Data protection declaration
of General Logistics Systems Austria GmbH
Data protection declaration
Data protection declaration for the Websites and Services of General Logistics Systems Austria GmbH
Witch the following information we would like to provide you with an overview on how we process your personal data on the websites of General Logistics Systems Austria GmbH and inform you about your rights according to privacy laws. Depending on the services you use, the details of the data processing differ. In addition to general information, you will find a detailed description of data processing for the specific service you use.
1. General Information
1.1 Applicable data protection laws and data protection obligation
GLS Austria GmbH (GLS Austria) takes data protection and privacy seriously. For that reason, personal data will exclusively be processed in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Federal Data Protection Act (DSG).
As GLS Austria provides postal services or takes part in it, we are subject to maintaining postal secrecy under the Austrian Postal Market Act (PMG).
1.2 Security of personal data
By means of technical and organizational security measures, GLS Austria does its best to protect personal data from loss or misuse. We process personal data in IT systems which are protected by appropriate security measures. This includes using SSL/TLS encryption for transfer of data entered by you on this website. If required by technical progress, we reserve the right to modify these security and privacy protection measures.
1.3 Contact details of the controller and the data protection officer
Controller according to Article 4 (7) GDPR resp. media owner according to § 1 ( 1) number 8 MedienG (Austrian Medien Act) is:
General Logistics Systems Austria GmbH
Phone: +43 (0)5 9876 0
Fax: + 43 (0)5 9876 1901
(Hereinafter: „GLS Austria “)
You can contact our company data protection officer at:
General Logistics Systems Austria GmbH
Data Protection Officer
Traunuferstraße 105 a
Fax: +43 (0)5 9876 1902
If you want to contact via e-mail, please note that the confidentiality of the transmitted information cannot be guaranteed. Unencrypted e-mails can possibly be read by unauthorised third parties.
1.4 Personal Data
'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). This includes for example information such as name, address, telephone number and date of birth.
Information that cannot be linked to a specific or determinable individual - such as the number of users of a website - is not considered to be personal data.
1.5 Legal bases of processing
Your personal data will only be processed by us provided with a legal basis. The processing is lawful, if at least one of the following conditions applies:
Consent (Article 6 (1) lit. a GDPR):
The data subject has given consent to the processing of his or her personal data for one or more specific purposes. One purpose might the processing of your request. The consent can be withdrawn by any time. This also applies to consent given even before the EU GDPR. The withdrawal is only effective for the future and does not affect the legality of the data processed until the withdrawal.
Contractual obligations or pre-contractual measures (Article 6 (1) lit. b GDPR):
The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Upon your request we process your data. Usually this results out of our products/services or can include consultation or analysis on demand.
Legitimate interest (Article 6 (1) lit. f GDPR):
The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Besides the fulfilment of a contract we may have further interests. (e.g. ensuring IT security and operations, to analyse and improve the use of our website, etc.)
Compliance with legal obligation (Article 6 (1) lit. c GDPR):
The processing is necessary for compliance with a legal obligation to which the controller is subject. GLS Austria is subject to different legal obligations. Among others, these include retention periods prescribed by Austrian Corporate Code (UGB) or Federal Tax Code (BAO).
1.6 Data transfer and recipients
Within GLS Austria, those entities, who need your data to fulfil their contractual or legal obligations, have access to your data. Also providers, commissioned by GLS Austria, may receive data for these purposes, provided they meet the legal requirements. Those parties include Group and carefully selected non-Group third parties contractually required to provide services for or on behalf of GLS Austria. GLS Austria has concluded corresponding contractual agreements with these parties. In regard to a data transfer to further recipients, we will only pass on your personal data if required by law, with your consent or if we are authorized for disclosure. Under these conditions, public bodies and institutions (such as prosecuting authorities) can receive your personal data if it is required by law. A transfer of personal data to a third countries will exclusively take place if explicitly mentioned in the context of the former mentioned services.
1.7 Duration of data storage and erasure
GLS Austria stores your personal data only in accordance to legal retention periods and legal obligations, as long as it is necessary for the purpose. We set the duration of the storage according to the following requirements:
Operational requirements: The storage duration, that is needed to complete operational processes.
Legal requirements: Commercial and tax retention periods, which result e.g. from the Austrian Corporate Code (UGB) or the Federal Tax Code of Austria (BAO). According to § 212 UGB and § 132 BAO they usually prescribe retention periods of 7 years. This concerns e.g. the electronic customer invoices that may be accessible through “YourGLS”.
The periods of limitation according to §§ 1489 ff. Of the Austrian Civil Code (ABGB) may be up to 30 years, whereby the regular period of limitation is three years. E.g. Complaints communicated via the contact form.
After expiry of the defined retention period, the data will be deleted or destroyed.
2. Information for consignors and consignees
2.1 Consignor, Consignee and Consignment Data
For the purpose of Parcel Delivery we process consignor information like address, contact details, bank details and other required data for the services used by the consignor.
In addition to that we process data of the consignees. The consignor provides us with the name, address, postcode, city and country of the consignee. During the delivery process the name and signature of the consignee are registered. If the consignee is not at home, GLS is authorized to deliver the parcel to an alternative consignee, for example a neighbour. In this case the name and signature of the alternative consignee are registered. If this delivery is not possible, the parcel will be delivered to a GLS parcel shop. If the parcel is picked up in the parcel shop the name and signature of the consignee or his/her assignee are registered on a smartphone which GLS supplies to the parcel shop owner. All data will be saved on the central GLS IT system.
If you give us a one-time or permanent permission of deposit, we collect your name, address, postcode, city and place of deposit. If you give another person a parcel pickup authorisation, we will collect this person’s name, address and place of residence. The processing takes place in the context of the fulfilment of the contract with the consignor who has an interest in the proper delivery.
For specific delivery services it is required to collect further personal data in order to fulfil the contract:
|Service name||Personal data||Affected person||purpose|
|FlexDeliveryService||e-mail adress||Consignee||Information about the scheduled delivery via e-mail to the alternative consignee|
|In case of alternative delivery: name, address||Alternative consignee|
|CashService||Bank account details||Consignor||Payment of CashOnDelivery Service amount to consignor|
|ShopDeliveryService||e-mail address or mobile phone no.||Consignee||Information about parcel delivery in selected ParcelShop via e-mail or SMS|
|Pick&ReturnService, Pick&ShipService||Pickup address||Sender, who is not a customer||parcel pickup|
|e-mail address||Pick-up contact||Pickup information|
|DeliveryAtWorkService||Department, contact, person, phone no.||Consignee||Delivery in the selected department/on consignee´s workplace|
|InfoService||e-mail address||Consignee||Tracking information about parcel and planned delivery time via e-mail|
If parcels are sent to other countries, the needed consignor and consignee data will be transferred to the GLS partner company in the delivery country.
The collection of your personal data is necessary for the execution of our deliveries and for operations related to that (e.g. accounting or claimed damages) in order to fulfil our contractual duties with our customers (consignor).
As far as needed we process your personal data for the purpose of legitimate interest of GLS Austria or thirds. This applies e.g. to solvency checks, quality management, complaint management and controlling purposes.
In addition to that we as a company are subject to several legal obligations, e.g. fiscal checking and notification duties and sanction checks according to the Foreign Trade and Payments Act.
Compliance with applicable data protection regulations regarding consignor, consignment and consignee data is an original duty of GLS Austria. Transferring data to GLS Austria by the consignor/client for the purpose of fulfilling a contract does not constitute a processing of data on behalf.
For additional services like our “FlexDeliveryService” and the “ShopDeliveryService” the e-mail address or the phone number of the consignee is required in order to receive updates on the delivery. GLS Austria receives this data from the customer, who orders the service. The consignor is therefore responsible for a proper handling of this data. In particular the client is also responsible for obtaining the consent of the consignee to the transfer of his telephone number and/or e-mail address to GLS Austria.
In case of “Pick&ReturnService” or “Pick&ShipService” the customer can provide the e-mail address of the pickup contact (see above). GLS Austria receives this data from the customer, who orders the service. The consignor is therefore responsible for a proper handling of this data. In particular the client is also responsible for obtaining the consent of the pickup contact to the transfer of his e-mail address to GLS Austria.
In case of any question according to this process, please contact your contracting party (the consignor/requester of the pickup order). Furthermore it is also possible to withdraw your consent towards GLS Austria. To do so, please contact our data protection officer .
2.3 Delivery options
When choosing a new delivery option, personal data is collected and processed:
The following user data will be collected and processed when choosing a new delivery option:
- First name, last name*
- New delivery address (street, ZIP, city, country)*
- Drop-off point*
- Authorised recipient (first name, last name)*
- E-Mail address
*does not apply to all delivery options
The data is being used to fulfil the delivery agreement or to contact users during delivery to make sure the parcel can be delivered at the desired time and place. This represents a fulfilment of contractual obligations according to Article 6 (1) lit. b GDPR. A use for other purposes, especially disclosure to third parties, is excluded.
3. Information for applicants
Controllers for the processing in terms of the application process according to Article 4 (7) GDPR resp. media owner according to § 1 (1) number 8 MedienG (Austrian Media Act) are: General Logistics Systems Austria GmbH Traunuferstraße 105 4052 Ansfelden (Hereinafter: „The controllers“)
3.1 Application information
By applying to one of the above mentioned companies via https://gls-group.eu/AT/en/career , by e-mail or by post, you provide the respective company with your personal data for the purpose of examining your application. The data will help the controller to manage your application and to find a suitable job for you. Your data is stored and processed on the systems of our software partner e- Recruiter GmbH.
3.2 Software-Partner e- Recruiter GmbH
3.3 Applicant data
When applying via our GLS career page, the following information is mandatory: salutation, first name, surname, e-mail address (and password for registration), your salary requirements, a curriculum vitae and information on how you have become aware of us.
Additional personal data we receive from you by the voluntary indication of, among other things, a phone number, address details, a photo, a letter of motivation, or your relevant credentials.
If you apply by e-mail or post, we will store all data that you provide us in your application.
In the context of any other contact and use of the e-mail contact form, the data you enter, such as name, address, telephone number, e-mail address, etc., is required to process your request.
The storage and processing of your data for the purpose of applicant management takes place for the initiation of an employment contract with you. As far as necessary we process your personal data for the purpose of legitimate interest of the controllers or thirds. This includes processing for statistical purposes in an anonymous or aggregated way (e.g. reportings).
3.4 Communication via E-mail or WhatsApp
If you give us consent to the processing and storage of your personal data for processing purposes for application beyond the actual staffing and you also want to be contacted via job offers by phone or in electronic form, the lawful processing is based on your consent.
At any time you have the right to withdraw your consent in data processing towards us. This also applies to consent given before the GDPR. The withdrawal is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.
If you have given your consent that we may contact you via WhatsApp, data will be transmitted to WhatsApp Inc. WhatsApp has implemented an end-to-end encryption so that the transmitted content is only accessible to the communication partners. WhatsApp can collect so-called metadata (who communicates with whom and how often).
3.5 Data transfer of applicant data
The central processing of the applicant data is the responsibility of GLS Austria. Your data will only be saved, evaluated, processed or forwarded internally (within the responsible companies) as part of your application. They are only accessible to employees of the human resources department and those persons responsible for the selection of applicants. They are committed to maintain confidentiality of personal data as part of their employment contract. In exceptional cases, additional parties may receive your data.
In the case of recruitment by external recruiting agents, e.g. through Head-hunter or the Employment Agency, they may receive your personal information.
In regard to a data transfer to third parties, we will only transmit your personal data if required by law, with your consent of if we are authorised for disclosure. Under these conditions, public bodies and institutions (such as law enforcement agencies) can receive your personal data.
A transfer of personal data to a non-EU-country will exclusively take place if explicitly stated in the context of the previously mentioned services.
3.6 Duration of storage and erasure
We store your personal data only in accordance with legal retention periods and legal obligations, as long as it is necessary for the purpose. We set the duration of the storage according to the following requirements:
If you start a job with the person in charge, your personal data, or at least an excerpt thereof, will be added to your personal file.
If you have applied and have received a negative decision, your details will be saved for 6 months after completing the application process and will then be anonymized (profile and application). There is no notification about the deletion of the data.
4. Information for ParcelShop partners
4.1 Application as ParcelShop partner
If you apply as a ParcelShop partner of GLS Austria, we need the following personal data of you, respectively: surname, given name, company if applicable, street, house number, postcode, town, country, phone number, e-mail address and website (if applicable) for the purpose of reviewing your application (pre-contractual measures).
If the contract (ParcelShop contract) is closed between you and GLS Austria, we process these data in order to fulfil the contract. Furthermore in terms of accounting we need your bank details, tax ID and sales tax ID. For the proof of business registration we need the corresponding trade register excerpt.
Legal basis for the data processing is Article 6 (1) lit. b GDPR. If no contract is concluded, your data will be deleted latest 2 years after the process has been completed.
4.2 Searching for a ParcelShop
For a better traceability of your ParcelShop its address will be published or shown as a search result on the following websites and applications. This might include ParcelShop searching included in the GLS Austria websites ( gls-group.com ; gls-one.at ) and in the GLS App, Online directory services: (e.g. Google Maps, Herold) and Integration in web shops of ParcelShop partners who offer our ShopDeliveryService.
5. Video surveillance
With video surveillance at the locations of GLS Austria, the company pursues the following legitimate interests in accordance with Article 6 (1) f GDPR:
- Property protection, burglary prevention and householder’s rights
- Parcel tracking incl. documentation of liability transfer
- Security and employee protection for Cash on Delivery transactions
Video recording will be stored for 30 calendar days.
6. Websites of GLS Austria
For a proper use of our services you must provide us with personal data, which is necessary for the fulfilment of the specific purpose or which we are legally required to collect. Otherwise we are usually not able to form a contract with you. The scope of data processing depends on the use of the respective functions.
Track & Trace
The parcel number is required to provide you with status information about the parcel.
The data you submit via contact form (e.g. name, address, zip code and town) is required to process and answer your request.
Shipping information under "Join as business partner"
The data entered in the above mentioned form, such as first name, number of parcels, etc., is required to process your request. After receiving your request we will send you a confirmation e-mail.
The GLS Austria website is generally divided into an open and closed area: Functions in the open area can be used without prior registration. GLS business customers receive login data for “YourGLS” (closed area) from their responsible depot on request.
The closed area "YourGLS" offers you to save addresses of regular consignees in the YourGLS address book. These addresses can be used to produce parcel labels easily. You can delete these addresses any time. Upon request or when your customer relation ends, the YourGLS account will be locked by the responsible depot. The data is deleted after the legal retention period is expired.
Searching for ParcelShop
For searching the closest ParcelShop or GLS Depot, you need to enter the ZIP Code. Please note that a ZIP Code on its own is no personal data.
Application form for suppliers
If you apply as a supplier at GLS Austria, we collect the following personal data of the creditor resp. contact person(s) as part of the pre-contractual review:
First name, last name, (company), address, zip code, city, country, language, telephone number, fax, e-mail address and (website).
Application form for ParcelShop partners
If you apply as a ParcelShop partner at GLS Austria, we collect the following personal data as part of the pre-contractual review:
First name, last name, (company), address, zip code, city, country, telephone number, e-mail address, website.
Drop off permission
On our website you have the option to fill a drop off permission. This allows a delivery, even if we cannot meet you in person. As part of the issue of a parking permit, we collect the following personal data:
First and last name of the recipient or company name, street/house number, zip code/place of residence, e-mail address and a description of the desired storage location (e.g. Garage).
The data of the drop off permission will be stored for another 3 years after revocation, in case of asserting claims for damages.
Proposal for ParcelShop
If you submit a proposal for a ParcelShop in your area, we will process the personal data that you have provided to us via the contact form. Therefore it is mandatory to provide a street, house number, postcode and town. In addition, you have the possibility to provide the name of the ParcelShop, a contact person and your own contact details for us to contact you. You will then only be notified by us if you have given us your consent.
6.2 GLS-ONE and GLS App
• Credit Card: EVO Payments International GmbH, Elsa-Brändström-Str. 10-12, 50668 Köln, Germany (hereinafter „EVO Payments“)
GLS applies fraud prevention measures when you are making an online payment at GLS-ONE or in the GLS App. Therefore your payment can fail (e.g. when exceeding a maximum amount). If you would like to be exempted from these measure, for example, if you want to send higher amounts of parcels, please contact firstname.lastname@example.org . We ask you for understanding, that we check your payment history before activation.
When registering for GLS-ONE or GLS App, your e-mail address and your GLS-ONE password (user data) will be collected and stored. The e-mail address will be used as a user name for GLS-ONE or GLS App and to give you a new password for GLS-ONE if required.
Under "My parcels" you can find a list of all parcels you sent with GLS-ONE including creation date, parcel number, consignee, price and status.
In addition to that, as a registered GLS-ONE user you have the opportunity to save your consignee address under „My address book”. You can delete the addresses at any time. We won’t use the addresses, unless you send us a transport request by using the function “Send parcel”.
By deleting your GLS-ONE account, those consignee addresses will be deleted automatically. The erasure of your data will take place after everything has been settled and after expiry of the legal retention periods.
Track & Trace ("Where is my parcel?")
Your entered parcel number is required to provide you with status information about your searched parcel.
Search for a ParcelShop
For searching the closest ParcelShop, you need to enter the zip code. Please note that a zip code on its own is no personal data.
The data you submit via contact form (e.g. name, address, postcode, town) is required to process and answer your request.
When you register for our newsletter, your e-mail address will be sent to us and a confirmation e-mail will be sent to the address provided. This e-mail contains a link that you must click to confirm your registration (double opt-in procedure).
The lawful processing is based on a balance of interests according to Article 6 (1) lit. f GDPR. GLS Austria operates this InSight site in order to provide customers and other interested people who visit the InSight site with current information from the company itself and to report on current industry trends. The processing of personal data is based on the legitimate interests of GLS Austria in an optimized company presentation. If you have registered for our newsletter with your e-mail address, the data will be processed on the basis of consent in accordance with Article 6 (1) lit. a GDPR.
7. Information about cookies, web analytics and service providers
Hereinafter you will find an overview of the data automatically collected on our website. You will find a description of the individual processes below.
|gls-group.eu/AT||GLS ONE+ GLS APP||gls-insight.at|
|Logging of IP addresses||X||X||X|
|Trusted Shops Trust badge||X|
|Social Media Links||X||X||X|
7.2 Logging of IP addresses
Each time a user accesses the GLS website, data is recorded in a log file. The following data is temporarily recorded:
- Date and time of request
- IP address or DNS name of the requesting computer
- Requested page (URL)
- HTTP answer code
- Client operating system and version
- Browser and version
The log file data is anonymously analysed for statistical purposes. Statistical reports are used to evaluate the usage of this website. In particular, the order in which the pages are visited and the path taken between pages is shown. This is intended to give GLS Austria an indication how the usability of the website can be improved further.
What are cookies?
Small text files stored on your computer, enabling an analysis of your website use. The information stored by cookies can be read by the website when you visit it again at a later date. On the one hand cookies are necessary to ensure that all processes on the site work smoothly. On the other hand cookies can make the re-use of the site easier for the user: Information stored by cookies at the first visit, e. g. language settings or user names, do not need to be entered again. Hence, the website adjusts itself to a certain extent to your individual needs under the condition that the same device will be used.
To provide you an optimal service, adapted to your customer needs. For instance, some information you have already received at the first visit, will not be displayed once more. Activities such as the login and logout process can be facilitated, information you already searched for will be displayed faster. The performance of the website can be increased.
GLS uses the following cookies:
|Provider||Used by website||Name||Purpose|
|GLS||gls-group.com/AT||BIGIP||For internal load balancing of web servers Storage period: Only for current browser session|
|GLS||gls-group.com/AT||feature_release||To provide new features to website users|
|GLS||gls-group.com/AT||glsCountryURL||Saves the selected country on gls-group.eu Storage period: 5 years|
|GLS||gls-group.com/AT||JSESSIONID||Session ID for current browser session Storage period: Only for current browser session|
|GLS||gls-group.com/AT||SEARCHGLSID||For identification of search queries Storage period: Only for current browser session|
|GLS||gls-group.eu/AT, GLS-ONE,||gls-cookie-policy, IsCookieConsentAccepted, cookieUsageConfirmed, cookieconsent_dismissed||Used to save acceptance of cookies by website user Storage period: 2 years|
|Google (Analytics, Optimize, Adwords, Remarketing)||gls-group.eu/AT, GLS-ONE, gls-insight.at||_ga, _gid, _gat, _dc_gtm_<property-id>, AMP_TOKEN, _gac_<property-id> __utma, __utmt, __utmb, __utmc, __utmz, __utmv, __utmx, __utmxx, _gaexp _opt_awcid, _opt_awmid, _opt_awgid, _opt_awkid, _opt_utmc|| These cookies are used by Google Analytics to collect information on how users use the websites or apps, respectively. The information is used to create aggregated usage reports which help us to improve the websites and apps. Detailed information on the single cookies can be found under
Storage period: 13 months
|Microsoft Inc. (Advertising/Bing Ads)||GLS-ONE, GLS- App||_uetsid||Tracking cookie to identify a user which has visited the website before Storage period: 30 minutes after ending the browser session|
|Sgalinski Internet Services||gls-insight.at||spamshield||Used to protect the website from spam created by spam bots. Storage period: Only for current browser session|
|Sgalinski Internet Services||gls-insight.at||Cookie_optin||Saves the cookie settings of the website user. Storage period: 30 days|
|Youtube||gls-insight.at||PREF||Used to save user settings like language for YouTube videos embedded in the websites. Storage period: 13 months|
|Youtube||gls-insight.at||VISITOR_INFO1_LIVE||Used to track information on the embedded YouTube videos on a website. Storage period: 5 months|
|Youtube||gls-insight.at||YSC, GPS||These cookies are used to track views of embedded YouTube videos. The cookies contain a unique ID to track users based on their geographical location. Storage period: 30 minutes|
How to deactivate cookies:
You can adjust this in the settings of your browser. You can find more information in the help for your browser. Please note: If you deactivate cookies, you may no longer be able to use all functions of the respective website.
7.4 Google Analytics and Optimize
Some of these websites also uses Google Optimize. Google Optimize analyses the use of different variants of our website and helps us to improve the usability accordingly to improve the behaviour of our users on the website. Google Optimize is a tool integrated into Google Analytics.
The website operator has a legitimate interest in analysing user behaviour in order to optimize its website. Due to that the legal basis for the data processing is Article 6 (1) lit. f GDPR. We are using Google Analytics to analyse and improve the use of our website. These statistics help us make our services more interesting and efficient. For the exceptional cases in which personal data is transferred to the USA, Google has the EU-US Privacy Shield certification, h<gls_group_u>ttps://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active</gls_group_u>
The GLS website uses the Google Analytics extension „gat._anonymizeIp();“. This ensures anonymized registration of IP addresses ("IP masking"). If IP anonymization is activated on this website, your IP address is shortened before transmission in member states of the European Union or other contractual states of the agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.
You can avoid the installation of cookies by adjusting the according settings of your browser software; however we would like to point out that in this case you might not be able to use all functions of this web site to the full extent. Furthermore you can block the registration of the data created by the Cookie (incl. your IP address) and related to your use of this website and the processing of this data by Google by downloading and installing the browser plugin available under https://tools.google.com/dlpage/gaoptout?hl=de
By clicking on the following link, you can prevent the data collection by Google Analytics. An opt-out cookie will be set, that prevents the data collection on future visits to this website.
Information about the third party supplier:
Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,
Fax: +353 (1) 436 1001
Terms and conditions: https://www.google.com/analytics/terms/de.html
Google is certified under the Privacy Shield Framework and as a result, offers a guarantee that complies with European data protection law. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
7.5 Google AdWords
Our website uses Google conversion tracking. If you reached our website through an ad placed on Google, Google AdWords will place a cookie on your computer. The cookie for conversion tracking is set when a user clicks an ad placed on Google. These cookies expire after 30 days and cannot be used for personal identification. If the user visits certain pages on our website and the cookie has not expired yet, we and Google can detect that the user clicked on the ad and was redirected to this page. Every Google AdWords customer receives a different cookie. Thus cookies cannot be used to trace AdWords customers through the websites. The information obtained using the conversion cookie serves to generate conversion statistics for AdWords customers who have opted for conversion tracking. The customer receives the total number of users that clicked on their ad and were redirected to a site with a conversion tracking tag. However, they will not receive any information that could be used to personally identify users.
If you do not want to participate in tracking, you can decline the setting of cookies required for this – for example through the browser setting that generally disables the automatic setting of cookies or by adjusting your browser so that cookies from the domain “googleadservices.com” are blocked.
Please note that you may not delete opt-out cookies as long as you do not want any measurement data recorded. If you have deleted all the cookies in your browser, you will need to reset the respective opt-out cookie.
7.6 Use of Google Remarketing
This website uses the remarketing function of Google Inc. This function serves to present website visitors within the Google advertising network with ads based on their interests. A “cookie” will be stored in the website user’s browser that makes it possible to recognise the visitor when they access websites that belong to Google’s advertising network.
Visitors on this page can be shown ads related to content that the visitor previously accessed on websites that use Google’s remarketing function.
According to their own information, Google does not collect any personal data in this process. However, if you do not want Google’s remarketing function, you can always disable it by making the appropriate settings at http://www.google.com/settings/ads .
This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (website: https://www.hotjar.com ).
Hotjar is a tool used to analyse your user patterns on our website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heat maps that allow to determine which parts of the website the website visitor reviews with preference.
We are also able to determine how long you have stayed on a page of our website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).
Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.
You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.
The use of Hotjar and the storage of the Hotjar cookies are based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator's web offerings and advertising.
Deactivation of Hotjar: If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/opt-out .
Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.
For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy .
7.8 Conversion measurement with Facebook Pixel
If you have consented to our use of the Facebook Pixel, our website will feature the Facebook Pixel provided by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This enables us to track the actions a user takes after having been forwarded to the website of the provider by clicking on a Facebook advertisement. This enables us to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help us to optimize future promotional measures.
The data collected are anonymized for us, and as such we are unable to draw any conclusions as to the identity of a user. However, Facebook stores and processes the data, making it possible to associate them with the profile of a user and for Facebook to use the data for its own advertising purposes in line with its data policy ( https://www.facebook.com/about/privacy/ ). The data enable Facebook and its partners to place advertisements on and outside of Facebook. Furthermore, a cookie can be installed on your computer for these purposes.
Only users over the age of 13 can consent to the Facebook Pixel. If you are younger, please ask your parent or legal guardian for permission.
7.9 Microsoft Advertising
On our pages we use the Conversion Tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising will place a cookie on your computer if you access our website via a Microsoft Advertising. This allows Microsoft Advertising and us to identify if someone has clicked on an ad, has been redirected to our website and has reached a previously defined target page (conversion page). We only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user is disclosed. If you do not want information as described above to be used by Microsoft, you can prevent the setting of a cookie required for this purpose – for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en- GB to declare your objection. Further information on data protection and the cookies used at Microsoft and Microsoft Advertising can be found on the Microsoft website at https://privacy.microsoft.com/en-us/privacystatement .
7.10 Trusted Shops Trustbadge
The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.
This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) lit. f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/ .
When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.
Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptologic one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.
7.11 Social Media Links
The GLS websites contain links to the social media accounts of GLS Austria (e.g. Xing, LinkedIn, Instagram, YouTube, Kununu and Facebook). When using these links, please note that data processing on these profile pages is carried out in part by the respective provider.
GLS maintains business profiles on Facebook, Instagram, YouTube, XING, LinkedIn, and Kununu. As the operator of these business profiles, together with the respective operator of these social networks we are responsible within the meaning of Article 4 (7) GDPR. When visiting one of our fan pages, personal data will be processed by the controllers. Find more information on privacy when visiting on of our business profiles here.
7.12 Share Buttons
On our in 3.1 listed websites you can find some, so called Share Buttons (e.g. Facebook and WhatsApp). Those Buttons can be seen as a kind of bookmark that allows users to share our job advertisements with the respective service. On our website the share buttons are integrated by the privacy-friendly „Shariff-solution“ of heise.de and serve as a link to the corresponding services. After clicking on the integrated graphic, you will be redirected to the respective provider’s website. Only then user information will be transmitted to the provider. Please refer to the provider’s policy for further information on how they deal with your personal data.
8. Social Media Business Profiles
8.1 General information
In the below listed social networks GLS Austria maintains so called business profiles. Together with the respective operator of the social network, GLS Austria is jointly responsible for the data processing on the respective business profile within the meaning of the GDPR (Article 4 (7) GDPR). In the following sections we will inform you about data processing in connection with our business profiles.
Information on data processing by GLS Austria
When using the functions of the respective social network (e.g. „Like“-Button, „Follow“-Button), the controllers and possibly other users of the social network can see, that you are a follower of the business profile.
If you communicate and interact with us (comment, post, message), we will store your user name and the content of the message or comment for the purpose of processing your enquiry. Depending on the matter, you may provide or we may request additional personal data via private messages (e.g. parcel number, e-mail address or telephone number if you wish to be called). Please note that you should not provide any personal or confidential data in publicly visible comments and posts.
If you participate in one of our competitions, we store and use your Facebook user name to determine the winners and to communicate with you.
For continuous improvement of our social media presence on Facebook, Instagram, and LinkedIn we use the analysis tool ‘Fanpage Karma’ provided by uphill GmbH, Oranienstr. 188, 10999 Berlin. This only involves statistical analyses in aggregated form (with no reference to individual persons).
GLS Austria runs these business profile to present the company to social media users or other prospects and to get in contact with them. The processing of personal data is justified by the legitimate interest of GLS Austria (Article 6 (1) lit. f GDPR) to optimize the representation of the company. In case of a competition, the lawful processing is ensured by your consent (Article 6 (1) lit. a GDPR).
Personal data arising from your enquiries is automatically deleted six months after your enquiry. You have the right to request the manual deletion of this data at any time. If statutory retention periods preclude the deletion (for example in the event of complaints), the data will only be deleted or destroyed on expiry of the prescribed retention period.
Information on platform-dependent data processing by the respective provider and ways to contact the provider can be found in the following sections.
8.2 Facebook and Instagram
For the GLS business profile on Facebook GLS uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“).
For the GLS business profile on Instagram GLS uses the technical platform and services of Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA 94025, USA („Instagram“).
The Instagram service is one of the Facebook products provided by Facebook Ireland Limited. Consequently, the following information on Facebook also applies to our business profile on Instagram.
Collection and processing of access data by Facebook (Insights)
Please carefully check which personal data you share with us via Facebook. As long as you are logged into your Facebook account and visit our Facebook profile, Facebook can assign this to your Facebook profile. We expressly point out that Facebook stores the data of its users (for example, personal information, IP address, etc.) and may also use it for business purposes. If you want to prevent Facebook from processing personal data transmitted to us, please contact us by other means. Detailed information about the data processing of Facebook can be found in the data policy of Facebook under https://www.facebook.com/privacy/explanation
(Instagram: https://help.instagram.com/519522125107875 ).
Name and contact details of the joint controllers
As far as the data submitted by you is also or exclusively processed by Facebook (Insights data), Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and we are the joint data controllers as defined in GDPR. The data processing takes place in this respect on the basis of an agreement between the joint controllers according to Article 26 GDPR, which you can find here: www.facebook.com/legal/terms/page_controller_addendum .
You can contact the Data Protection Officer of Facebook via the contact form provided under https://www.facebook.com/help/contact/540977946302970 .
Data processing for statistical purposes using site insights Facebook provides us with so-called site insights for our Facebook page www.facebook.com/business/a/page/page-insights (or Instagram: https://help.instagram.com/788388387972460?helpref=related&ref=related ). This is aggregated data that helps us to understand how people interact with our site. Site insights may be based on personal information collected in connection with a visit or interaction of people on or with our site and its content. You may opt-out of the processing of your data for any of the above purposes at any time by changing your ad settings in your Facebook user account at www.facebook.com/settings?tab=ads.
Competent supervisory authority for Facebook and Instagram Data Protection Commission Canal House Station Road Portarlington Co. Laois R32 AP23, Ireland
For the maintenance of the GLS business profile on XING/Kununu GLS uses the technical platform and services of New Work SE, Dammtorstraße 30, 20354 Hamburg („XING“).
Contact the data protection officer of XING/Kununu here: Datenschutzbeauftragter@xing.com .
The XING/Kununu BrandManager provides us with general evaluation of the performance of our company profile. The key figures provided there (e.g. total number of page visits, total number of followers etc.) are merely aggregated data that do not allow any conclusions to be drawn about individuals.
Competent supervisory authority for XING/Kununu
Freie und Hansestadt Hamburg
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str. 22, 7. OG
Tel.: 040 / 428 54 – 4040
For the maintenance of the GLS business profile on Facebook GLS uses the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland („LinkedIn“).
Through the privacy shield certification LinkedIn guarantees an adequate level of data protection when processing data in the USA:
LinkedIn Page Analytics
LinkedIn’s page analytics provides insight into the performance of our LinkedIn business profile to assess trends based on dates and time periods. The analysis data (e.g. follower and visitor numbers) are only aggregated data that do not allow any conclusions to be drawn about individuals.
Competent supervisory authority for LinkedIn
Irish Data Protection Commission
21 Fitzwilliam Square South
For the maintenance of the GLS business profile on YouTube GLS uses the technical platform and services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). YouTube is a Google service.
Through the privacy shield certification Google guarantees an adequate level of data protection when processing data in the USA https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Competent supervisory authority for Google
Irish Data Protection Commission
21 Fitzwilliam Square South
9. Rights of the data subject, withdrawal of consent, exercise of rights, right to complain
9.1 Rights of the data subject
As data subject you have the right to:
- obtain the controller confirmation as to whether or not and which personal data concerning him or her are being processed (Right of access by the data subject acc. to Article 15 GDPR)
- obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her (Right to rectification acc. to Article 16 GDPR)
- obtain from the controller the erasure of personal data concerning him or her without undue delay (Right to erasure acc. to Article 17 GDPR)
- obtain from the controller restriction of processing (Right to restriction of processing acc. to Article 18 GDPR)
- receive the personal data concerning him or her, which he or she has provided to a controller (Right to data portability according to Article 20 GDPR)
- object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. (Right to object according to Article 21 GDPR)
9.2 Withdrawal of consent
At any time you have the right to withdraw your consent in data processing towards us. This also applies to consent given even before the GDPR. The withdrawal is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.
9.3 Exercise your rights
To exercise your rights or for withdrawal of your consent, please contact email@example.com and declare which right you wish to exercise so that GLS Austria may take further steps required to work on your request.
Please note, that we may ask you for a proof of identity in order to protect your personal information from unauthorized access or alteration.
9.4 Right to lodge a complaint with a supervisory authority
If you note any violation against our data protection regulations, do not hesitate to contact us. Furthermore, in such cases, you also have the right to lodge a complaint with a supervisory authority. (Article 77 GDPR in conjunction with § 24 DSG) Supervisory authority: Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna Austria/Europe www.dsb.gv.at e-mail: firstname.lastname@example.org
10.Updating this privacy information