with a conversion tracking tag. However, they receive no information that could personally identify users.

If you do not wish to participate in tracking, you can object to this use and prevent the installation of the cookies via your browser software settings (deactivation options). You will then not be included in conversion tracking statistics. In addition, you can refuse your consent to the use of cookies or withdraw your consent via our consent management (see above). You will find further information about Google’s data privacy statement at:

http://www.google.com/policies/technologies/ads/ 
http://www.google.de/policies/privacy/

Google Tag Manager

We use the Google Tag Manager on our website. This is a solution which enables marketers to manage website tags via an interface. The Google Tag Manager service itself (which implements the tags) is a cookie-less domain that does not record any personal data. It also removes other tags that could record data. Google Tag Manager does not access these data. If deactivation has been performed on domain or cookie level, it applies to all tracking tags implemented with Google Tag Manager.

Google Analytics and Google Optimize

On our website, we use Google Analytics, a web analysis service provided by Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland (a subsidiary of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), and the extension Google Optimize, which enable us to test website optimisations using the A/B process.  Google Analytics uses cookies, which are text files that are stored on your computer to enable the analysis of your use of the website. The information generated by the cookie about your use of our website is generally transferred to a Google server in the USA and stored there. However, within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area, the activation of IP anonymisation on our website means that your IP will be cropped beforehand. Only in exceptional cases will the full IP address be transferred to a Google server in the US and cropped there. On our behalf, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage for the website operator. The IP address provided by your browser to Google Analytics will not be merged with any other Google data.

We use Google Analytics with the extension _anonymizeIp() on our website. This means that IP addresses are processed in their cropped form; in other words, they cannot be directly linked back to a specific person.

You can prevent cookies from being saved by setting your browser software accordingly or by refusing or withdrawing your consent to the use of cookies via our consent management (see above). However, we would like to point out that, in this case, you may not be able to fully utilise all the functions on our website.

You can prevent Google from collecting and processing the data (including your IP address) related to your use of our website as well as the processing of this data by Google, by downloading and installing the browser plug-in available at:
http://tools.google.com/dlpage/gaoptout?hl=de

As an alternative to the browser plug-in, you can prevent Google Analytics from collecting data on our website in the future by clicking on the following link. This places an opt-out cookie on your end device. If you delete your cookies, you will need to click on this link again.

Deactivate Google Analytics Tracking for this Website.

Further information about the Terms of Use and Data Protection Policy of Google Analytics can be found at
http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/

Hotjar

Hotjar is a service which analyses users’ behaviour and feedback on websites via a combination of analytical and feedback tools. Using Hotjar gives us an overall picture of how user experience and website performance could be improved. To this end, we have integrated a tracking code which transfers data to servers located in Ireland (EU).

The tracking code contacts the Hotjar servers and sends a script to the computer or end device you use to access our website. The script records certain data relating to the user’s interaction with the website. These data are sent to the Hotjar servers for processing. You can find further information at  Technical Information. The sole purpose of recording this data is to improve your experience using our website. Hotjar-based websites use cookies to record non-personal data including standard IP data and information about behaviour patterns when visiting a Hotjar-based website. This is done so we can offer you a better user experience, recognise preferences, diagnose technical problems, analyse developments and generally optimise a website. In particular, the following data are collected and processed:

  • IP address of the end device (this is recorded and stored in anonymised form)
  • Resolution of the monitor/end device display
  • Type of end device (individual end device identification characteristics, operating system and browser type)
  • Geographical location (country only)
  • Preferred language when viewing a Hotjar-based website

The following information is recorded in connection with user interactions:

  • Mouse events (movements, position and clicks)
  • Keyboard input

Protocol data
Hotjar randomly and automatically records information collected from customers’ websites. This includes the following data:

  • Referring URL and domain
  • Pages visited
  • Geographical location (country only)
  • Preferred languages used to display the website
  • Date and time of accessing the website pages

Login
Hotjar also uses cookies to record login data on your end device or computer. These cookies make it possible to identify whether a certain end device has already visited a Hotjar-based website so that the login data do not need to be re-entered when the same website is visited again. Most browsers allow you to choose whether to accept cookies or not. If you do not want to save cookies on your computer, please set your browser preferences to reject all cookies before accessing a Hotjar-based website. You can find more information about cookies, how you can check whether cookies have been saved and how you can manage and delete cookies at help.hotjar.com/hc/en-us/articles/115011789248-Hotjar-Cookies.

Hotjar’s privacy statement as last amended can be accessed at  www.hotjar.com/privacy.

Microsoft Advertising

We use Microsoft Advertising on our website to track transactions. This is a service provided by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052 - 6399, USA, hereinafter referred to as “Microsoft”, which uses Universal Event Tracking (UET).

If you click on an ad placed by us on the Bing search engine, Microsoft saves a tracking cookie on your end device via your browser. This tracking cookie is stored for the duration stated above (see table) and is not used to identify you personally. If you visit certain pages on our website and the cookie has not yet expired, both we and Microsoft can see that you have clicked advertising we placed on Bing and have been redirected to our website from there.

Microsoft uses the information collected by the tracking cookie to produce visit statistics for us. This provides us with information about the number of clicks on advertising we placed on Bing and the pages of our website that are then accessed. However, we receive no information that allows us to identify you personally.

In addition, Microsoft can track your behaviour on several end devices using cross-device tracking. This enables Microsoft to display personalised advertising across all your devices.

If you object to this processing, you may prevent the installation of the cookie via your internet browser settings or you may refuse or withdraw your consent to the use of cookies via our consent management (see above).

If you have a Microsoft account, you can also change the personalised advertising settings at account.microsoft.com/privacy/ad-settings/signedout.

At https://help.ads.microsoft.com/#apex/3/de/53056/2 and  privacy.microsoft.com/de-de/privacystatement Microsoft also provides further information about Bing Ads and about the collection and use of data as well as your rights and your options for protecting your privacy.

LinkedIn Insight Tag, LinkedIn Analytics

Our website uses the LinkedIn Insight Tag conversion tool and LinkedIn Analytics provided by LinkedIn Ireland Unlimited Company. These tools create cookies in your web browser which allow the collection of the following data: IP address, device and browser properties and page events (e.g. page retrievals). These data are encrypted and then anonymised within seven days. The anonymised data are deleted within the storage time stated above (see table). LinkedIn does not share any personal data with GS1 Germany but offers anonymised reports on website target groups and display performance. In addition, LinkedIn Insight Tag offers the possibility of retargeting. Using these data, GS1 Germany can display targeted non-website-based advertising without identifying you as the website visitor. You can find more information about the LinkedIn privacy policy at  https://www.linkedin.com/legal/privacy-policy.

LinkedIn members can manage the use of their personal data for advertising purposes in their account settings. They can deactivate the Insight Tag (opt-out) on our website at https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. WWhen you are logged in to LinkedIn, you can deactivate data collection at any time at https://www.linkedin.com/psettings/enhanced-advertising.

In addition, you can refuse your consent to the use of cookies or withdraw your consent via our consent management (see above).

Facebook applications (Pixel, Custom Audiences, Connect)

We use Facebook Pixel and the Facebook Custom Audiences and Facebook Connect applications provided by “Facebook” (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website. Facebook Pixel is used to assign the visitors to our website to certain target groups so that personalised ads relating to their interests can be displayed to them on Facebook, Instagram and the Facebook advertising network. The data recorded (e.g. IP address, web browser information, website location, buttons clicked, pixel IDs and other characteristics) can only be used in connection with the display of certain ads and are not visible to us. Facebook Custom Audiences enables us to track your activities on our website if you accessed our website from e.g. ads on Facebook. The application is used to measure the effectiveness of an ad, analyse visitor behaviour and display targeted ads to you (e.g. by creating target groups). To this end, Facebook sets cookies when you visit our website. Ads based on your personal interests are displayed automatically via a pseudonymous cookie ID and on the basis of the pages you have visited. However, the data are anonymised so we, as the operator of this website, cannot draw any conclusions as to the identity of users. To facilitate login to our website, we offer the option of logging in from your Facebook account via Facebook Connect.

If you have a Facebook and/or Instagram account and are logged in, your visit to this website will be assigned to your Facebook and/or Instagram account.You can find further information about the data collected and used by Facebook, your rights in this respect and your options for protecting your privacy at Privacy on the Facebook website.

Walls.io

Our website is embedding social media plugins or widgets which are provided by Walls.io. When loading these widgets, your IP-address and cookie information is transferred to Walls.io. Walls.io is operated by "Walls.io GmbH, based in Vienna, Austria.

ii. Legal basis

We process your personal data in order to carry out statistical analysis of the use of our website on the following legal basis:

  • With your consent in accordance with Article 6 (1) (a) GDPR in conjunction with Section 15 (3) of the German Telemedia Act (Telemediengesetz – TMG)
2. Active use of the website, conclusion of contracts and non-website-based data processing

As well as using our website solely for informational purposes, you may also use it actively to order one of our products or services, to register for an event, to register for our newsletter or to contact us. In addition to processing your personal data as outlined above in the case of the purely informational use of our website, an active use of our website requires us to process other personal data, which we need to process your order or enquiry and provide a response.

The following information, except for 2e (Newsletter, advertising mails and press mailing list), also applies if you contact us or wish to enter a business relationship with us via other channels (e.g. email, telephone, in person). However, in certain circumstances, we can also provide you with separate data privacy information.

a. Enquiries

In order to process and answer your enquiries, e.g. sent using our contact form or mailed to our email address, we need to process the personal data that you have provided in your enquiry. In all cases, this includes your name and email address so that we can send you an answer, as well as any other information contained within the message that you sent us.
We process your personal data to answer enquiries on the following legal basis:

  • If you contact us in respect of a contract to which you are a party or in respect of steps prior to entering into a contact, in accordance with Article 6 (1) (b) GDPR
  • To protect our legitimate interests in accordance with Article 6 (1) (f) GDPR; our legitimate interest comprises the need to provide an appropriate response to enquiries
b. Conclusion of a contract

When you order one of our products or services (free or otherwise) via our website, we process your personal data in order to record, process and deliver the products or services that you have ordered. We process the information that is provided on the corresponding contact form (non-mandatory information is marked as ‘optional’):

  • Email address
  • Title
  • Position
  • First and last names
  • Company
  • Sector
  • Address
  • Postcode
  • City
  • Country
  • Telephone

We process your personal data to establish, perform and terminate a contract on the following legal basis:

  • to perform a contract or to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR
c. Registration for events

If you use our website to register for a physical or virtual event (free or otherwise), we process your personal data in order to accept the registration. We process the information that is provided or requested on the corresponding contact form (non-mandatory information is marked as ‘optional’):

Information about company:

  • Company
  • Street
  • PO box
  • Postcode
  • City
  • Country
  • Branch (optional)

Information about participant:

  • Title
  • Department
  • Position
  • First and last names
  • Title (optional)
  • Telephone
  • Email

We process your personal data to establish, perform and terminate an event on the following legal basis:

  • To perform a contract or to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR

In the case of virtual events, it may be necessary for you to register with a third-party service provider (e.g. virtual conference service) in order to participate in the event. These services are not provided by GS1 itself. We have no influence on nor are we responsible for how this third-party service provider processes your personal data. If you would like to know how this third-party service provider processes your personal data, please consult that third-party provider’s data privacy statement.

Events offered by GS1 Germany and collaborative events are aimed primarily at networking and facilitating a dialogue between the key players in a sector, also following the event. Networking is only possible if GS1 Germany is able to provide the other participants – including participating GS1 Germany solution partners – with the names of each participant and the company they work for, their position and their contact details (email address). This is done by compiling a list of participants which is made available to all participants.

We process your personal data to establish, perform and terminate an event and for networking during and after events on the following legal basis:

  • To protect the legitimate interests of GS1 Germany or a third party in accordance with Article 6 (1) sentence 1 (f) GDPR; the legitimate interest of GS1 Germany consists of offering participants the possibility of contacting or being contacted by other participants. We also aim to create the best possible networking conditions for all participants.
d. Credit check

If we perform services in advance, we reserve the right to protect our legitimate interests by requesting a credit check based on mathematical and statistical processes from the following agencies:
Creditreform Boniversum GmbH, Hellersbergstraße 11, 41460 Neuss, Germany (www.boniversum.de)
BID Bayerischer Inkasso Dienst AG, Weichengereuth 26, 96450 Coburg, Germany (www.bid-coburg.de)

We provide the personal data required for the credit check and use the information we receive regarding the statistical probability of a default on payment. The credit check may include probability values (scores) calculated on the basis of recognised mathematical and statistical processes. A number of parameters such as income, address data, profession, marital status and previous payment history are used to draw conclusions as to the risk that a customer will default on payment. The result is expressed in the form of a score. The information provided is the basis for our decision to establish, perform or terminate a contractual relationship. However, the option to select one of the forms of payment offered is not dependent on such information.

We process your personal data to establish, perform and terminate a contract on the following legal basis:

  • To perform a contract or to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR
  • To protect our legitimate interests in accordance with Article 6 (1) (f) GDPR; our legitimate interest consists of the financial protection of a service performed in advance, to prevent fraud and to establish identity. In addition, third parties have a legitimate interest in protection against a default on payment and in preventing fraud.
e. Newsletter, advertising mails and press mailing list

Data processing when registering for the email newsletter
If you register for our newsletter, we process the necessary data or the data you provide separately in order to send you our email newsletter at regular intervals.

Data processing when registering for the press mailing list
If you register for our press mailing list, we process the necessary data or the data you provide separately in order to send you our press releases at regular intervals. The following data are processed:

We process the information that is provided or requested on the corresponding contact form (non-mandatory information is marked as ‘optional’):

Information about the publication

  • Publisher (optional)
  • Medium (optional)
  • Street (optional)
  • PO box (optional)
  • Postcode (optional)
  • City (optional)
  • Country (optional)

Information about participant:

  • Title
  • Department (optional)
  • Position (optional)
  • First and last names
  • Title (optional)
  • Telephone (optional)
  • Email

Use of data for email advertising
If we receive your email address in connection with concluding a contract and the provision of our products or services and you have not objected to this, we reserve the right to send you offers for similar products or services from our portfolio by email at regular intervals. You can withdraw your consent to this use of your email address at any time by sending a message to the contact given above or using the link for this purpose in the advertising mail without incurring any costs other than transmission costs at the basic rates.

We process your personal data to send you our newsletter on the following legal basis:

  • To send the newsletter on the basis of your consent given by the double-opt-in process to the processing of your personal data in accordance with Article 6 (1) (a) GDPR
  • To send email advertising in the aforementioned cases to protect our legitimate interests in accordance with Article 6 (1) (f) GDPR in conjunction with Section 7 (3) of the German Fair Trade Practices Act (Gesetz gegen den unlauteren Wettbewerb – UWG); our legitimate interest comprises the direct advertising of our products and services
3. Data processing during performance of the contract

During the performance of the contract, we process your personal data as follows:

a. Provision of services

We process your personal data when required to do so for the performance of the contract, e.g. to get in touch with you, to arrange meetings, to clarify queries and to deliver customer service.

We process your personal data to establish, perform and terminate a contract on the following legal basis:

  • To perform a contract or to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR
b. Payment

We use payment service providers and banks to process payments.
We process your personal data to establish, perform and terminate a contract on the following legal basis:

  • To perform a contract or to take steps prior to entering into a contract in accordance with Article 6 (1) (b) GDPR
4. Compliance with legal requirements

We also process your personal data in order to fulfil other legal obligations that apply to us in connection with the performance of the contract. This particularly includes statutory retention periods for commercial-, trade- or tax-related data.

We process your personal data to establish, perform and terminate a contract on the following legal basis:

  • To fulfil a legal obligation that applies to us in accordance with Article 6 (1) (c) GDPR in connection with commercial, trade or tax law, to the extent that we are obliged to record and retain your data and in conjunction with other applicable regulations or official orders (e.g. in criminal law).
5. Asserting legal rights

We process your personal data in order to assert our rights and enforce our legal claims. We also process your personal data in order to be able to defend ourselves against legal claims. Lastly, we process your personal data insofar as this is necessary for the prevention or prosecution of criminal offences.

We process your personal data for the purposes of asserting our legal rights:

  • To protect our legitimate interests in accordance with Article 6 (1) (f) GDPR, insofar as we assert legal claims or defend ourselves in legal disputes, or prevent or resolve criminal offences

III. Categories of recipients

In the first instance, only our employees have access to your personal data. If it is permitted or prescribed by law, we also share your personal data with other recipients who provide us with services in connection with our website or perform non-website-based data processing as described above. We restrict the transfer of your personal data to the strict minimum, specifically to the data that is required to process your order. Some of our service providers receive your personal data in their capacity as processors. In this case, they are strictly bound to comply with our instructions when handling your personal data. In some cases, recipients process your data that we transfer to them independently.

The categories of recipients of your personal data are listed below:

  • Optional payment service providers and banks used to process payments and agencies used to perform credit checks
  • IT service providers for the administration and hosting of our website or for the operation of our apps
  • IT service providers for sending press releases
  • IT service providers that provide software for virtual conferences, meetings or comparable communication
  • Collection agencies and legal advisers for enforcing our rights
  • Other event participants including the participating GS1 Germany solution partners to facilitate making contact with or being contacted by other participants
  • Public bodies and institutions, to the extent that we are legally obliged to do so

IV. Transmission of data to third countries

In connection with our use of the Google tool, we transfer your cropped IP address to the USA. Data may also be transferred outside the EU/EEA in connection with our use of tools provided by Microsoft, LinkedIn, Hotjar and Facebook.

If service providers in a third country outside the EU/EEA are used and no adequacy decision has been taken by the European Commission for this country, these service providers must be obliged to meet European data protection standards by agreeing to the EU standard contractual clauses in addition to written instructions. Unfortunately, even if such agreements and provisions are concluded, the laws of non-EU states (e.g. the Cloud Act in the USA) provide the possibility for government bodies especially to access your data without our or your knowledge and without us or you being able to prevent, inhibit or control it. For this reason, your consent e.g. to the use of cookies (such as for Google Analytics) also covers the transmission of data to countries outside the EU. You can obtain further information from our Data Protection Officer.

We do not transfer your personal data to countries outside the EU or the EEA or to international organisations.

V. Duration of storage

1. Informational use of the website

When our website is being used solely for informational purposes, we save your personal data on our servers for the duration of your visit. As a rule, your personal data is deleted as soon as you leave our website. However, we store server log files for a period of one month.

In deviation from this, the cookies we use may be stored for up to two years. The exact storage duration of the cookies we use is shown in the overview at the start of this data privacy statement or in our consent management/cookie banner.

You have the option of deleting cookies that have been installed at any time or deactivating them via our consent management/cookie banner.

2. Active use of the website, as well as non-website-based enquiries, conclusion of contracts and registration for events, performance of contracts

For the active use of our website as well as non-website-based enquiries, conclusion of contracts and registration of events and the performance of contracts, we store your personal data for as long as is necessary, e.g. to respond to your enquiry, to perform the contract or in the context of our business relationship. This includes both the period of time prior to the establishment of a contract (legal relationship prior to entering into a contract) and the execution of a contract.

We also save your personal data until the end of the period in which legal claims relating to our relationship may be made, in order to use this data as evidence, if necessary. This period of limitation generally extends over a period of between one and three years; in some cases it can be as long as 30 years.

At the end of the period of limitation, we delete your personal data unless we are legally required to retain it in accordance with provisions such as Sections 238, 257 (4) of the German Commercial Code (Handelsgesetzbuch – HGB) or Section 147 (3, 4) of the German Tax Code (Abgabenordnung – AO). This period of retention can last between two and ten years.

VI. Your rights as a data subject

Under data protection legislation, you have a number of rights that you may exercise as a data subject.

Right of access: You have the right under Article 15 GDPR to obtain from us confirmation as to whether or not personal data concerning you is being processed; where this is the case, you also have the right under Article 15 GDPR to have access to the personal data, as well as other specific information (such as the purposes of processing, the categories of personal data concerned, the categories of recipient, the envisaged period for which the personal data will be stored, your rights, the origin of the data, the existence of automated decision-making, and, where personal data is transferred to a third country, information about the appropriate safeguards). You also have the right to obtain a copy of your data.

Right to rectification: You have the right under Article 16 GDPR to obtain from us the rectification of the personal data that we hold about you, when this data is inapplicable or inaccurate.

Right to erasure: You have the right under Article 17 GDPR to obtain from us the erasure of the personal data that we hold about you without delay. The right to erasure does not apply to the extent that the processing of personal data is necessary for (i) exercising the right of freedom of expression and information, (ii) fulfilling a legal obligation that we have (e.g. statutory archiving of data) or (iii) the establishment, exercise or defence of legal claims.

Right to restriction of processing: You have the right under Article 18 GDPR to obtain from us the restriction of processing of your personal data.
Right to data portability: You have the right under Article 20 GDPR to receive the personal data that we hold on you, in a structured, commonly used and machine-readable format.

Right to object: You have the right to withdraw your consent to the future processing of your personal data.

Right to object: You have the right under Article 21 GDPR to object to the processing of personal data that we hold on you; we shall be obliged, as a result, to stop processing your personal data. The right to object is limited to the provisions set forth in Article 21 GDPR. In addition, our own interests may prevent us from ceasing to process your data; in other words, despite your objection, we may still be entitled to process your personal data.

Right to lodge a complaint with a supervisory authority: You have the right under Article 77 GDPR to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of your personal data infringes the GDPR. Your right to lodge a complaint is without prejudice to any other administrative or judicial remedy.

The supervisory authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-
Westfalen
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
Telephone: 0211/38424-0
Fax: 0211/38424-10
Email: poststelle @ ldi.nrw.de

However, we recommend that you always address any complaint to our Data Protection Officer first.

Requests to exercise your rights should, if possible, be sent in writing to the above address or addressed directly to our Data Protection Officer.

VII. The scope of your obligations to provide data

As a general rule, you are not obliged to share any personal data with us. However, failure to provide personal data means that we will not be able to make our website available to you, answer your enquiries and establish a contract with you. Personal data that is not absolutely necessary for the aforementioned purposes is marked as ‘optional’ or identified as non-mandatory by another symbol.

VIII. Automatic decision-making/profiling

We do not use an automatic decision-making or profiling tool (automatic analysis of your personal circumstances).

Your right to object in accordance with Article 21 GDPR

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data based on Article 6 (1) (f) GDPR (data processing based on legitimate interests) or Article 6 (1) (e) (data processing for the performance of a task carried out in the public interest).

If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling grounds for processing your data that override your interests, rights and freedoms, or that processing is necessary for asserting, exercising and defending legal claims.

II. In individual cases, we also process your personal data for the purpose of direct advertising. If you do not wish to receive any advertising, you have the right to object at any time. We will consider this objection for the future.
Your data will no longer be processed for the purpose of direct advertising if you object to processing for this purpose.

Your objection will not be conditional on any particular form and should be sent to:

GS1 Germany GmbH
Stolberger Straße 108 a
50933 Cologne
Germany
widerspruch(at)gs1-germany.de