Privacy statement

Information on the processing of your customer/supplier data in accordance with Art. 13 GDPR

Data Protection Statement for the website
The following provides information about the collection of personal data when you are using our website. Personal data include all information about personal or factual circumstances of an identified or identifiable natural person (excluding legal entities, such as a GmbH or AG). The personal data mainly include details such as name, address, email address or professional relationships of a person.

§ 1 Controller and Data Protection Officer
(1) The controller according to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is GFH GmbH, Großwalding 5, 94469 Deggendorf, Germany, Tel.: 0991290920, email: (see also our Legal notice).

(2) Our data protection officer can be contacted at, or through our above-mentioned postal address with the addition “To the Data Protection Officer”.

§ 2 Collection of personal data when you contact us by email or use the contact form
(1) When you contact us by email, the data provided by you (especially your email address, and possibly, your name and your phone number) are stored by us, in order to reply to your questions.
(2) When you contact us using the contact form on our home page, we also store the data provided by you (name, phone number, email address), in order to respond to your inquiries.
(3) The processing takes place on the legal basis of point (b) of Art. 6(1) of GDPR (pre-contractual measures). The data required in this connection will be deleted by us, after they are no longer required to be retained, or the processing will be restricted, if statutory retention obligations exist.

§ 3 Collection of personal data when you visit our website
(1) When you use the website merely for informational purposes and if you provide information to us otherwise, we only collect the personal data that your browser sends to our server. If you want to view our website, we collect the following data, which are technically necessary for us to display our site to you and to ensure its stability and security (legal basis is point (f) of Art. 6(1) sentence 1 of GDPR):

• Browser type and browser version
• The operating system used
• Referrer URL
• the sub-sites, which can be controlled on our Internet page through an accessing system
• IP address
• Date and time of the server request
• Internet service provider of the accessing system

However, the IP address is anonymised immediately after the processing and before its storage, so that the respective person can no longer be identified.

(2) In addition to the above-mentioned data, cookies are stored in your computer when you use our website. Cookies are small text files which are stored on your hard disk assigned to the browser you are using and through which certain information will flow to the location that sets the cookie (by us here). Cookies cannot run programs or transmit viruses to your computer. They serve to make the Internet service totally more user-friendly and more efficient.

(3) Use of cookies:
a) This website uses the following types of cookies, whose scope and function will be explained in the following:

– Transient cookies (refer b)
– Persistent cookies (refer c).

b) Transient cookies are deleted automatically when you close the browser. In particular, these include the session cookies. These save a so-called session ID, with which various requests from your browser can be assigned to the common session. This allows your computer to be recognised again when you return to our website. The session cookies are deleted when you close your browser.

c) Persistent cookies are automatically deleted after a specified period, which may differ, depending on the cookie. You can always delete the cookies in the security settings of your browser.

d) You can configure your browser settings as desired by you, and, for example, reject the acceptance of third-party cookies or all cookies. We would like to point out that you may not be able to use all functions of this website.

§ 4 Consent with Borlabs Cookie
Our website uses the Borlabs consent technology to obtain your consent to the storage of certain cookies in your browser or for the use of certain technologies and for their data privacy protection compliant documentation. The provider of this technology is Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany (hereinafter referred to as Borlabs). Whenever you visit our website, a Borlabs cookie will be stored in your browser, which archives any declarations or revocations of consent you have entered. These data are not shared with the provider of the Borlabs technology. The recorded data shall remain archived until you ask us to eradicate them, delete the Borlabs cookie on your own or the purpose of storing the data no longer exists. This shall be without prejudice to any retention obligations mandated by law. To review the details of Borlabs’ data processing policies, please visit We use the Borlabs cookie consent technology to obtain the declarations of consent mandated by law for the use of cookies. The legal basis for the use of such cookies is Art. 6(1)(c) GDPR.Change privacy settings

Contact form
If you submit inquiries to us via our contact form, the information provided in the contact form as well as any contact information provided therein will be stored by us in order to handle your inquiry and in the event that we have further questions. We will not share this information without your consent. The processing of these data is based on Art. 6(1)(b) GDPR, if your request is related to the execution of a contract or if it is necessary to carry out pre-contractual measures. In all other cases the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6(1)(f) GDPR) or on your agreement (Art. 6(1)(a) GDPR) if this has been requested; the consent can be revoked at any time. The information you have entered into the contact form shall remain with us until you ask us to eradicate the data, revoke your consent to the archiving of data or if the purpose for which the information is being archived no longer exists (e.g., after we have concluded our response to your inquiry). This shall be without prejudice to any mandatory legal provisions, in particular retention periods.

Request by e-mail, telephone, or fax If you contact us by e-mail, telephone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us for the purpose of processing your request. We do not pass these data on without your consent. These data are processed on the basis of Art. 6(1)(b) GDPR if your inquiry is related to the fulfillment of a contract or is required for the performance of pre-contractual measures. In all other cases, the data are processed on the basis of our legitimate interest in the effective handling of inquiries submitted to us (Art. 6(1)(f) GDPR) or on the basis of your consent (Art. 6(1)(a) GDPR) if it has been obtained; the consent can be revoked at any time. The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g. after completion of your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

§ 6 Registration on this website
You have the option to register on this website to be able to use additional website functions. We shall use the data you enter only for the purpose of using the respective offer or service you have registered for. The required information we request at the time of registration must be entered in full. Otherwise, we shall reject the registration. To notify you of any important changes to the scope of our portfolio or in the event of technical modifications, we shall use the e-mail address provided during the registration process. We shall process the data entered during the registration process on the basis of your consent (Art. 6(1)(a) GDPR). The data recorded during the registration process shall be stored by us as long as you are registered on this website. Subsequently, such data shall be deleted. This shall be without prejudice to mandatory statutory retention obligations.

§ 7 Hosting
We are hosting the content of our website at the following provider: IONOS The provider is the IONOS SE, Elgendorfer Str. 57, 56410 Montabaur, Germany (hereinafter referred to as: IONOS). Whenever you visit our website, IONOS records various logfiles along with your IP addresses. For details, please consult the data privacy policy of IONOS: We use IONOS on the basis of Art. 6 (1)(f) GDPR. Our company has a legitimate interest in presenting a website that is as dependable as possible. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time. We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract mandated by data privacy laws that guarantees that they process personal data of our website visitors only based on our instructions and in compliance with the GDPR.

§8 SSL and/or TLS encryption
For security reasons and to protect the transmission of confidential content, such as purchase orders or inquiries you submit to us as the website operator, this website uses either an SSL or a TLS encryption program. You can recognize an encrypted connection by checking whether the address line of the browser switches from “http://” to “https://” and also by the appearance of the lock icon in the browser line. If the SSL or TLS encryption is activated, data you transmit to us cannot be read by third parties.

§9 Use of Google Ads
This website uses Google AdWords, a service provided by Google, Inc. (“Google”) for Internet advertising, which allows advertisers to make advertisements in the Google search engine results as well as in the Google Display Network.
The person responsible for the processing has integrated Google on this Internet page. Google AdWords allows advertisers to define certain key words in advance, by means of which an advertisement will appear in the Google search engine results, only if the user retrieves a keyword-relevant search result using the search engine. In the Google Display Network, the advertisements are distributed over topic-relevant Internet pages by means of an automatic algorithm and based on the pre-defined key words. The purpose of Google AdWords is the promotion of our Internet page by the insertion of interest-relevant advertising on the Internet pages of third-party companies and in the search engine results of the Google search engine and the insertion of third-party advertising on our website. If a data subject views a Google advertisement on our website, then a so-called conversion cookie is stored by Google in the information technology system of that data subject. What cookies are, has already been explained above. A conversion cookie loses its validity after thirty days and is not used for the identification of the data subject. Provided the conversion cookie has not yet expired, it is tracked through the conversion cookie, whether certain subpages, for example, the shopping cart of an online shop system, have been visited on our Internet page. Through the conversion cookie, both we and Google can track, whether a data subject, who has viewed an AdWords advertisement on our Internet site, has generated a transaction, i.e., has completed or aborted a sale of goods. The data and information collected by the use of conversion cookie are used by Google, in order to collect statistics regarding visits to our Internet page. These statistics regarding visits are used by us again, in order to determine the total number of users, which have been made known to us through AdWords advertisements, i.e., in order to determine the success or failure of the respective AdWords advertisement and to optimise our AdWords advertisements for the future. Neither our company nor any other of Google AdWords advertising customers receive any information from Google, by means of which the data subject could be identified. Conversion cookie is used to store personal information, for example the Internet pages visited by the data subject. Each time you visit our Internet pages, personal data, including the IP address of the Internet connection used by the data subject, are transferred to Google in the United States of America. These personal data are stored by Google in the United States of America. Google passes on these personal data collected through the technical process to third parties under certain circumstances. The data subject can prevent the setting of cookies by our website at any time, as already shown above, by means of an appropriate configuration of the Internet browser used and thus avoid the setting of cookies permanently. Such a configuration of the Internet browser used would also prevent Google from setting a conversion cookie in the information technology system of the data subject. In addition, a cookie already set by Google AdWords can be deleted at any time via the Internet browser or other software programs. Further, there is a possibility for the data subject to avoid the interest-based advertising by Google. In order to do this, the data subject must call from each Internet browser used by him/her the link and then make the desired settings there. Information on third-party provider: The operator of the Google AdWords services is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. For more information on the purpose and the scope of data collection and its processing by Google, please refer to the data protection statements of the provider under

§10 Plugins and Tools
YouTube with expanded data protection integration
Our website embeds videos of the website YouTube. The website operator is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. We use YouTube in the expanded data protection mode. According to YouTube, this mode ensures that YouTube does not store any information about visitors to this website before they watch the video. Nevertheless, this does not necessarily mean that the sharing of data with YouTube partners can be ruled out as a result of the expanded data protection mode. For instance, regardless of whether you are watching a video, YouTube will always establish a connection with the Google DoubleClick network. As soon as you start to play a YouTube video on this website, a connection to YouTube’s servers will be established. As a result, the YouTube server will be notified, which of our pages you have visited. If you are logged into your YouTube account while you visit our site, you enable YouTube to directly allocate your browsing patterns to your personal profile. You have the option to prevent this by logging out of your YouTube account. Furthermore, after you have started to play a video, YouTube will be able to place various cookies on your device or comparable technologies for recognition (e.g. device fingerprinting). In this way YouTube will be able to obtain information about this website’s visitors. Among other things, this information will be used to generate video statistics with the aim of improving the user friendliness of the site and to prevent attempts to commit fraud. Under certain circumstances, additional data processing transactions may be triggered after you have started to play a YouTube video, which are beyond our control. The use of YouTube is based on our interest in presenting our online content in an appealing manner. Pursuant to Art. 6(1)(f) GDPR, this is a legitimate interest. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TTDSG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TTDSG. This consent can be revoked at any time. For more information on how YouTube handles user data, please consult the YouTube Data Privacy Policy under:

Google Fonts (local embedding)
Google Fonts (local embedding) This website uses so-called Google Fonts provided by Google to ensure the uniform use of fonts on this site. These Google fonts are locally installed so that a connection to Google’s servers will not be established in conjunction with this application. For more information on Google Fonts, please follow this link: and consult Google’s Data Privacy Declaration under:

Font Awesome (local embedding)
This website uses Font Awesome to ensure the uniform use of fonts on this site. Font Awesome is locally installed so that a connection to Fonticons, Inc.’s servers will not be established in conjunction with this application. For more information on Font Awesome, please and consult the Data Privacy Declaration for Font Awesome under:

§ 11 Custom Services
Handling applicant data
We offer website visitors the opportunity to submit job applications to us (e.g., via e-mail, via postal services on by submitting the online job application form). Below, we will brief you on the scope, purpose and use of the personal data collected from you in conjunction with the application process. We assure you that the collection, processing, and use of your data will occur in compliance with the applicable data privacy rights and all other statutory provisions and that your data will always be treated as strictly confidential

Scope and purpose of the collection of data
If you submit a job application to us, we will process any affiliated personal data (e.g., contact and communications data, application documents, notes taken during job interviews, etc.), if they are required to make a decision concerning the establishment or an employment relationship. The legal grounds for the aforementioned are § 26 BDSG according to German Law (Negotiation of an Employment Relationship), Art. 6(1)(b) GDPR (General Contract Negotiations) and – provided you have given us your consent – Art. 6(1)(a) GDPR. You may revoke any consent given at any time. Within our company, your personal data will only be shared with individuals who are involved in the processing of your job application
If your job application should result in your recruitment, the data you have submitted will be archived on the grounds of § 26 BDSG and Art. 6(1)(b) GDPR for the purpose of implementing the employment relationship in our data processing system.

Data Archiving Period
If we are unable to make you a job offer or you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted on the basis of our legitimate interests (Art. 6(1)(f) GDPR) for up to 6 months from the end of the application procedure (rejection or withdrawal of the application). Afterwards the data will be deleted, and the physical application documents will be destroyed. The storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the expiry of the 6-month period (e.g., due to an impending or pending legal dispute), deletion will only take place when the purpose for further storage no longer applies. Longer storage may also take place if you have given your agreement (Article 6(1)(a) GDPR) or if statutory data retention requirements preclude the deletion.

§ 12 Data Protection
In addition, we use technical and organisational security measures in order to protect personal data, in particular against accidental or intentional manipulation, loss, destruction or against hacking by unauthorised persons. Our security measures are continuously adapted in line with technological developments.

§ 13 Changes to this Data Protection Statement
If it is necessary to adapt security and data protection measures due to technical or legal development, we will also modify this data protection statement accordingly. Please pay attention to the latest version of our data protection statement

§ 14 Your Rights
(1) You have the following rights against us in respect of the personal data concerning you:
– Right to obtain access to the personal data,
– Right to request rectification or erasure,
– Right to request restriction of processing,
– Right to object to the processing,
– Right to data portability.
(2) You also have the right to complain to a data protection supervisory authority about the processing of your personal data by us.
(3) If you have any questions about the collection, processing or use of your personal data, you can just send an email to: or contact our data protection officer: The same applies to information requests and requests for rectification, blocking or erasure of data, as well as for the withdrawal of any granted consent or objection to a particular use of data.