Status: 01.06.2022
Thank you for your interest in using our websites. The protection of personal data is our top priority. Below you will find information about the processing of your personal data and about your rights when using our websites.
The person responsible for data processing is:
Gira Giersiepen GmbH & Co. KG
Dahlienstr. 12
42477 Radevormwald
Telephone number: 02195-6020
E-mail address: info@gira.de
You can reach our data protection officer as follows:
Dr. Gregor SchejaScheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn
Phone number: 0228-2272260
Fax number: 0228-22722626
SSL-encrypted contact form: https://www.scheja-partner.de/kontakt/kontakt.html
Website: www.scheja-partner.de
4.1. Own services including cookies and similar technologies
4.1.1. Gira Session
Relevant Website(s)
Private customer side (gira.de, gira.com)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Private customer site: Use of all session-based features of the site
Business customer side: authentication, preferences and caching of user inputs
Categories of personal data
Private customer site: IP address, duration of the session, browser used, device
Business customer page: Preferences and preferences. This includes name, address and e-mail if a contact form is filled out. (For reuse on another form within the same session.), IP address (anonymized)
Legal basis and, if applicable, legitimate interests pursued
Art. 6 (1) (f) GDPR
Legitimate interests pursued: See Data Processing Purposes
Receiver
Internal departments, where access is required for the performance of tasks
Transfer to third countries
none
Storage period
Storage of data on the duration of the session until the browser is closed
Time of saving: When the page is loaded
4.1.2. home-assistant-remember-token
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Used to maintain the status of the Home Assistant configuration when using the Gira Home Assistant
Categories of personal data
IP address, ID of the configuration - there is only a personal reference when the configuration is completed (craftsman selected and data entered)
Legal basis and, if applicable, legitimate interests pursued
Art. 6 (1) (f) GDPR
Legitimate interests pursued: See Data Processing Purposes
Receiver
Internal departments, where access is required for the performance of tasks
Transfer to third countries
none
Storage period
Duration of the session
4.1.3. Matomo
Relevant Website(s)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Statistical evaluation of website usage
Categories of personal data
IP address (anonymized/shortened), approximate region of the visitor, browser and plug-ins used, browser language setting, time of page access, loading time, operating system, screen size, rererr, time of previous visits, number of visits
Legal basis and, if applicable, legitimate interests pursued
IP address (anonymized/shortened), approximate region of the visitor, browser and plug-ins used, browser language setting, time of page access, loading time, operating system, screen size, rererr, time of previous visits, number of visits
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Transfer to third countries
none
Storage period
12 months
Time of storage: After consent
4.1.4. sda-serversession
Relevant website(s)
Private customer side (gira.de, gira.com)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Authentication in the Gira Device Portal (SDA Portal)
Categories of personal data
IP address (anonymized)
Legal basis and, if applicable, legitimate interests pursued
Art. 6 (1) (b) GDPR
Receiver
Internal departments, where access is required for the performance of tasks
ISE Individuelle Software und Elektronik GmbH
Transfer to third countries
none
Storage period
Duration of the session
4.1.5. supported_browser
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Site optimization for different browser types
Categories of personal data
IP address, duration of the session, browser used, device
Legal basis and, if applicable, legitimate interests pursued
Art. 6 (1) (f) GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Transfer to third countries
none
Storage period
Duration of the session
4.1.6. XSRF Token
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Protection against cross-site scripts
Categories of personal data
IP address, duration of the session, browser used, device
Legal basis and, if applicable, legitimate interests pursued
Art. 6 (1) (f) GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Transfer to third countries
none
Storage period
2 hours
4.1.8. Chatbot
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Use of the chat function
Categories of personal data
Chat content, Conversation ID
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. f GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Userlike UG
Transfer to third countries
none
Storage period
Session Storage: until the end of the session
Local Storage: indefinite (but the authentication token is invalid after 24 hours)
4.1.9. GIRA_zg
Relevant Website(s)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Submission of the registration role to display relevant information and services
Categories of personal data
IP address (anonymized), target group classification (building owner/end user, specialist tradesmen, planners, wholesalers, architects)
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Transfer to third countries
none
Storage period
6 months
4.1.10. Google reCAPTCHA
Relevant Website(s)
Private customer side (gira.de, gira.com)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Checking whether data entry on websites is done by a human or by an automated program
Categories of personal data
Private customer site: IP address (anonymized), time spent on the website by the website visitor, mouse movements made by the user
Business customer site: IP address, length of time spent on the website by the website visitor, mouse movements made by the user IP address (anonymised), date and time of visit to the website in question, internet address or URL of the website accessed
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Google Ireland Ltd, Google LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
12 months
4.1.11. Google Analytics
Relevant website(s)
Private customer side (gira.de, gira.com)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Website usage analysis. Google Analytics examines, among other things, the origin of visitors, the time spent on the individual pages and thus enables better page and feature optimization.
Categories of personal data
Place, time or frequency of visiting our website, IP address (anonymised)
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Google Ireland Ltd, Google LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
14 months
4.1.12. Google Tag Manager
Relevant website(s)
Private customer side (gira.de, gira.com)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Managing website tags from an interface
Categories of personal data
IP address (anonymized)
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Google Ireland Ltd, Google LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
14 months
4.1.13. doubleclick.net
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
With Doubleclick, ads can be placed and managed on a website. When, where and how often they should appear is controlled by the operator via campaigns.
Categories of personal data
IP address (anonymized)
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Google Ireland Ltd, Google LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
14 months
4.1.14. Evalanche
Relevant website(s)
Private customer side (gira.de, gira.com)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
By tracking the use of Gira offers, Gira marketing and sales processes can be digitised and automated. By segmenting subscribers/website visitors, targeted and more individual information can be provided. Increased attention can increase follow-up activities and also increase customer satisfaction.
Categories of personal data
Date and time, type (object, e.g. eMailing, LeadPage), browser referrer, user agent, link ID (optional), object IDs, optional object-dependent information, individual transfer parameters, geocoordinates or alternatively IP-based geocoordinates (for forms with address input) via Locr GmbH (entry of postal addresses without first and last names) with server location Germany
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
SC Networks GmbH
Transfer to third countries
none
Storage period
12 months
4.1.16. Hotjar
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Hotjar allows us to create a kind of thermal image of selected pages. This allows users to see how they move around the site. We see where they click, how deep they scroll, and how they move around the page.
Categories of personal data
IP address, heatmaps of usage
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Hotjar Ltd.
Transfer to third countries
none
Storage period
12 months
4.1.17. Lead Process (Optional after Home Assistant)
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
You can use the planning assistant to forward your request to an electrical installation company for the implementation of the project you have described. In this context, we collect and process the following data from you:
Categories of personal data
Surname and first name
Your address
Address of the construction project
Your email address
Your phone number
Legal basis and, if applicable, legitimate interests pursuedThe initial enquiry to the installation companies selected by you is made in anonymised form, unless we have received the data of the electrical installation company from you (see below). If the installation company has a fundamental interest in carrying out the project, the personal data you provide will be passed on by us to the installation company for the purpose of contacting you. Your consent to this in accordance with Art. 6 (1) (a) GDPR is the necessary legal basis for the processing of the data. We obtain consent from you before data is collected. You can revoke your consent at any time with effect for the future. We process your personal data in order to:
to be able to provide the Gira Home Assistant with its functions and content,
to enable communication with you by us and the electrical installation company for the implementation of the project described by you in the planning assistant,
if necessary, to fulfil our obligations under data protection law in the event that we receive personal data from the electrical installation company from you. If the data collection is no longer necessary to achieve the purpose, the data will be deleted, but no later than 2 years after the data was collected.
RecipientsWe pass on your personal data to the electrical installation companies you have selected. There will be no transfer to non-EU countries. You have the option of entering the contact details of an electrical installation company to whom you would like to send your request, but which is not yet selectable. If you make use of this option and the data you provide is personal data, we will pass on your name to the electrical installation company in question as the source of the data in order to fulfil our data protection obligations.
Transfer to third countries
none
Storage period
2 years
4.2. Integration of third-party services, including cookies and similar technologies.
4.2.1. Google Maps map service
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Display of interactive maps
Categories of personal data
IP address (anonymised), date and time of visit to the website in question, internet address or URL of the website accessed
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Google Ireland Ltd, Google LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
12 months
4.2.2. Vimeo
Relevant website(s)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Display of videos
Categories of personal data
Business customer site: IP address, length of time spent on the website by the website visitor, mouse movements made by the user IP address (anonymised), date and time of visit to the website in question, internet address or URL of the website accessed
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Vimeo, LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
longer than 12 months
4.2.3. YouTube
Relevant website(s)
Business customer side (partner.gira.de, partner.gira.com)
Data processing purposes
Display of videos
Categories of personal data
IP address, date and time as well as the website visited
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Google Ireland Ltd, Google LLC (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
longer than 12 months
4.2.4. Facebook Pixel
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Evaluation of website usage, campaign success measurement
Categories of personal data
IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographic location
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Meta Platforms Ireland Ltd, Meta Platforms, Inc. (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
90 days
4.2.5. Pinterest Day
Relevant website(s)
Private customer side (gira.de, gira.com)
Data processing purposes
Evaluation of website usage, campaign success measurement
Categories of personal data
IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographic location
Legal basis and, if applicable, legitimate interests pursued
Use of the service: § 25 para. 1 sentence 1 TTDSG
Subsequent processing of personal data: Art. 6 para. 1 lit. a GDPR
Receiver
Internal departments, where access is required for the performance of tasks
Pinterest, Inc. (USA)
Transfer to third countries
Third country: USA
Adequacy decision/guarantees/exemption provision: Standard contractual clauses, copy to be requested by contacting section 1, consent pursuant to Art. 49 (1) (a) GDPR
Storage period
12 months
As a data subject, you have the following rights under the GDPR, provided that their respective legal requirements are met:
Information: You have the right to obtain information about the data processed about you.
Rectification: You can request the correction of inaccurate data about you. In addition, you can request the completion of incomplete data.
Erasure: In certain cases, you can request the deletion of your personal data.
Restriction of processing: In certain cases, you can request that the processing of your data be restricted.
Data portability: If you have provided data on the basis of a contract or consent, you can request that you receive the data you have provided in a structured, commonly used and machine-readable format or that it be transmitted to another controller.
Right to object
You have the right to object at any time, on grounds relating to your particular situation, to the processing of your personal data that is carried out on the basis of Art. 6 (1) (e) GDPR or Art. 6 (1) f) GDPR; this also applies to profiling based on these provisions. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated that outweigh your interests, rights and freedoms, or the processing serves to establish, exercise or defend legal claims.
Right to object to the processing of data for direct marketing purposes
In individual cases, your data will be processed for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising. This also applies to profiling, insofar as it is related to such direct advertising. If you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes. Revocation of consent: If you have given your consent to the processing of your data, you can revoke it at any time with effect for the future. The lawfulness of the processing of your data until the revocation remains unaffected. Assertion of your rights: To exercise all of your rights mentioned above, please contact info@gira.de or by post to the address given above under section 1. Please make sure that we are able to uniquely identify you.
Right to lodge a complaint with the supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you believe that the processing of personal data concerning you is unlawful.