Privacy Policy

The Gretsch-Unitas group take the protection of personal data of their customers and prospective customers very seriously and comply with the data protection legislation. In no case will the collected data be sold.
The following declaration provides in particular an overview of how Gretsch-Unitas ensures this protection and what type of data is collected for what purpose.

1. Personal data

Personal data is all data related to the user personally, e.g. name, address, e-mail addresses.

2. Responsible person

The responsible person pursuant to Article 4(7) EU General Data Protection Regulation (GDPR) is
Gretsch-Unitas GmbH Baubeschläge, Johann-Maus-Str. 3, 71254 Ditzingen, Germany.

The following other companies currently belong to the Gretsch-Unitas group:

Gretsch-Unitas GmbH, Johannes-Maus-Straße 3, 71254 Ditzingen, Germany

BKS GmbH, Heidestraße 71, 42549 Velbert, Germany

Gretsch-Unitas Logistik GmbH, Johannes-Maus-Straße 3, 71254 Ditzingen, Germany

GU Automatic GmbH, Karl-Schiller-Straße 12, 33397 Rietberg, Germany

AGENA GmbH Gesellschaft für Organisation und Informationsverarbeitung, Johann-Maus-Straße 1-3, 71254 Ditzingen, Germany

3. Data protection officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg, Germany

Web: www.datenschutz-sued.de
E-mail: [email protected]

If you contact our data protection officer, please also indicate the responsible office that is given in the imprint.

4. Data security

The Gretsch-Unitas companies take all necessary technical and organisational security measures to protect personal data from loss and misuse. Data is stored in a secure operating environment that is not accessible to the public.

Where possible, confidential data is transferred using the HTTPS protocol with SSL certificate encryption.

5. Rights of the user

The user has the following rights regarding the personal data we hold for this particular user:

  • Right of access by the data subject (Article 15 GDPR),
  • Right to rectification or erasure (Article 16 and 17 GDPR),
  • Right to restriction of processing (Article 18 GDPR)
  • Right to object to processing (Article 21 GDPR),
  • Right to data portability (Article 20 GDPR).

The user also has the right to complain to the data protection supervisory authority about our processing of his/her personal data. The complaint may be lodged in particular with a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement.

The user can withdraw permission to process his/her data at any time. Users can use the following contact information to inform us about the revocation: [email protected] Such a revocation affects the permissibility of the processing of the personal data without affecting the lawfulness of the data processing carried out on the basis of the consent until the revocation.

Insofar as we base the processing of your personal data on the balance of interests pursuant to Article 6(1)(f) GDPR, users may lodge an objection to the processing pursuant to Article 21 GDPR. This is the case if processing is not a prerequisite for fulfillment of a contract with the users in particular, which is shown by us in each case alongside the description of the functions which follows. When an objection of this kind is lodged, we ask for an explanation of why we should not process the personal data in the manner in which we have done so. If an objection is justified, we check the situation and either stop processing the data, adapt it accordingly or provide compelling reasons worthy of protection for continuing with the processing.
Users can of course object to the processing of their personal data for advertising and data analysis purposes at any time. Users can use the following contact information to inform us about their objection to advertising: [email protected]

6. Cookies

The websites www.g-u.de and www.g-u.com use "cookies" in several places. Cookies do not cause any damage to your computer and do not contain any viruses either. They serve to make the offer more user-friendly, effective and safe. Cookies are small text files that make it possible to recognise users. They are stored by the web browser on the users's computer. The cookies used by Gretsch-Unitas are so-called “session cookies”. A so-called session ID is stored in the cookie which can be used to assign various browser requests to the shared session. This allows us to identify the computer when the user returns to our website. These are automatically deleted after the user has left the website. The legal basis for setting these cookies is the legitimate interest pursuant to Article 6(1)(f) GDPR. Necessary cookies allow basic functions and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.

Name of the cookieStorage duration of the cookie
CookieConsent1 year
CookieConsentReset90 days

Using the website is also possible without cookies. Users can deactivate the storage of cookies in their browser, limit the storage to specific websites or adjust their browser in such a way that it notifies about the sending of a cookie. Users can also delete cookies from their hard disc. Users can configure their browser setting according to their requirements and e.g. accept third-party cookies or reject all cookies. We warn users that they may not be able to use all functions of this website; in this case only certain contents will be displayed on the pages and restrictions will be imposed on the user guidance.

7. Communication via e-mail / telephone / contact form

We treat personal information that you provide us by e-mail, telephone, post or contact form confidentially as a matter of course. We use your data exclusively for the purpose of processing your enquiry. The legal basis for the data processing is Article 6(1)(f) GDPR. The legitimate interest here results from the interest in answering enquiries from our customers, business partners and interested parties and thus maintaining and promoting customer satisfaction.

We exclude the transfer of data to third parties outside of the Gretsch-Unitas group as a matter of principle. In exceptional cases, data is processed on our behalf by order processors. These are carefully selected in each case, are also audited by us and are contractually obligated in accordance with Article 28 GDPR.

Furthermore, it may be necessary for us to pass enquiries to other companies within the Gretsch-Unitas group, insofar as this is necessary for the enquiries to be processed (e.g. answered).

All personal information that you provide to us in connection with enquiries will be deleted or securely anonymised by us no later than 90 days after the final reply to you. The retention period of 90 days is due to the fact that it may occasionally happen that you will contact us again about the same matter after a reply and must be able to refer to the previous correspondence. Experience has shown that queries about our replies generally no longer occur after 90 days.

8. Data processing of contact persons

The Gretsch-Unitas companies process the contact data of contact persons at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone, telefax and post. The legal basis for the data processing is Article 6(1)(f) GDPR. The legitimate interest on the part of the Gretsch-Unitas companies results from the interest in carrying out or initiating a business relationship with customers, interested parties, suppliers and other business partners and in maintaining personal contact with contact persons while doing do.

We exclude the transfer of data to third parties outside of the Gretsch-Unitas companies as a matter of principle. Within the Gretsch-Unitas companies, your data will only be passed on to implement or initiate the business relationship, among other things. In exceptional cases, data is processed on our behalf by order processors. These are carefully selected in each case, are also audited by us and are contractually obligated in accordance with Article 28 GDPR.

Personal data is stored for the purpose of carrying out business relationships for as long as there is a justified interest in this.

9. Web analytics service Matomo ("Piwik")

Our website uses the web analytics service Matomo (previously "Piwik"). Matomo creates usage profiles based on pseudonyms. Matomo ("Piwik") uses cookies. The information generated by a cookie about your user behaviour on our website enables us to analyse the use of the website. For this purpose, the usage information generated by the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes. The information generated by the cookie about your use of this website is not passed on to third parties. The data processing occurs on the basis of your given consent pursuant to Article 6(1)(a) GDPR. You can revoke this consent at any time. To do so, please follow this link and make the corresponding settings via our banner.

10. Google Maps

On our websites, we embed map services that are not stored on our servers. To ensure that calling up our websites with embedded map services does not automatically cause the content of the third-party provider to be reloaded, we only display locally stored preview images of the maps in a first step. The third-party provider does not receive any information as a result.

Contents of the third-party provider are not reloaded until the preview image is clicked. This provides the third-party provider with the information that you have accessed our site as well as the usage data that is technically necessary in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us the permission to reload contents of the third-party provider.

The embedding occurs on the basis of your consent pursuant to Article 6(1)(a) GDPR or § 15 para. 3 sentence 1 of the German Telemedia Act (TMG), provided that you have previously given your consent by clicking on the preview image.

Please note that the embedding of some map services results in your data being processed outside of the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having any legal recourse. Insofar as we use providers in insecure third countries and you consent, the transfer to an insecure third country takes place on the basis of Article 49(1)(a) GDPR.

Provider

Google Ireland Limited/Google LLC (USA) ("Google")

Adequate level of data protection

No adequate level of data protection. The transfer takes place on the basis of Article 49(1)(a) GDPR.

Revocation of consent

When you have clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages, please do not click on the preview images anymore.

11. Newsletter

If customers would like to receive the newsletter offered on the website, we require an e-mail address as well as information that allows us to verify that the owner of the e-mail address agrees to receive the newsletter. After sending the registration form, you will receive an e-mail with a confirmation link from us. When you click the included link, you will be registered for the newsletter. You will be informed of this by a further e-mail. By confirming the registration, you confirm your consent to the processing of your e-mail address and your optional information for the purposes specified here. For evidence purposes, we store the time and the IP address used when the newsletter was ordered. (Double opt-in procedure). Users can voluntarily provide further personal data such as their first and last name. The legal basis for processing this data is Article 6(1)(a) GDPR. The purpose of data processing in the context of ordering the newsletter is to inform newsletter subscribers about offers, promotions, products, events and services of the companies of the Gretsch-Unitas group.

When someone registers for the newsletter, we also store the IP address of the computer system used by the relevant person at the time of registration, which is assigned by the Internet service provider (ISP), as well as the date and time of registration. The storage of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a relevant person at a later point in time and therefore serves as a legal safeguard for the person responsible for the processing. The legal basis for this data processing is the legitimate interest pursuant to Article 6(1)(f) GDPR.

The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the Newsletter may be informed by e-mail, where necessary for operation of the Newsletter service or in order to register for the service, as might be the case if changes were made to the Newsletter offering or if technical circumstances were to change. Personal data is not forwarded to third parties, apart from our e-mail provider INXMAIL as part of the Newsletter service. We have concluded an order processing agreement with the provider Inxmail GmbH, Wentzingerstr. 17, 79106 Freiburg, Germany, e-mail: [email protected], web: www.inxmail.de, telephone: +49 761 296979-0, telefax: +49 761 296979-9.

Using individual functionalities of our newsletter, we can automatically and anonymously track which contents of our newsletter are of particular interest to our customers, which e-mail they open and which link they click on. We use the results of these anonymised evaluations exclusively for the purpose of improving our offer. The results are not assigned to specific people.

The subscription to our newsletter can be cancelled by the relevant person at any time. Once the relevant person has granted us permission to save his/her personal data for dispatch of the Newsletter, he/she can also revoke it at any time. A corresponding link is provided in every Newsletter for this purpose. Furthermore, it is also possible to unsubscribe from the newsletter mailing at any time directly on the website of the party responsible for processing. If you do not actuate the confirmation link in the e-mail within 7 days of registering for the newsletter, we will delete the data that you have provided.

12. Seminar registration and registration for events

If you would like to book seminars or register for events via our website, we require the information marked as mandatory in the booking mask. The input fields that are not marked can be optionally filled in. As part of the booking process, you will receive an e-mail from us confirming your registration. The booking process is not completed until you activate the link contained in this e-mail. The information that you provide for the booking will be processed by us for the purpose of carrying out the booking and the seminar or for registering for events. The legal basis for this data processing is Article 6(1)(b) GDPR.

If you give us your consent for this, we will also use your information to send you marketing information about the respective seminar/event by e-mail, post or telephone as a follow-up to the seminar/event. You can revoke your consent at any time with future effect by clicking on the corresponding unsubscribe link in one of the e-mails or by sending an e-mail to [email protected] The legal basis for the data processing in the context of sending information is your consent pursuant to Article 6(1)(a) GDPR.

We do not share the names of people who register for a seminar or event on our website.

We store the data of participants in seminars and events, if necessary, for the duration of the statutory storage obligations. Afterwards and otherwise, the data is generally deleted. If you have given your consent to receive information, we store your data for this purpose until you revoke your consent.

13. Further information

The user is aware of the fact that, even with the current state of technology, privacy for data transmissions on the Internet cannot be guaranteed. In this respect, users themselves are responsible for the security of the data they transmit online.

The trust of users is very important to the Gretsch-Unitas group. Therefore, Gretsch-Unitas is more than willing to answer questions concerning the processing of personal data. If you have any questions that this data privacy statement does not answer, or if users would like more detailed information on any point, please contact us at the following e-mail address: [email protected].

14. Automated individual decision-making

Automated decision-making or profiling does not take place.

15. No obligation to provide personal data

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obligated to provide personal data if not stated otherwise previously. Not providing your personal data may mean that we are unable to respond to your contact request and that you are unable to participate in an application process or attend an event.

16. Data privacy statement for our social media pages

In the following, we would like to inform you about the handling of your data pursuant to Article 13 of the General Data Protection Regulation (GDPR).

Responsible person

We operate the following social media pages:

Gretsch-Unitas GmbH

BKS

The contact data can be found in Chapter 2 of this data privacy statement.

In addition to us, there is also the operator of the social media platform itself. This operator is thus also another responsible party who carries out data processing; however, we have only limited influence over this. Where we can have an impact and parameterise the data processing, we work towards having the operator of the social media platform handle the data in compliance with data privacy within the scope of the possibilities available to us. Oftentimes, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data the operator processes. However, the operator informs you about this in its respective data privacy statement.

16.1 Data processing by us

The data you enter on our social media sites, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Article 6(1)(f) GDPR. The data processing takes place in the interest of our public relations and communication.

On our Facebook and Instagram pages, we use the Page Insights feature. Page Insights consists of aggregated data that helps us understand how people interact with our Facebook page. Page Insights can be based on personal data collected in connection with a visit to or interaction of people with or on our Facebook page and its contents. The legal basis is Article 6(1)(f) GDPR. The data processing takes place in the interest of our public relations and communication.

If you wish to object to specific data processing over which we have influence, please contact us using the contact information provided in Chapter 2 of this data privacy statement. We will then review your objection or forward it to the social media platform if necessary.

If you send us a request on a social media platform, we may also refer you to other, secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential enquiries to our address given in the imprint.

As already explained, where the provider of the social media platform gives us the opportunity, we take care to design our social media pages so that they are as compliant with data protection as possible. In particular, we therefore do not use the demographic, interest-based, behaviour-based or location-based target group definitions for advertising that the operator of a social media platform may make available to us. Overall, we do not use social media platforms for advertising purposes. With regard to statistics provided to us by the provider of a social media platform, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

16.2 Data processing by the operator of a social media platform

The operators of social media platforms use web tracking methods. The web tracking can also take place regardless of whether one is logged in or registered with the social media platform. As already explained, we unfortunately have hardly any influence on the web tracking methods of social media platforms. We cannot switch this off, for example.

Please be aware: It cannot be ruled out that the provider of a social media platform uses your profile and behavioural data, for example, to evaluate your habits, personal relationships, preferences, etc. We therefore have no influence on the processing of your data by the provider of a social media platform.

For more information on data processing by the provider of a social media platform and further objection options, please refer to the provider's data privacy statement:

In cases where we are jointly responsible for processing with a social media platform, you can find the main contents of the joint processing of your data here:

17. BKS identifikation app

The BKS identifikation app is used to carry out the legitimation process for reordering cylinders and keys.

Log data

Only the following log data will be stored:

  • App ID
  • Error date
  • Application version
  • Error history
  • Error message
  • Detailed error message
  • Device model
  • Operating system version
  • Operating system
  • Device type
  • Manufacturer

The collection and storage of the app ID is necessary for the installation of the BKS identifikation app and so for the fulfilment of the usage contract regarding the aforementioned app. The legal basis for the data processing is Article 6(1)(b) GDPR.

The collection and storage of log data are based on our legitimate interest, namely our interest in the analysis and elimination of program errors (Article 6(1)(f) GDPR).

Recipients of the data: We exclude the transfer of data to third parties outside BKS GmbH. Exceptionally, data is processed on our behalf by data processors (Microsoft Corporation). These are carefully selected in each case, are also audited by us and are contractually obligated in accordance with Article 28 GDPR. Physical storage of your personal data takes place exclusively in data centers within the EU/EEA.

Storage period: The log data is automatically deleted within 30 days of collection. Your app ID is deleted when you uninstall the BKS identifikation app. For an early deletion of the log data, you are welcome to send us an e-mail to [email protected]

Query of location data for dealer selection

In the course of using the BKS identifikation app, you also have the option of searching for dealers of our products in your location. Before using this function, you will be asked for your permission to use your location data.

The legal basis for data processing is the consent you have given by clicking on the corresponding button in accordance with Article 6(1)(a) GDPR.

You are also welcome to search for dealers of our aforementioned products in the BKS identifikation app without requesting your location data.

Recipients of the data: We exclude the transfer of data to third parties outside BKS GmbH.

Storage period: The location data is only stored for the duration of the use of the BKS identifikation app. Afterwards, they are deleted immediately.

You can revoke your consent to the processing of your personal data at any time. You can inform us about your revocation via the following contact details [[email protected]]. Such a revocation affects the permissibility of the processing of the personal data without affecting the lawfulness of the data processing carried out on the basis of the consent until the revocation.

18. Data processing by using the trade fair app

If customers wish to be contacted about our products and services following a trade fair visit by post or e-mail, we need the following data: company name, name of the responsible contact person, business address, country, language and customer type (i.e. fabricator, specifier etc.). In addition, the product range(s) of interest and the consultation length will be recorded and stored. This data is collected and stored in our trade fair app.

Your expressed desire to be contacted will be recorded in the trade fair app and constitutes the granting of consent to the collection and storage of the aforementioned data and your optional information in accordance with Article 6(1)(a) GDPR for the purpose of contacting you and sending you documents.

The personal data collected by means of the trade fair app will be used exclusively for the aforementioned purposes.

You can revoke your consent at any time. If you revoke your consent, we will delete your personal data. Please address the revocation to [email protected].

We exclude the transfer of data to third parties outside of the Gretsch-Unitas group as a matter of principle.

19. Web analytics service TaboolaWeb analytics service Taboola

When you provide your consent within the meaning of Article 6(1)(a) GDPR via our cookie banner, you give your consent to the use of Taboola web analysis service on the Internet page. This service is provided by Taboola Inc. ("Taboola") (USA). A tracking pixel is placed on our Internet page. Its purpose is to measure the number of potential customers viewing the products on our website. This involves processing your personal data (IP address; browser information incl. browser type and browser version, operating system, incl. settings and system configuration). The data in this case is generally processed by Taboola.

The data processing is carried out with your consent which you provide via our cookie banner in accordance with Article 6(1)(a) GDPR.

Please note that your personal data is also processed outside the EU or EEA. In some countries (e.g. USA) there is a risk that the authorities could access the data for security and monitoring purposes without you being notified or having the opportunity to appeal. If we use providers in insecure third countries and you provide your consent via our cookie banner, data processing in an insecure third country is carried out on the basis of Article 49(1)(a) GDPR.

You can revoke your consent at any time. You can revoke your consent at any time. To do so, please follow this link.

20. LinkedIn Insight Tag

When you provide your consent within the meaning of Article 6(1)(a) GDPR via our cookie banner, you give your consent to the use of LinkedIn Insight Tag on the Internet page. This service is provided by LinkedIn Ireland Unlimited Company („LinkedIn“) (Irland). A tracking pixel is placed on our Internet page. Its purpose is to analyse the use of our website by potential customers interested in our products and services. This involves processing your personal data (IP address, device information, browser information, timestamp and referrer URL). The data in this case is generally processed by LinkedIn. Further information on LinkedIN's data processing can be found at https://www.linkedin.com/legal/privacy-policy.

The data processing is carried out with your consent which you provide via our cookie banner in accordance with Article 6(1)(a) GDPR.

Please note that your personal data is also processed outside the EU or EEA.

In some countries (e.g. Singapore, USA) there is a risk (insofar as no adequate level of data protection has been established in detail by a corresponding adequacy decision of the European Union) that the authorities could access the data for security and monitoring purposes without you being notified or having the opportunity to appeal. If we use providers in insecure third countries and you provide your consent via our cookie banner, data processing in an insecure third country is carried out on the basis of Article 49(1)(a) GDPR.

You can revoke your consent at any time. To do so, please follow this link. Your personal data will be deleted after 90 days at the latest, provided you have not withdrawn your consent.

 

User rights

In the processing of your personal data, the GDPR grants you certain rights as a website user:

1.) Right of access (Article 15 GDPR):

You have the right to obtain confirmation as to whether or not personal data concerning you are being processed; if this is the case, you have a right of access to such personal data and to the information specified in Article 15 of the GDPR.

2.) Right to rectification or erasure (Article 16 and 17 GDPR):

You have the right to request without delay the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data.

You also have the right to request that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Article 17 GDPR applies, e.g. if the data is no longer required for the purposes pursued.

3.) Right to restriction of processing (Article 18 GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Article 18 GDPR is met, e.g. if you have objected to the processing, for the duration of any review.

4.) Right to data portability (Article 20 GDPR):

In certain cases, detailed in Article 20 GDPR, you have the right to obtain the personal data concerning you in a structured, commonly used and machine-readable format or to request the transfer of such data to a third party.

5.) Right to object (Article 21 GDPR):

If data is collected on the basis of Article 6(1)(f) (data processing for safeguarding legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves to assert, exercise or defend legal claims.

Right of appeal to a supervisory authority

Pursuant to Article 77 GDPR, you also have the right to complain to the data protection supervisory authority about our processing of his/her personal data. The complaint may be lodged in particular with a supervisory authority in the member state of your residence or the place of the alleged infringement.