Privacy policy

Status: 01.06.2022

Thank you for your interest in using our websites. The protection of personal data is our top priority. Below you will find information about the processing of your personal data and about your rights when using our websites.

1. Controller

The person responsible for data processing is:

Gira Giersiepen GmbH & Co. KG

Dahlienstr. 12

42477 Radevormwald

Telephone number: 02195-6020

E-mail address: info@gira.de

2. Data protection officer

You can reach our data protection officer as follows:

Dr. Gregor SchejaScheja & Partners GmbH & Co. KG

Adenauerallee 136

53113 Bonn

Phone number: 0228-2272260

Fax number: 0228-22722626

SSL-encrypted contact form: https://www.scheja-partner.de/kontakt/kontakt.html
Website: www.scheja-partner.de

4. Details of the functionalities and services used

4.1. Own services including cookies and similar technologies

4.1.1. Gira Session
Relevant Website(s)

  • Private customer side (gira.de, gira.com)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Private customer site: Use of all session-based features of the site

  • Business customer side: authentication, preferences and caching of user inputs

Categories of personal data

  • Private customer site: IP address, duration of the session, browser used, device

  • Business customer page: Preferences and preferences. This includes name, address and e-mail if a contact form is filled out. (For reuse on another form within the same session.), IP address (anonymized)

Legal basis and, if applicable, legitimate interests pursued

  • Art. 6 (1) (f) GDPR

  • Legitimate interests pursued: See Data Processing Purposes

Receiver

  • Internal departments, where access is required for the performance of tasks

Transfer to third countries

  • none

Storage period

  • Storage of data on the duration of the session until the browser is closed

  • Time of saving: When the page is loaded

4.1.2. home-assistant-remember-token
Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Used to maintain the status of the Home Assistant configuration when using the Gira Home Assistant

Categories of personal data

  • IP address, ID of the configuration - there is only a personal reference when the configuration is completed (craftsman selected and data entered)

Legal basis and, if applicable, legitimate interests pursued

  • Art. 6 (1) (f) GDPR

  • Legitimate interests pursued: See Data Processing Purposes

Receiver

  • Internal departments, where access is required for the performance of tasks

Transfer to third countries

  • none

Storage period

  • Duration of the session

4.1.3. Matomo
Relevant Website(s)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Statistical evaluation of website usage

Categories of personal data

  • IP address (anonymized/shortened), approximate region of the visitor, browser and plug-ins used, browser language setting, time of page access, loading time, operating system, screen size, rererr, time of previous visits, number of visits

Legal basis and, if applicable, legitimate interests pursued

  • IP address (anonymized/shortened), approximate region of the visitor, browser and plug-ins used, browser language setting, time of page access, loading time, operating system, screen size, rererr, time of previous visits, number of visits

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

Transfer to third countries

  • none

Storage period

  • 12 months

  • Time of storage: After consent

4.1.4. sda-serversession
Relevant website(s)

  • Private customer side (gira.de, gira.com)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Authentication in the Gira Device Portal (SDA Portal)

Categories of personal data

  • IP address (anonymized)

Legal basis and, if applicable, legitimate interests pursued

  • Art. 6 (1) (b) GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • ISE Individuelle Software und Elektronik GmbH

Transfer to third countries

  • none

Storage period

  • Duration of the session

4.1.5. supported_browser
Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Site optimization for different browser types

Categories of personal data

  • IP address, duration of the session, browser used, device

Legal basis and, if applicable, legitimate interests pursued

  • Art. 6 (1) (f) GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

Transfer to third countries

  • none

Storage period

  • Duration of the session

4.1.6. XSRF Token

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Protection against cross-site scripts

Categories of personal data

  • IP address, duration of the session, browser used, device

Legal basis and, if applicable, legitimate interests pursued

  • Art. 6 (1) (f) GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

Transfer to third countries

  • none

Storage period

  • 2 hours

4.1.8. Chatbot

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Use of the chat function

Categories of personal data

  • Chat content, Conversation ID

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. f GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Userlike UG

Transfer to third countries

  • none

Storage period

  • Session Storage: until the end of the session

  • Local Storage: indefinite (but the authentication token is invalid after 24 hours)

4.1.9. GIRA_zg
Relevant Website(s)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Submission of the registration role to display relevant information and services

Categories of personal data

  • IP address (anonymized), target group classification (building owner/end user, specialist tradesmen, planners, wholesalers, architects)

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

Transfer to third countries

  • none

Storage period

  • 6 months

4.1.10. Google reCAPTCHA
Relevant Website(s)

  • Private customer side (gira.de, gira.com)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Checking whether data entry on websites is done by a human or by an automated program

Categories of personal data

  • Private customer site: IP address (anonymized), time spent on the website by the website visitor, mouse movements made by the user

  • Business customer site: IP address, length of time spent on the website by the website visitor, mouse movements made by the user IP address (anonymised), date and time of visit to the website in question, internet address or URL of the website accessed

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Google Ireland Ltd, Google LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 12 months

4.1.11. Google Analytics

Relevant website(s)

  • Private customer side (gira.de, gira.com)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Website usage analysis. Google Analytics examines, among other things, the origin of visitors, the time spent on the individual pages and thus enables better page and feature optimization.

Categories of personal data

  • Place, time or frequency of visiting our website, IP address (anonymised)

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Google Ireland Ltd, Google LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 14 months

4.1.12. Google Tag Manager

Relevant website(s)

  • Private customer side (gira.de, gira.com)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Managing website tags from an interface

Categories of personal data

  • IP address (anonymized)

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Google Ireland Ltd, Google LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 14 months

4.1.13. doubleclick.net

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • With Doubleclick, ads can be placed and managed on a website. When, where and how often they should appear is controlled by the operator via campaigns.

Categories of personal data

  • IP address (anonymized)

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Google Ireland Ltd, Google LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 14 months

4.1.14. Evalanche

Relevant website(s)

  • Private customer side (gira.de, gira.com)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • By tracking the use of Gira offers, Gira marketing and sales processes can be digitised and automated. By segmenting subscribers/website visitors, targeted and more individual information can be provided. Increased attention can increase follow-up activities and also increase customer satisfaction.

Categories of personal data

  • Date and time, type (object, e.g. eMailing, LeadPage), browser referrer, user agent, link ID (optional), object IDs, optional object-dependent information, individual transfer parameters, geocoordinates or alternatively IP-based geocoordinates (for forms with address input) via Locr GmbH (entry of postal addresses without first and last names) with server location Germany

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • SC Networks GmbH

Transfer to third countries

  • none

Storage period

  • 12 months

4.1.16. Hotjar

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Hotjar allows us to create a kind of thermal image of selected pages. This allows users to see how they move around the site. We see where they click, how deep they scroll, and how they move around the page.

Categories of personal data

  • IP address, heatmaps of usage

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Hotjar Ltd.

Transfer to third countries

  • none

Storage period

  • 12 months

4.1.17. Lead Process (Optional after Home Assistant)

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • You can use the planning assistant to forward your request to an electrical installation company for the implementation of the project you have described. In this context, we collect and process the following data from you:

Categories of personal data

  • Surname and first name

  • Your address

  • Address of the construction project

  • Your email address

  • Your phone number

Legal basis and, if applicable, legitimate interests pursuedThe initial enquiry to the installation companies selected by you is made in anonymised form, unless we have received the data of the electrical installation company from you (see below). If the installation company has a fundamental interest in carrying out the project, the personal data you provide will be passed on by us to the installation company for the purpose of contacting you. Your consent to this in accordance with Art. 6 (1) (a) GDPR is the necessary legal basis for the processing of the data. We obtain consent from you before data is collected. You can revoke your consent at any time with effect for the future. We process your personal data in order to:

  • to be able to provide the Gira Home Assistant with its functions and content,

  • to enable communication with you by us and the electrical installation company for the implementation of the project described by you in the planning assistant,

  • if necessary, to fulfil our obligations under data protection law in the event that we receive personal data from the electrical installation company from you. If the data collection is no longer necessary to achieve the purpose, the data will be deleted, but no later than 2 years after the data was collected.

RecipientsWe pass on your personal data to the electrical installation companies you have selected. There will be no transfer to non-EU countries. You have the option of entering the contact details of an electrical installation company to whom you would like to send your request, but which is not yet selectable. If you make use of this option and the data you provide is personal data, we will pass on your name to the electrical installation company in question as the source of the data in order to fulfil our data protection obligations.

Transfer to third countries

  • none

Storage period

  • 2 years

4.2. Integration of third-party services, including cookies and similar technologies.

4.2.1. Google Maps map service

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Display of interactive maps

Categories of personal data

  • IP address (anonymised), date and time of visit to the website in question, internet address or URL of the website accessed

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Google Ireland Ltd, Google LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 12 months

4.2.2. Vimeo

Relevant website(s)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Display of videos

Categories of personal data

  • Business customer site: IP address, length of time spent on the website by the website visitor, mouse movements made by the user IP address (anonymised), date and time of visit to the website in question, internet address or URL of the website accessed

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Vimeo, LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • longer than 12 months

4.2.3. YouTube

Relevant website(s)

  • Business customer side (partner.gira.de, partner.gira.com)

Data processing purposes

  • Display of videos

Categories of personal data

  • IP address, date and time as well as the website visited

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Google Ireland Ltd, Google LLC (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • longer than 12 months

4.2.4. Facebook Pixel

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Evaluation of website usage, campaign success measurement

Categories of personal data

  • IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographic location

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Meta Platforms Ireland Ltd, Meta Platforms, Inc. (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 90 days

4.2.5. Pinterest Day

Relevant website(s)

  • Private customer side (gira.de, gira.com)

Data processing purposes

  • Evaluation of website usage, campaign success measurement

Categories of personal data

  •  

  • IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographic location

Legal basis and, if applicable, legitimate interests pursued

  • Use of the service: § 25 para. 1 sentence 1 TTDSG

  • Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR

Receiver

  • Internal departments, where access is required for the performance of tasks

  • Pinterest, Inc. (USA)

Transfer to third countries

  • Third country: USA

  • Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR

Storage period

  • 12 months

 

3. Your rights as a data subject

As a data subject, you have the following rights under the GDPR, provided that their respective legal requirements are met:

Information: You have the right to obtain information about the data processed about you.
Rectification: You can request the correction of inaccurate data about you. In addition, you can request the completion of incomplete data.
Erasure: In certain cases, you can request the deletion of your personal data.
Restriction of processing: In certain cases, you can request that the processing of your data be restricted.
Data portability: If you have provided data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, commonly used and machine-readable format or that it be transmitted to another controller.

Right to object

You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Art. 6 (1) (e) GDPR or Art. 6 (1) f) GDPR; this also applies to profiling based on these provisions. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated that outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.

Right to object to the processing of data for direct marketing purposes

In individual cases, your data will be processed for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Revocation of consent: If you have given your consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected. Assertion of your rights: To exercise all of your rights mentioned above, please contact info@gira.de or by post to the address given above under section 1. Please make sure that we are able to uniquely identify you.


Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.