Privacy policy

The Gretsch-Unitas Group take the protection of personal data of their customers and prospective customers very seriously and comply with the data protection legislation. In no case will the collected data be sold.
The following declaration provides in particular an overview of how Gretsch-Unitas ensures this protection and what type of data is collected for what purpose.

1. Personal data

Personal data is all data related to the user personally, e.g. name, address, e-mail addresses.

2. Responsible person

The responsible person pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is
Gretsch-Unitas GmbH Baubeschläge, Johann-Maus-Str. 3, 71254 Ditzingen, Germany.

The following other companies currently belong to the Gretsch-Unitas Group:

Gretsch-Unitas GmbH, Johannes-Maus-Straße 3, 71254 Ditzingen, Germany

BKS GmbH, Heidestraße 71, 42549 Velbert

Gretsch-Unitas Logistik GmbH, Johannes-Maus-Straße 3, 71254 Ditzingen, Germany

GU Automatic GmbH, Karl-Schiller-Straße 12, 33397 Rietberg

AGENA GmbH Gesellschaft für Organisation und Informationsverarbeitung, Johann-Maus-Straße 1-3, 71254 Ditzingen, Germany

Ela-soft GmbH, Breitenbachstraße 10, 13509 Berlin

3. Data security officer

Our external data security officer will be happy to provide you with information on the subject of data security at the following address:

datenschutz süd GmbH
Wörthstraße 15
97082 Würzburg, Germany

Web: www.datenschutz-sued.de
E-Mail: [email protected]

If you contact our data security officer, please also indicate the responsible office that is named in the Imprint.

4. Data security

The Gretsch-Unitas companies take all necessary technical and organisational security measures to protect personal data from loss and misuse. All data is stored in a secure operating environment which is not publicly accessible.

Where possible, confidential data is transferred using the HTTPS protocol with SSL certificate encryption.

5. Rights of the user

The user has the following rights regarding the personal data we hold for this particular user:

• Right of access (Art. 15 of the GDPR),
• Right to amendment or deletion (Art. 16 and 17 of the GDPR),
• Right to restriction of processing (Art. 18 of the GDPR)
• Right to object to processing (Art. 21 of the GDPR),
• Right to data transferability (Art. 20 of the GDPR).

The user also has the right to complain to the data protection supervisory authority about our processing of his/her personal data. The complaint may be lodged in particular with a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement.

The user can withdraw permission to process his/her data at any time. Users can use the following contact information to inform us of the withdrawal: [email protected] Such a withdrawal influences the permissibility of the processing of personal data without affecting the lawfulness of data processing carried out on the basis of the consent until the withdrawal.

Insofar as we base the processing of your personal data on the balance of interests pursuant to Art. 6 para. 1 sentence 1 lit. f) of the GDPR, users may lodge an objection to the processing pursuant to Art. 21 of the GDPR. This is the case if processing is not a prerequisite for fulfillment of a contract with the users in particular, which is shown by us in each case alongside the description of the functions which follows. When an objection of this kind is lodged, we ask for an explanation of why we should not process the personal data in the manner in which we have done so. If an objection is justified, we check the situation and either stop processing the data, adapt it accordingly or provide compelling reasons worthy of protection for continuing with the processing.

Users can of course object to the processing of their personal data for advertising and data analysis purposes at any time. Users can use the following contact information to inform us about their objection to advertising:[email protected]

6. Cookies

The websites www.g-u.de and www.g-u.com use “cookies” in several places. Cookies do not cause any damage to your computer and do not contain any viruses either. They serve to make the offer more user-friendly, effective and safe. Cookies are small text files that make it possible to recognise users. They are stored by the browser memory on the computer of the user. The cookies used by Gretsch-Unitas are so-called “session cookies”. A so-called session ID is stored in the cookie which can be used to assign various browser requests to the shared session. This allows us to identify the computer when the user returns to our website. These are automatically deleted after the user has left the website. The legal basis for setting these cookies is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) of the GDPR. Necessary cookies allow basic functions and are required for the proper functioning of the website. We have a legitimate interest in making the website as user-friendly as possible.

Using the website is also possible without cookies. Users can deactivate the storage of cookies in their browser, limit the storage to specific websites or adjust their browser in such a way that it notifies about the sending of a cookie. Users can also delete cookies from their hard disc. Users can configure their browser setting according to their requirements and e.g. accept third-party cookies or reject all cookies. We warn users that they may not be able to use all functions of this website; in this case only certain contents will be displayed on the pages and restrictions will be imposed on the user guidance.

7. Communication via e-mail / telephone / contact form

We treat personal information that you provide us by e-mail, telephone, post or contact form confidentially as a matter of course. We use your data exclusively for the purpose of processing your enquiry. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f) of the GDPR. The legitimate interest here results from the interest in answering enquiries from our customers, business partners and interested parties and thus maintaining and promoting customer satisfaction.

We exclude the transfer of data to third parties outside of the Gretsch-Unitas Group as a matter of principle. In exceptional cases, data is processed on our behalf by order processors. These are each carefully selected, audited by us as well, and contractually obligated pursuant to Art. 28 of the GDPR.

Furthermore, it may be necessary for us to pass enquiries to other companies within the Gretsch-Unitas Group, insofar as this is necessary for the enquiries to be processed (e.g. answered).

All personal information that you provide to us in connection with enquiries will be deleted or securely anonymised by us no later than 90 days after the final reply to you. The retention period of 90 days is due to the fact that it may occasionally happen that you will contact us again about the same matter after a reply and must be able to refer to the previous correspondence. Experience has shown that queries about our replies generally no longer occur after 90 days.

8. Data processing of contact persons

The Gretsch-Unitas companies process the contact data of contact persons at customers, interested parties, suppliers and other business partners for communication by e-mail, telephone, telefax and post. The legal basis for the data processing is Art. 6 para. 1 sentence 1 lit. f) of the GDPR. The legitimate interest on the part of the Gretsch-Unitas companies results from the interest in carrying out or initiating a business relationship with customers, interested parties, suppliers and other business partners and in maintaining personal contact with contact persons while doing do.

We exclude the transfer of data to third parties outside of the Gretsch-Unitas companies as a matter of principle. Within the Gretsch-Unitas companies, your data will only be passed on to implement or initiate the business relationship, among other things. In exceptional cases, data is processed on our behalf by order processors. These are each carefully selected, audited by us as well, and contractually obligated pursuant to Art. 28 of the GDPR.

Personal data is stored for the purpose of carrying out business relationships for as long as there is a justified interest in this.

9. Web analytics service Matomo ("Piwik")

Our website uses the web analytics service Matomo (previously "Piwik"). Matomo creates usage profiles based on pseudonyms. Matomo ("Piwik") uses cookies. The information generated by a cookie about your user behaviour on our website enables us to analyse the use of the website.

For this purpose, the usage information generated by the cookie (including your shortened IP address) is transmitted to our server and stored for usage analysis purposes.

The information generated by the cookie about your use of this website is not passed on to third parties.

The data processing occurs on the basis of your given consent pursuant to Art. 6(1)(a) of the GDPR. You can revoke this consent at any time. To do so, please follow this link and make the corresponding settings via our banner.

10. Google Maps

On our websites, we embed map services that are not stored on our servers. To ensure that calling up our websites with embedded map services does not automatically cause the content of the third-party provider to be reloaded, we only display locally stored preview images of the maps in a first step. The third-party provider does not receive any information as a result.

Contents of the third-party provider are not reloaded until the preview image is clicked. This provides the third-party provider with the information that you have accessed our site as well as the usage data that is technically necessary in this context. We have no influence on the further data processing by the third-party provider. By clicking on the preview image, you give us the permission to reload contents of the third-party provider.

The embedding occurs on the basis of your consent pursuant to Art. 6 para. 1 sentence 1 lit. a of the GDPR or § 15 para. 3 sentence 1 of the German Telemedia Act (TMG), provided that you have previously given your consent by clicking on the preview image. 

Please note that the embedding of some map services results in your data being processed outside of the EU or EEA. In some countries, there is a risk that authorities may access the data for security and surveillance purposes without you being informed or having any legal recourse. Insofar as we use providers in insecure third countries and you consent, the transfer to an insecure third country takes place on the basis of Art. 49 para. 1 lit. a of the GDPR.

Provider

Google Ireland Limited/Google LLC (USA)  (“Google”)

Adequate level of data protection

No adequate level of data protection. The transfer takes place on the basis of Art. 49 para. 1 lit. a of the GDPR.

Revocation of consent

When you have clicked on a preview image, the contents of the third-party provider are immediately reloaded. If you do not wish such reloading on other pages, please do not click on the preview images anymore.

11. Newsletter

If customers would like to receive the newsletter offered on the website, we require an e-mail address as well as information that allows us to verify that the owner of the e-mail address agrees to receive the newsletter. After sending the registration form, you will receive an e-mail with a confirmation link from us. When you click the included link, you will be registered for the newsletter. You will be informed of this by a further e-mail. By confirming the registration, you confirm your consent to the processing of your e-mail address and your optional information for the purposes specified here. For evidence purposes, we store the time and the IP address used when the newsletter was ordered. (Double opt-in procedure). Users can voluntarily provide further personal data such as their first and last name. The legal basis for processing this data is Art. 6 para. 1 sentence 1 lit. a) of the GDPR. The purpose of data processing in the context of ordering the newsletter is to inform newsletter subscribers about offers, promotions, products, events and services of the companies of the Gretsch-Unitas Group.

When someone registers for the newsletter, we also store the IP address of the computer system used by the relevant person at the time of registration, which is assigned by the Internet service provider (ISP), as well as the date and time of registration. The storage of this data is necessary in order to be able to trace the (possible) misuse of the e-mail address of a relevant person at a later point in time and therefore serves as a legal safeguard for the person responsible for the processing. The legal basis for this data processing is the legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f) of the GDPR.

The personal data collected in the context of a registration for the newsletter is used exclusively for sending our newsletter. Furthermore, subscribers to the Newsletter may be informed by e-mail, where necessary for operation of the Newsletter service or in order to register for the service, as might be the case if changes were made to the Newsletter offering or if technical circumstances were to change. Personal data is not forwarded to third parties, apart from our e-mail provider INXMAIL as part of the Newsletter service. We have concluded an order processing agreement with the provider Inxmail GmbH, Wentzingerstr. 17, D-79106 Freiburg, Germany, e-mail: [email protected], Internet: www.inxmail.de, telephone: +49 761 296979-0, telefax: +49 761 296979-9.

Using individual functionalities of our newsletter, we can automatically and anonymously track which contents of our newsletter are of particular interest to our customers, which e-mail they open and which link they click on. We use the results of these anonymised evaluations exclusively for the purpose of improving our offer. The results are not assigned to specific people.

The subscription to our newsletter can be cancelled by the relevant person at any time. Once the relevant person has granted us permission to save his/her personal data for dispatch of the Newsletter, he/she can also withdraw it at any time. A corresponding link is provided in every Newsletter for this purpose. Furthermore, it is also possible to unsubscribe from the newsletter mailing at any time directly on the website of the party responsible for processing. If you do not actuate the confirmation link in the e-mail within 7 days of registering for the newsletter, we will delete the data that you have provided.

12. Seminar registration and registration for events

If you would like to book seminars or register for events via our website, we require the information marked as mandatory in the booking mask. The input fields that are not marked can be optionally filled in. As part of the booking process, you will receive an e-mail from us confirming your registration. The booking process is not completed until you activate the link contained in this e-mail. The information that you provide for the booking will be processed by us for the purpose of carrying out the booking and the seminar or for registering for events. The legal basis for this data processing is Art. 6 para. 1 sentence 1 lit. b) of the GDPR.

If you give us your consent for this, we will also use your information to send you marketing information about the respective seminar/event by e-mail, post or telephone as a follow-up to the seminar/event. You can revoke your consent at any time with future effect by clicking on the corresponding unsubscribe link in one of the e-mails or by sending an e-mail to [email protected]. The legal basis for the data processing in the context of sending information is your consent pursuant to Art. 6 para. 1 sentence 1 lit. a) of the GDPR.

We do not share the names of people who register for a seminar or event on our homepage.

We store the data of participants in seminars and events, if necessary, for the duration of the statutory storage obligations. Afterwards and otherwise, the data is generally deleted. If you have given your consent to receive information, we store your data for this purpose until you revoke your consent.

13. Use of the BAUFRAGEN.DE online platform

The website uses services of the BAUFRAGEN.DE online platform. You can use the online chat to ask individual questions, which will be answered directly in the chat. You can voluntarily provide your contact data such as address, telephone number or e-mail address. The purpose of this platform is to facilitate communication with us for potential business customers. The legal basis of this data processing is our legitimate interest pursuant to Art. 6 para. 1 sentence 1 lit. f of the GDPR.

Information on this can be found in the Privacy Statement on BAUFRAGEN.DE. https://www.baufragen.de/datenschutz

We exclude the transfer of data to third parties outside of Gretsch-Unitas as a matter of principle. In exceptional cases, data is processed on our behalf by order processors. These are each carefully selected, audited by us as well, and contractually obligated pursuant to Art. 28 of the GDPR.

Storage duration: All personal information that you provide to us in connection with enquiries will be deleted or securely anonymised by us no later than 90 days after the final reply to you. The retention period of 90 days is due to the fact that it may occasionally happen that you will contact us again about the same matter after a reply and must be able to refer to the previous correspondence. Experience has shown that queries about our replies generally no longer occur after 90 days.

14. Further information

The user is aware of the fact that, even with the current state of technology, privacy for data transmissions on the Internet cannot be guaranteed. In this respect, users themselves are responsible for the security of the data they transmit online.

The trust of users is very important to the Gretsch-Unitas Group. Therefore, Gretsch-Unitas is more than willing to answer questions concerning the processing of personal data. If questions arise that are not answered by this Privacy Policy, or if users wish to receive more detailed information on some point, they should not hesitate to contact us at the following e-mail address: [email protected].

15. Existence of automatic decision-making

Automatic decision-making or profiling does not take place.

16. No obligation to provide personal data

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obligated to provide personal data if not stated otherwise previously. Not providing your personal data may mean that we are unable to respond to your contact request and that you are unable to participate in an application process or attend an event.

17. Data privacy statement for our social media pages

In the following, we would like to inform you about the handling of your data pursuant to Art. 13 of the General Data Protection Regulation (GDPR).

Responsible person

We operate the following social media pages:

Gretsch-Unitas GmbH

• Linkedin: https://www.linkedin.com/company/gretsch-unitas-deutschland/
• Linkedin: https://www.linkedin.com/company/gretsch-unitas-group/

BKS

• Facebook: https://www.facebook.com/bksgmbhDEU
• Twitter: https://twitter.com/bks_gmbh
• Instagram: https://www.instagram.com/bks_gmbh/
• LinkedIn: https://www.linkedin.com/company/bks-gmbh
• Xing: https://www.xing.com/companies/bksgmbh/updates
• Kununu: https://www.kununu.com/de/bks

ela-soft

• Facebook: https://www.facebook.com/elasoftgmbhDEU/
• Twitter: https://twitter.com/elasoft_gmbh
• Instagram: https://www.instagram.com/elasoft_gmbh/
• LinkedIn: https://www.linkedin.com/company/elasoft-gmbh/

The contact data can be found in chapter 2 of this data privacy statement.

In addition to us, there is also the operator of the social media platform itself. This operator is thus also another responsible party who carries out data processing; however, we have only limited influence over this. Where we can have an impact and parameterise the data processing, we work towards having the operator of the social media platform handle the data in compliance with data privacy within the scope of the possibilities available to us. Oftentimes, however, we cannot influence the data processing by the operator of the social media platform and also do not know exactly what data the operator processes. However, the operator informs you about this in its respective data privacy statement.

17.1 Data processing by us

The data you enter on our social media sites, such as comments, videos, pictures, likes, public messages, etc. are published by the social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. Where applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform. The legal basis is Art. 6 para. 1 sentence 1 lit. f of the GDPR. The data processing takes place in the interest of our public relations and communication.

On our Facebook and Instagram pages, we use the Page Insights feature. Page Insights consists of aggregated data that helps us understand how people interact with our Facebook page. Page Insights can be based on personal data collected in connection with a visit to or interaction of people with or on our Facebook page and its contents. The legal basis is Art. 6 para. 1 sentence 1 lit. f of the GDPR. The data processing takes place in the interest of our public relations and communication.

If you wish to object to specific data processing over which we have influence, please contact us using the contact information provided in chapter 2 of this data privacy statement. We will then review your objection or forward it to the social media platform if necessary.

If you send us a request on a social media platform, we may also refer you to other, secure communication channels that guarantee confidentiality, depending on the required response. You always have the option of sending us confidential enquiries to our address given in the imprint.

As already explained, where the provider of the social media platform gives us the opportunity, we take care to design our social media pages so that they are as compliant with data protection as possible. In particular, we therefore do not use the demographic, interest-based, behaviour-based or location-based target group definitions for advertising that the operator of a social media platform may make available to us. Overall, we do not use social media platforms for advertising purposes. With regard to statistics provided to us by the provider of a social media platform, we can only influence these to a limited extent and cannot switch them off. However, we make sure that no additional optional statistics are made available to us.

17.2 Data processing by the operator of a social media platform

The operators of social media platforms use web tracking methods. The web tracking can also take place regardless of whether one is logged in or registered with the social media platform. As already explained, we unfortunately have hardly any influence on the web tracking methods of social media platforms. We cannot switch this off, for example.

Please be aware: It cannot be ruled out that the provider of a social media platform uses your profile and behavioural data, for example, to evaluate your habits, personal relationships, preferences, etc. We therefore have no influence on the processing of your data by the provider of a social media platform.

For more information on data processing by the provider of a social media platform and further objection options, please refer to the provider's data privacy statement:

• Facebook: https://www.facebook.com/policy.php
• YouTube: https://www.so-geht-youtube.de/datenschutzerklaerung/
• XING: https://privacy.xing.com/de/datenschutzerklaerung
• kununu: https://www.kununu.com/de/info/disclaimer
• LinkedIn: https://www.linkedin.com/legal/privacy-policy?_l=de_DE
• Twitter: https://twitter.com/de/privacy
• Instagram: https://help.instagram.com/519522125107875

In cases where we are jointly responsible for processing with a social media platform, you can find the main contents of the joint processing of your data here:

• Facebook: https://www.facebook.com/legal/terms/page_controller_addendum

18 Data protection information BKS identifikation app

BKS GmbH takes the protection of the personal data of its customers and interested parties very seriously and complies with the rules of data protection laws. The following declaration provides you with an overview of how BKS GmbH ensures this protection and what types of personal data are processed for what purpose when using the BKS identifikation app. The BKS identifikation app is used to carry out the legitimation process for reordering cylinders and keys.

Responsible

The responsible party pursuant to Art. 4 No. 7 of the EU General Data Protection Regulation (GDPR) is BKS GmbH, Heidestraße 71, 42549 Velbert.

Data Protection Officer

Our external data protection officer will be happy to provide you with information on the subject of data protection under the following contact details:

datenschutz süd GmbH
Wörthstraße
1597082 Würzburg, Germany

Web: www.datenschutz-sued.de
E-Mail: [email protected]

When using the BKS identifikation app, the following personal data will be stored by us:

Log data

Only the following log data will bei stored:

• App ID
• Error date
• Application version
• Error history
• Error message
• Detailed error message
• Device Model
• Operating system version
• Operating system
• Device type
• Manufacturer

The collection and storage of the app ID is necessary for the installation of the BKS identifikation app and so for the fulfilment of the usage contract regarding the aforementioned app. The legal basis for the data processing is Art. 6 para. 1 p. 1 lit. b GDPR. 

The collection and storage of log data is based on our legitimate interest, namely our interest in the analysis and elimination of program errors (Art. 6 para. 1 p. 1 lit. f GDPR).

Recipients of the data: We exclude the transfer of data to third parties outside BKS GmbH. Exceptionally, data is processed on our behalf by data processors (Microsoft Corporation). These are carefully selected in each case, are also audited by us and are contractually obligated in accordance with Art. 28 GDPR. Physical storage of your personal data takes place exclusively in data centers within the EU/EEA.

Storage period: The log data is automatically deleted within 30 days of collection. Your app ID is deleted when you uninstall the BKS identifikation app. For an early deletion of the log data, you are welcome to send us an email to [email protected]

Query of location data for dealer selection

In the course of using the BKS identifikation app, you also have the option of searching for dealers of our products in your location. Before using this function, you will be asked for your permission to use your location data.

The legal basis for data processing is the consent you have given by clicking on the corresponding button in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR.

You are also welcome to search for dealers of our aforementioned products in the BKS identifikation app without requesting your location data.

Recipients of the data: We exclude the transfer of data to third parties outside BKS GmbH.

Storage period: The location data is only stored for the duration of the use of the BKS identifikation app. Afterwards, they are deleted immediately.

You can revoke your consent to the processing of your personal data at any time. You can inform us about your revocation via the following contact details [[email protected]]. Such a revocation affects the permissibility of the processing of the personal data without affecting the lawfulness of the data processing carried out on the basis of the consent until the revocation.

Existence of automated decision making

Automated decision making or profiling does not take place.

No obligation to provide personal data

Unless otherwise stated in the previous chapters, the provision of personal data is not required by law or contract or necessary for the conclusion of a contract. You are not obliged to provide the personal data if no other information has been provided previously. Failure to provide your personal data may mean that you cannot use the BKS identifikation app.

19. Data processing by using the Trade Fair App

If customers wish to be contacted about our products and services following a trade fair visit by post or email, we need the following data: company name, name of the responsible contact person, business address, country, language and customer type (i.e. fabricator, specifier etc.). In addition, the product range(s) of interest and the consultation length will be recorded and stored. This data is collected and stored in our trade fair app.

Your expressed desire to be contacted will be recorded in the trade fair app and constitutes the granting of consent to the collection and storage of the aforementioned data and your optional information in accordance with Art. 6 para 1 sentence 1 lit. a GDPR for the purpose of contacting you and sending you documents.

The personal data collected by means of the trade fair app will be used exclusively for the aforementioned purposes.

You can revoke your consent at any time. If you revoke your consent, we will delete your personal data. Please address the revocation to [email protected]

We exclude the transfer of data to third parties outside of the Gretsch-Unitas group as a matter of principle. 

Your rights as a user

In the processing of your personal data, the GDPR grants you certain rights as a website user:

1.) Right of access (Art. 15 of the GDPR):

You have the right to request confirmation as to whether personal data concerning you is being processed; if this is the case, you have the right to be informed about this personal data and to receive the individual information listed in Article 15 of the GDPR.

2.) Right to rectification and deletion (Art. 16 and 17 of the GDPR):

You have the right to request the rectification of any inaccurate personal data concerning you and, where applicable, the completion of any incomplete personal data without delay.

You also have the right to demand that personal data concerning you be deleted without delay, provided that one of the reasons listed in detail in Art. 17 of the GDPR applies, e.g., if the data is no longer required for the intended purposes.

3.) Right to restriction of processing (Art. 18 of the GDPR):

You have the right to request the restriction of processing if one of the conditions listed in Art. 18 of the GDPR applies, e.g., if you have objected to the processing, for the duration of any review.

4.) Right to data transferability (Art. 20 of the GDPR):

In certain cases, which are detailed in Art. 20 of the GDPR, you have the right to receive the personal data concerning you in a structured, common and machine-readable format or to request the transfer of this data to a third party.

5.) Right to object (Art. 21 GDPR):

If data is collected on the basis of Art. 6 para. 1 lit. f (data processing for safeguarding legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. We will then no longer process the personal data unless there are demonstrably compelling legitimate grounds for the processing which override the interests, rights and freedoms of the relevant person, or the processing serves to assert, exercise or defend legal claims.

Right of appeal to a supervisory authority

Pursuant to Art. 77 of the GDPR, you have the right to appeal to a supervisory authority if you are of the opinion that the processing of data concerning you violates data protection provisions The right of appeal may be exercised in particular with a supervisory authority in the member state of your residence, your place of work or the place of the alleged infringement.