Data protection

Version: 01.06.2022

Thank you for your interest in our websites. The protection of personal data is our top priority. You can find information below about the processing of your personal data and about your rights when using our websites.

1. Data controller

The data controller for the processing of your personal data is:
Gira Giersiepen GmbH & Co. KG
Dahlienstr. 12
42477 Radevormwald
Telephone number: 02195-6020
E-mail address: info@gira.de

2. Data protection officer

You can contact our data protection officer using the details below:
Dr. Gregor Scheja
Scheja & Partners GmbH & Co. KG
Adenauerallee 136
53113 Bonn
Telephone number: +49 (0)228-2272260
Fax number: +49 (0)228-22722626
SSL-encrypted contact form: https://www.scheja-partner.de/kontakt/kontakt.html
Website: www.scheja-partner.de

3. Your rights as a data subject

You have the following rights under the GDPR as a data subject, provided that their respective legal requirements are met:

Access: You have the right to access the data processed concerning you.
Rectification: You have the right to request rectification of inaccurate data concerning you. You also have the right to have incomplete data completed.
Erasure: In certain cases, you have the right to request the erasure of your personal data.
Restriction of processing: In certain cases, you have the right to request restriction of processing of your data.
Data portability: If you have provided data on the basis of a contract or consent, you have the right to receive the data you have provided in a structured, commonly used and machine-readable format or the right to transmit those data to another controller.

**Right to object **
Right to object on a case-by-case basis

You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. This personal data will then no longer be processed for these purposes, unless compelling legitimate grounds for the processing can be demonstrated which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

Right to object to processing of data for direct marketing purposes

In individual cases, your data will be processed for direct marketing purposes. You have the right to object at any time to the processing of personal data concerning you for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If you object to processing for the purpose of direct marketing, your personal data will no longer be processed for that purpose. ** Withdrawal of consent: **
If you have given your consent to the processing of your data, you may withdraw this consent at any time with future effect. This does not affect the lawfulness of data processing based on this consent before its withdrawal.
** Assertion of your rights: ** To exercise any of the aforementioned rights, please contact us via e-mail at info@gira.de or by post at the address given under Point 1 above. When contacting us, please make sure that you clearly identify yourself. Right to lodge a complaint with the supervisory authority: You have the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of personal data relating to you to be unlawful.  

4. Details on the functionalities and services used

4.1. Internal services including cookies and comparable technologies

4.1.1. Gira session
Relevante Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Private customer site: Use of all the site’s session-based features
  • Business customer site: Authentication, preferences and caching of user inputs

Categories of personal data

  • Private customer site: IP address, duration of session, user browser, end device
  • Business customer site: Settings and preferences. Including name, address and e-mail if a contact form is filled out. (For reuse on another form within the same session), IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable

  • Article 6(1)(f) GDPR
  • Legitimate interests pursued: See data processing purposes

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment

Third country transfer

  • none

Storage period

  • Storage of data for the duration of the session, until the browser is closed
  • Time of storage: When loading the page

4.1.2. home-assistent-remember-token
Relevant website(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Serves to maintain the status of the Home Assistant configuration when using the Gira Home Assistant

Categories of personal data

  • IP address, configuration ID – a personal reference is only available when configuration is completed (tradesperson selected and data entered)

Legal basis and legitimate interests pursued, if applicable

  • Article 6(1)(f) GDPR
  • Legitimate interests pursued: See data processing purposes

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment

Third country transfer

  • none

Storage period

  • Duration of the session

4.1.3. Matomo
Relevant website(s)

  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Statistical analysis of website usage

Categories of personal data

  • IP address (anonymised/abbreviated), approximate region of the visitor, browser and plug-ins used, browser language setting, time of page view, load time, operating system, screen size, referrer, time of previous visits, number of visits

Rechtsgrundlage und ggf. verfolgte berechtigte Interessen

  • IP-Adresse (anonymisiert/gekürzt), ungefähre Region des Besuchers, verwendeter Browser und Plug-Ins, Spracheinstellung des Browsers, Zeitpunkt des Seitenaufrufs, Ladezeit, Betriebssystem, Bildschirmgröße, Rererrer, Zeitpunkt vorangegangener Besuche, Anzahl der Besuche

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG)
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment

Third country transfer

  • none

Storage period

  • 12 months
  • Time of storage: Following consent

4.1.4. _sda-server_session
Relevant website(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Authentication in the Gira device portal (SDA portal)

Categories of personal data

  • IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable

  • Article 6(1)(b) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • ISE Individuelle Software und Elektronik GmbH

Third country transfer

  • none

Storage period

  • Duration of the session

4.1.5. supported_browser
Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Optimisation of the site for different browser types

Categories of personal data

  • IP address, duration of session, user browser, end device

Legal basis and legitimate interests pursued, if applicable

  • Article 6(1)(f) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment

Third country transfer

  • none

Storage period

  • Duration of the session

4.1.6. XSRF-Token

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Protection against cross-site scripts

Categories of personal data

  • IP address, duration of session, user browser, end device

Legal basis and legitimate interests pursued, if applicable

  • Article 6(1)(f) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment

Third country transfer

  • none

Storage period

  • 2 hours

4.1.7. Chatbot Userlike

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Use of the chat function

Categories of personal data

  • Chat content, conversation ID

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG)
  • Subsequent processing of personal data: Article 6(1)(f) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Userlike UG

Third country transfer

  • none

Storage period

  • Session storage: until the end of the session
  • Local Storage: indefinite (the authentication token is invalid after 24 hours, however)

4.1.8. GIRA_zg
Relevant Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Transmission of registration role for displaying relevant information and services

Categories of personal data

  • IP address (anonymised), target group classification (building owner/end user, specialised tradesperson, planner, wholesaler, architect)

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment

Third country transfer

  • none

Storage period

  • 6 months

4.1.9. Google reCAPTCHA
Relevant Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Verification of whether data entry on websites is done by a human or by an automated program

Categories of personal data

  • Private customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user
  • Business customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user, date and time of the visit to the website in question, internet address or URL of the website accessed

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 12 months

4.1.10. Google Analytics

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Analysis of website usage. Google Analytics examines, among other things, the origin of visitors and the length of time spent on individual pages, thus enabling better page and feature optimisation.

Categories of personal data

  • Location, time or frequency of visits to our website, IP address (anonymised)

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 14 months

4.1.11. Google Optimize

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Google Optimize is used to test user interaction with two versions of a website (so-called A/B test). Serves to optimise the website, in particular user friendliness.

Categories of personal data

  • IP-Adresse (anonymised)

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 14 months

4.1.12. Google Tag Manager

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Management of website tags via an interface

Categories of personal data

  • IP-Adresse (anonymised)

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 14 months

4.1.13. doubleclick.net

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Doubleclick can be used to place and manage adverts on a website. When, where and how often they should appear is controlled by the operator via campaigns.

Categories of personal data

  • IP-Adresse (anonymised)

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Google Ireland Ltd, Google LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 14 months

4.1.14. Evalanche

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)
  • Business customer site (partner.gira.de, partner.gira.com)

*Data processing purposes

  • Gira marketing and sales processes can be digitised and automated by tracking how Gira offers are used. By separating subscribers from website visitors, targeted and more personalised information can be provided. Increased attention enables more follow-up activities and increased customer satisfaction can also be achieved.

Categories of personal data

  • Date and time, type (object, e.g. eMailing, LeadPage), browser referrer, user agent, link ID (optional), object IDs, optional object-dependent information, individual transfer parameters, geocoordinates or alternatively IP-based geocoordinates (for forms with address entry) via Locr GmbH (recording postal addresses without first and last names) with server location in Germany

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • SC Networks GmbH

Third country transfer

  • none

Storage period

  • 12 months

4.1.15. Hotjar

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • - Hotjar allows us to create a kind of heat map of selected pages. This allows us to see how users navigate around the site. We can see where they click, how far they scroll and how they move around the page.

Categories of personal data

  • IP address, heat maps of usage

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Hotjar Ltd.

Third country transfer

  • none

Storage period

  • 12 months

4.2. Integration of third-party services, including cookies and comparable technologies.

4.2.1. Map service Google Maps

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Display of interactive maps

Categories of personal data

  • IP address (anonymised), date and time of the visit to the relevant website, internet address or URL of the website accessed

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Google Ireland Ltd, Google LLC (USA)

Third country transferg

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 12 months

4.2.2. Vimeo

Relevant Webite(s)

  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Showing of videos

Categories of personal data

  • Private customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user
  • Business customer site: IP address (anonymised), time spent by the visitor on the website, mouse movements made by the user, date and time of the visit to the website in question, internet address or URL of the website accessed

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG)
  • Folgeverarbeitung der personenbezogenen Daten: Art. 6 Abs. 1 lit. a DSGVO

Recipients

  • Vimeo, LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • longer than 12 months

4.2.3. YouTube

Relevant Webite(s)

  • Business customer site (partner.gira.de, partner.gira.com)

Data processing purposes

  • Showing of videos

Categories of personal data

  • IP address, date and time and the website visited

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the German Telecommunications and Telemedia Data Protection Act (TTDSG)
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Google Ireland Ltd, Google LLC (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • longer than 12 months

4.2.4. Facebook Pixel

Relevant website(s))

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Evaluation of website usage, campaign performance measurement

Categories of personal data

  • IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographical location

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Meta Platforms Ireland Ltd, Meta Platforms, Inc. (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 90 days

4.2.5. Pinterest Tag

Relevant Webite(s)

  • Private customer site (gira.de, gira.com)

Data processing purposes

  • Evaluation of website usage, campaign performance measurement

Categories of personal data

  • IP address, browser information, website visited, date and time of visit, device information, usage data, click path, geographical location

Legal basis and legitimate interests pursued, if applicable

  • Use of the service: First sentence of Section 25(1) of the TTDSG
  • Subsequent processing of personal data: Article 6(1)(a) GDPR

Recipients

  • Internal departments, in so far as access is necessary for task fulfilment
  • Pinterest, Inc. (USA)

Third country transfer

  • Third country: USA
  • Adequacy decision/safeguards/exemption: Standard contractual clauses, copy to be requested via the contact details under Point 1, consent pursuant to Article 49(1)(a) GDPR

Storage period

  • 12 months

Gira UK c/o Wandsworth, the home of Gira in the UK

Send us an enquiry

Send us an E-mail. We will reply to you in writing as soon as possible.

Call us

We would be happy to advise you.

+44 (0) 1483 713400

Monday to Thursday 9:00am – 5:00 pm Friday 9:00 am – 12:00pm

Home Data protection