Privacy Policy

of General Logistics Systems Austria GmbH

Privacy Policy for the Internet Presence und Services of General Logistics Systems Austria GmbH

With the following information, we would like to give you an overview of the processing of your personal data regarding all business transactions within General Logistics Systems Austria GmbH (GLS Austria) by us und your rights under the applicable data protection Which data is processed in detail depends on the websites and services in use. In addition to general information, you will find a detailed description of data processing for the service you use

1.General Information

1.1 Applicable data protection laws

General Logistics Systems Austria GmbH (GLS Austria) takes your privacy and data protection seriously. We process personal data exclusively in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the Data Protection Act (DPA).

As GLS Austria provides postal services as a notified postal service provider, we are also obliged to maintain postal secrecy in accordance with the Postal Market Act (PMG).

1.2 Contact details of the controller and the data protection officer

Responsible for the data processing pursuant to article 4 number 7 GDPR is:

General Logistics Systems Austria GmbH
Traunuferstraße 105a
4052 Ansfelden
Tel: +43 (0)5 9876 0
Fax: +43 (0)5 9876 1901
E-Mail: paketinfo@gls-austria.com (hereafter: „GLS Austria“)

You can reach our data protection officer at:
General Logistics Systems Austria GmbH
Traunuferstraße 105a
4052 Ansfelden
E-Mail: dataprotection@gls-austria.com

2. Data collection and processing

2.1 Shipper, consignment and consignee data

In the context of parcel shipping, we process shipper data such as address, contact data, bank details and other data in accordance with the services ordered by the shipper.

For the provision of the service, we also process recipient data that we receive from the shipper. This includes name, address, postal code, city, country. When the package is delivered, the name and signature of the recipient are collected. If the recipient does not arrive, GLS is entitled to deliver the package to an alternative recipient, e.g. neighbor. In this case, the name and signature of the alternative recipient will be collected. If this delivery is also not possible, the parcel will be delivered to a GLS parcel store. There, when the parcel is picked up, the name and signature of the recipient or authorized representative are collected on the smartphone that GLS provides to the operator. The storage of the above data takes place in the central GLS IT system.

If you grant us a one-time or until revoked drop-off authorization, we will collect your name, address, zip code, city and drop-off location. If you authorize another person to pick up your parcel, we will collect the name, address and place of residence of this person. The collection takes place in the context of fulfilling the contract with the sender, who has an interest in the proper delivery of his shipment.

For certain shipping services, additional personal data is required for the fulfillment of the contract:

Name of the service:Personal dataAffected personPurchase
FlexDeliveryServicee-mail addressRecipientInformation about the planned parcel delivery by e-mail
 For redistribution:
Name, Address
Alternate recipientDelivery to the alternative recipient
CashServiceBank connection detailsConsignorTransfer of the amount to the Cosignor
ShopDeliveryServiceE-Mail-Address or phone numberRecipientInformation about the planned delivery to the selected GLS parcel shop by e-mail or SMS
Pick&ReturnService, Pick&ShipServicePick-up addressConsignor who is not a customerFor parcel pickup
 E-Mail-addressCollection contactInformation about the planned pickup
DeliveryAtWorkServiceDepartment, contact person, phone numberRecipientDelivery tot he selected department/workplace of the recipient
InfoServiceE-Mail addressrecipientInformationen about the parcel status by e-mail or SMS

When parcels are shipped to other countries (export), the required shipper and recipient data is transferred to the respective GLS company or a partner company in the destination country.

Personal data is processed to carry out the parcel transport and related activities (e.g. billing, claims handling) as part of the performance of the contract with our customers (shipper/client).

To the extent necessary, we process your personal data beyond the performance of the contract to protect the legitimate interests of GLS Austria or third parties. This includes processing for the purpose of credit assessment, quality management, marketing, complaint and claims management as well as for controlling purposes. As a company, we are also subject to various legal requirements, such as the fulfillment of tax control and reporting obligations, customs requirements for exports to non-EU countries, and inspection obligations under the Foreign Trade and Payments Act. Compliance with applicable legal data protection regulations regarding shipper, consignment and recipient data is an original obligation of GLS Austria.

The transfer of data to GLS Austria serves the purpose of fulfilling the contract and does not constitute commissioned data processing.

For additional services such as the "FlexDeliveryService" and the "ShopDeliveryService", the e-mail address or telephone number of the recipient is required in order to inform the recipient about the status of the delivery. GLS Austria receives this data from the customer (client) who orders these services. The client is responsible for the proper collection of this data and in particular for the recipient's consent to the transmission of his telephone number and/or e-mail address to GLS Austria.

Should data of third parties (e.g. name and address of an alternative recipient) be entered when using "FlexDeliveryService" in the context of a redistribution, the customer (client) expressly declares that he/she has obtained in advance the necessary consents for the transmission to and processing by GLS Austria as well as the companies involved in the performance of the contract with regard to the processing of these personal data from the data owners. The customer (client) declares to indemnify and hold GLS Austria harmless in case of claims by these third parties.

For the services "Pick&ReturnService" or "Pick&ShipService", the client transmits the e-mail address of the pick-up contact (see above). GLS Austria receives this data from the principal who orders these services. The client is responsible for the proper collection of this data and in particular for the consent of the pick-up contact to the transmission of his e-mail address to GLS Austria.

If you have any questions about these procedures, please contact your contractual partner (sender/client of the pick-up).

Delivery options

The following user data is collected and processed when choosing a new delivery option:

Last name, first name*
new delivery address (street, house number, postal code, city, country)*
Drop-off location*
Authorized recipient (surname, first name)*
e-Mail address
*does not apply to all delivery options

The data is collected, processed and used for the purpose of establishing and fulfilling the delivery agreement as requested in terms of time and place or for contacting the users in the context of the delivery. This constitutes a fulfillment of contractual obligations within the meaning of Article 6 paragraph 1 lit. b GDPR. Use for other purposes, in particular disclosure to third parties, is excluded.

2.2 Shipment tracking ("Where is my parcel")

The package number you enter is needed to provide you with status information about the package in question.

2.3 RTT – Real Time Tracking

As part of the "FlexDeliveryService", live tracking of your parcel delivery is available to you - as an additional option. This optional service is hereinafter referred to as RTT.

Mode of operation

By entering your tracking ID and postal code, you will find out the predicted delivery time of your package on the day of delivery and can track the approximate position of the delivery vehicle live in Google Maps. In addition, you have the option of making an ad hoc rescheduling (alternative recipient/neighbor, parking permit) You will be informed by e-mail as soon as the real-time tracking of your shipment is available. The sender is responsible for collecting and forwarding your e-mail address to GLS Germany. The process of the additional service RTT is carried out by our affiliated company GLS eCom Lab GmbH. We have concluded an order processing agreement with GLS eCom Lab GmbH pursuant to Art. 28 GDPR to ensure compliance with data protection regulations.

Open Street Map (Amazon Web Services-AWS) (RTT)

The integration of Open Street Map in RTT provides an improved user experience on this website. The RTT service uses map material from Open Street Map to visually display geographical information. When using Open Street Map, it is a free and editable map of the world. The data of the users of Open Street Map are used exclusively for the purpose of displaying the map functions and caching the selected settings. This data may include, in particular, IP addresses and location data of the users, which are, however, not collected without their consent (therefore, please pay attention to the personal settings on your terminal device). You can obtain more information about Open Street Map at https://www.openstreetmap.de/

Redistribution (RTT)

If you wish to change the delivery address, you can enter the corresponding data in an online form. The legal basis for the processing of this personal data is your consent according to Art. 6 section 1 lit. a GDPR. If you enter the data of third parties (e.g. name and address of an alternative recipient) in this online form, you expressly declare that you have obtained in advance the necessary consents for the transfer to and processing by General Logistics Systems Austria GmbH as well as the companies involved in the performance of the contract with regard to the processing of this personal data from the data owners. You agree to indemnify and hold General Logistics Systems Austria GmbH harmless in the event of claims by such third parties. We would like to point out that the registered data is kept in stock within the framework of our systems in accordance with legal retention periods.

Optical adjustments/ advertising

In the context of RTT, the visual appearance may be enhanced with elements of the sending company and advertising overlays may appear. These visual adjustments are made by GLS and do not collect any data. However, if you click on an advertisement, the privacy policy of the advertiser applies. In this situation, GLS only records the number of clicks. These clicks do not allow any conclusions to be drawn about you.

Rating (RTT)

After your package has been delivered, you will have the opportunity to provide the service with a star rating and corresponding comment.

2.4 Customer satisfaction

GLS uses various methods to measure the satisfaction of its customers in order to continuously optimize its services and products. Among other things, shippers and/or recipients are enabled to voluntarily participate in surveys.

The Net Promoter Score (NPS) determines the probability of recommending GLS, GLS services and/or products to other people. Optionally, an open opinion poll can follow.

2.5 Contact form

The data entered by you as part of an inquiry in the e-mail contact form, such as name, street, postal code, city, e-mail address, etc., are required to process your inquiry.

2.6 Shipping information „Become a business customer”

The data entered as part of a request in the above form, such as first name, last name, email address, number of packages, etc. are required by us to process your request. After receipt of your request you will receive a confirmation e-mail from us.

2.7 „YourGLS“

On this website, a distinction is made between the open and closed areas: The functions in the open area are accessible without prior registration. Upon request, commercial GLS customers will be activated for "YourGLS" (closed area) by their responsible depot and will receive corresponding access data.

In the closed area "YourGLS" you have, among other things, the possibility to save recurring recipient addresses in the YourGLS address book. These addresses can then be used to easily create parcel labels. You can delete these addresses at any time. At your request or at the latest upon termination of the customer relationship, your YourGLS account will be blocked by your responsible depot. The data will be deleted in compliance with the legal retention periods.

2.8 Search for Parcelshops

To search for the nearest ParcelShops or depots, we need the postal code of the respective location. This is not personal data.

2.9 Request Parcelshop

If you make a suggestion for a ParcelShop in your area, we will process the personal data that you have provided to us via the contact form. The specification of a street, house number, postal code and city is mandatory. In addition, you can voluntarily provide the name of the ParcelShop, a contact person and your own contact details for us to contact you. You will then only be notified by us if you have given us your consent.

2.10 Drop off permission

On our website you habe the option of granting us a drop off permission. This enables delivery even if we are unable to meet you in person. When issuing a delivery permit, we collect the following personal data:

  • First and last name of the recipient or company name, street/house number, postcode/town of residence, e-mail address and a description of the desired parking location (e.g. garage).

The data of the parking permit will be stored for 3 years after revocation in case of claims for damages.

2.11 Registration GLS-ONE and GLS-APP

When registering for GLS-ONE or in the GLS app, your e-mail address and password (user data) are collected and stored. The e-mail address is used as a user name for GLS-ONE or the GLS app and to send you a new password if necessary.

Under the menu item "My packages" you will find all your shipped packages with the associated data such as date, package number, recipient, price and status.

Furthermore, as a registered user you have the possibility to save recipient addresses under the menu item "Address book". You can manually change or delete recipient addresses stored in the address book at any time. This data will only be used by GLS Austria if you place a corresponding transport order with us via the "Send parcels" function (see point a).

If you delete your account, the stored recipient addresses are automatically deleted. Your data will be deleted after settlement of all outstanding items in compliance with the legally prescribed archiving periods.

Use of GLS-ONE and GLS-APP

The personal data you enter in the "Send parcels" form, such as sender and recipient address (first name, last name, company if applicable, street, house number, postal code, city and country), are collected and stored for the performance of the contract on the basis of Article 6(1) lit. b GDPR. Additional data is required for certain services:

  • If GLS "FlexDeliveryService" is commissioned, the recipient's e-mail address and/or telephone number will be used to inform him/her of the upcoming parcel delivery and to offer various delivery options.
  • If GLS "Send@ParcelShop" is commissioned, the recipient's e-mail address and/or telephone number will be used to inform him/her that his/her parcel has been delivered to the GLS ParcelShop.

Recipient data transmitted by the user will be used by GLS Austria exclusively for the fulfillment of the ordered service (parcel shipment). Use for other purposes, in particular disclosure to third parties, takes place exclusively within the framework of the legal provisions.

Please note as a sender that you may transmit the e-mail address or cell phone number of the recipient to GLS Austria only with his consent!

For the processing of the payment within the framework of this process, the payment service providers commissioned by us process your data:

  • PayPal/PayPal PLUS: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereafter “PayPal”)

Please note that data processing in the context of payment via "PayPal", "PayPal via PayPal PLUS", "Direct Debit via PayPal PLUS", "Credit Card via PayPal PLUS" or "PayPal PLUS Invoice" is the responsibility of PayPal. Thus, PayPal's privacy policy applies to all transactions. When selecting one of the payment methods "Credit Card via PayPal", "Direct Debit via PayPal" or "PayPal Invoice" listed below, PayPal performs a credit check to calculate the probability of non-payment (so-called calculation of a scoring value).

  • Information about the identity check at PayPal and the data exchange with credit agencies (credit report) can be found here: https://www.paypal.com/de/webapps/mpp/ua/creditchk
  • Credit card: EVO Payments International GmbH, Elsa-Brändström-Str. 10-12, 50668 Köln (hereafter „EVO Payments“)

Please note that EVO Payments is responsible for data processing in the context of credit card payments. EVO Payments' privacy policy therefore applies to all transactions.

GLS applies fraud prevention measures when making online payments in GLS-ONE or in the GLS App. Your payment may therefore fail - e.g. due to exceeding a maximum amount.

If you would like to be exempt from fraud prevention measures, for example because you would like to send larger quantities of packages, please send us an e-mail to customer-service@gls-one.at . We ask for your understanding that we check your payment history before activation.

2.12 Response management

In the context of a complaint handling we collect and store your data and forward them if necessary. The collection, storage and forwarding is therefore carried out for the purpose of fulfilling the contract and on the basis of Art. 6 section 1 lit b GDPR and, if necessary, for the purpose of fulfilling a legal obligation of the responsible party on the basis of Art. 6 section1 lit c GDPR. Failure to provide this data may result in the complaint not being processed.

Further processing will only take place if you have consented or a legal permission exists. In some cases, we use external service providers based in the European Economic Area to process your data. These service providers have been carefully selected by us, commissioned in writing and are bound by our instructions. The service providers will not pass on this data to third parties, but will delete it once the contract has been fulfilled and the statutory storage periods have expired, unless you have consented to any further storage.

If necessary, we transmit personal data from these proceedings to our lawyer and the competent court. This is done, in accordance with the legal requirements, insofar as it is necessary to protect our legitimate interests and the legitimate interests of third parties and there is no reason to assume that your interests or fundamental rights and freedoms, which require the protection of personal data, are overridden.

The processing is based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR.

2.13 Visitor lists

When visiting our depots or when visiting the Head Office Ansfelden, visitors must be accompanied by authorised employees. The beginning and end of the visit must be recorded with the date and time. Customer visits, representatives and external employees are considered as visitors. Short-term visitors (post office, parcel shop customers) do not have to be entered.

3. Data transmission/file transfer

3.1 Data transmission to third parties

We do not transfer your personal data to third parties for purposes other than those listed below.

We will only share your personal data with third parties if:

  • you have given your express consent in accordance with Art. 6 section 1 lit. a GDPR
  • the disclosure is necessary in accordance with Art. 6 section 1 lit. f GDPR to protect the interests of the company and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
  • in the event that there is a legal obligation for the disclosure pursuant to Art. 6 section 1 lit. c GDPR as well as
  • this is legally permissible and necessary according to Art. 6 section 1 lit. b GDPR for the processing of contractual relationships with you.

GLS Austria may share your personal data with suppliers who provide services on our behalf in accordance with our instructions.

GLS Austria may also share your personal data with our affiliates and partners.

In addition, GLS Austria may disclose your personal information if we are required to do so by law, regulation, or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss.

GLS Austria reserves the right to transfer personal information we have about you if we sell or transfer all or part of our business or assets (including in the event of a reorganization, dissolution or liquidation).

3.2 Data transmissions

GLS Austria may also transfer its personal data to countries outside the country where the information was originally collected. These countries may not have the same data protection laws as the country where you originally provided the personal information. When we transfer your information to other countries, we protect that information as described in this Privacy Policy, and those transfers are governed by the applicable law.

The countries to which we transfer the personal data are located

• within the European Union or
• outside the European Union

When we transfer personal data from the European Union to countries or international organisations outside the European Union, the transfer is made on the basis:

  • an adequacy decision of the European Commission;
  • in the absence of such, due to other legally permissible reasons such as the existence of a legally binding and enforceable document between public authorities or public bodies, binding internal corporate rules, standard data protection clauses and approved or certified codes of conduct.

In exceptional cases, a data transfer may also take place on the basis of Art. 49 GPDR:

  • Art. 49 Abs. 1 lit. a GDPR

The data subject has given his or her explicit consent to the proposed data transfer after having been informed of the potential risks to him or her of such data transfers in the absence of an adequacy decision and appropriate safeguards,

  • Art. 49 Abs. 1 lit. b GDPR
    the transfer is necessary for the performance of a contract between the data subject and the controller or the performance of pre-contractual measures at the request of the data subject,
  • Art. 49 Abs. 1 lit. c GDPR
    the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject by the controller with another natural or legal person.

4. Applications

4.1 General applications

By applying to GLS Austria via the website https://gls-group.eu/AT/de/karriere by e-mail or post, you provide your personal data for the purpose of processing and reviewing your application. The data is used by GLS Austria to manage your application and thereby find the right job for you. Your data will be stored and processed on our systems.

When applying via our GLS career site, the following information is mandatory: title, first and last name, academic title, e-mail address (and password for registration), nationality and CV.

We obtain additional personal data from you by voluntarily providing, among other things, a telephone number, address data, a photo, a letter of motivation or your relevant references.

If you apply by e-mail or post, we store all the data you provide in your application.

If you contact us in any other way and use the e-mail contact form, the data you enter, such as name, address, telephone number, e-mail address, etc., will be required to process your enquiry.

Your data will be stored and processed for the purpose of applicant management in order to initiate a contract of employment with you. Where necessary, we process your personal data beyond the fulfilment of the contract to protect the legitimate interests of the responsible parties or third parties. This includes processing for statistical purposes in anonymised or aggregated form (e.g. reporting).

In order to continuously improve our recruiting process, we use the applicant management solution of eRecruiter GmbH (eRecruiter GmbH, Winterhafen 4, A-4020 Linz). For information on data protection at eRecruiter, please see the following data protection statement: https://www.erecruiter.net/p/datenschutz

Furthermore, we have concluded an order processing agreement with eRecruiter in accordance with Article 28 GPDR to ensure compliance with data protection regulations.

Data transfer for applicant data

GLS Austria is responsible for the central processing of applicant data. Your data will only be stored, evaluated, processed or forwarded internally (within the responsible persons) in the context of your application. It is only accessible to employees of the personnel department and the persons responsible for the selection of applicants. These persons are obliged to maintain confidentiality about personal data within the scope of their employment contract. In exceptional cases, other parties may receive your data.

In the case of recruitment by external recruiters, e.g. headhunters or the Public Employment Service, they may receive your personal data.

With regard to the transfer of data to further recipients, we only pass on your personal data if this is required by legal provisions, you have given your consent or we are authorised to pass it on. If these requirements are met, recipients of personal data may include public bodies and institutions (e.g. law enforcement agencies) if a legal or official obligation exists.

An active transfer of personal data to a third country only takes place if this has been expressly indicated within the scope of the aforementioned services.

Storage period and deletion

The responsible parties store personal data in accordance with the statutory provisions on data processing and in compliance with statutory retention periods for as long as is necessary for the respective purpose. We determine the duration of data storage in accordance with the following requirements:

  • If you take up employment with the person responsible, your personal data, or at most an extract thereof, will be placed in your personal file.
  • If you have applied and received a rejection, your details will be stored for 7 months after the end of application process a then get anonymized (profile and application). There will be no notification of the deletion data.

4.2 Application form for transport partners

If you apply as a transport partner with GLS Austria, we collect the following personal data as part of the pre-contractual check:

Salutation, surname, first name, company if applicable, street, house number, postcode, city, country, telephone number, e-mail address and website if applicable, VAT identification number, tax number, bank details, terms of delivery and payment, information on the products and services you offer and on quality and environmental management.

4.3 Application form for parcel shop partners

If you apply to become a ParcelShop partner with GLS Austria, we require information from you such as your surname, first name, company (if applicable), street, house number, postcode, town, country, telephone number, e-mail address and website (if applicable) to check your application (implementation of pre-contractual measures).

If a contract (ParcelShop contract) is concluded between you and GLS Austria, we process this data to implement the contractual relationship. In addition, we require your tax number/sales tax identification number and your bank details for billing purposes. To prove that a business exists, we request a copy of your business registration and, if applicable, an extract from the commercial register.

The legal basis for the processing is Article 6 section 1 lit. b GDPR. If no ParcelShop contract is concluded, your data will be deleted no later than 2 years after the conclusion of the procedure.

4.4 Communication via WhatsAPP

If you have consented to us contacting you via WhatsApp, data will be transmitted to WhatsApp Inc. WhatsApp has end-to-end encryption so that the transmitted content is only accessible to the respective communication partners involved.

However, WhatsApp can collect so-called metadata (who communicates with whom and how often).

WhatsApp Inc. receives personal data (including metadata), which is also processed on servers in states outside the EU (e.g. USA). WhatsApp shares this data with other companies within and outside the Facebook group of companies. Further information can be found in WhatsApp's privacy policy.

Should you agree to a use of WhatsAPP in the context of a communication regarding your application, GLS Austria does not assume any liability in the event of irregularities with or due to any damage caused by the service or the service provider WhatsAPP.

5. Newsletter

The newsletter is sent using "CleverReach", a newsletter delivery platform of the German provider CleverReach GmbH & Co KG - www.cleverreach.com . The processing is based on your consent pursuant to Art. 6 para. 1 lit a GDPR or our legitimate interest pursuant to Art. 6 section 1 lit f GDPR.

The email addresses of our newsletter recipients, as well as their other data described in this notice, are stored on CleverReach's servers in Germany. CleverReach uses this information to send and evaluate the newsletter on our behalf. Furthermore, CleverReach may use this data to optimise or improve its own services, e.g. to technically optimise the dispatch and presentation of the newsletters or for economic purposes to determine from which countries the recipients come. However, CleverReach does not use the data of our newsletter recipients to write to them itself or to pass it on to third parties.

We trust in the reliability and IT and data security of CleverReach (https://www.cleverreach.com/de/datenschutz) .

Registration for our newsletter takes place in a so-called double opt-in process. This means that you will receive an email after registration in which you are asked to confirm your registration.

The registrations for the newsletter are logged in order to be able to prove the registration process in accordance with the legal requirements. This includes the storage of the registration and confirmation time as well as the IP address.

When you call up the newsletter, technical information such as information on the browser and your system, as well as your IP address and the time of the call-up are initially collected. This information is used for the technical improvement of the services based on the technical data or the target groups and their reading behaviour based on their retrieval locations (which can be determined with the help of the IP address) or the access times.

Statistical surveys also include determining whether newsletters are opened, when they are opened and which links are clicked. For technical reasons, this information can be assigned to the individual newsletter recipients. However, it is not our intention to observe individual users. The analyses serve us much more to recognise the reading habits of our users and to adapt our content to them or to send different content according to the interests of our users.

Our newsletters contain so-called tracking pixels (web bugs), which enable us to recognise whether and when an email was opened and which links in the email were followed by the personalised recipient. We store this data so that we can optimally tailor our newsletters to the wishes and interests of our subscribers. Accordingly, the data collected in this way is used to send personalised newsletters to the respective recipient.

With a revocation of the consent to receive the newsletter, the consent to the aforementioned tracking is also revoked.

6. Storage period and deletion

GLS Austria stores personal data in accordance with the statutory provisions on data processing and in compliance with statutory retention periods only for as long as is necessary for the respective purpose. We determine the duration of data storage in accordance with the following requirements:

Operational requirements: The storage period required for the handling of operational processes.

Legal requirements: Retention periods under commercial and tax law, which result, for example, from the Business Code (BC) or the Federal Fiscal Code (FFC). The periods specified there are 7 years in each case according to § 212 BC and § 132 FFC. This applies, for example, to electronic customer invoices, which may be accessible via "YourGLS".

The limitation periods according to §§ 1489 ABGB can be up to 30 years, whereby the regular limitation period is three years. This applies, for example, to complaints communicated via the contact form.

After expiry of the defined retention period, the data will be deleted, destroyed or anonymised - unless overriding legitimate interests apply.

7. Data subjects rights, revocation of consent, exercise of you rights

As a data subject you have the right to:,

  • receive information about whether your personal data are being processed and the tight to be informed about these data (data subject’s right to information pursuant to article 15 GDPR
  • request the rectification of the inaccurate personal data concerning you
  • right of rectification pursuant to Article 16 GDPR
  • request the erasure of your personal data (right to erasure pursuant to article 17 GDPR)
  • request the restriction of processing (right to restriction of processing pursuant to article 18 GDPR)
  • obtain the personal data you have provided to us (right to data portability under article 20 GDPR)
  • subject, on grounds relating to your particular situation, to the processing of personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims (right of objection under Article 21 GDPR).

Revocation of consent

You can revoke your consent to the processing of personal data at any time. This also applies to consent given to us before the entry into force of the GDPR, i.e. before 25 May 2018. The revocation of consent only takes effect for the future and does not affect the lawfulness of the data processed until the revocation.

Exercise of rights

If you wish to exercise your rights as a data subject or withdraw express consent, please send a message to dataprotection@gls-austria.com explaining which right you wish to exercise so that GLS Austria can take the further steps necessary to exercise your rights.

Please note, however, that we may require proof of identity to protect your personal data from unauthorised access or unauthorised changes.

Right of complaint to a supervisory authority

If you are of the opinion that the processing of personal data concerning you violates data protection regulations, please inform us of your concerns. In such cases, you also have the right to lodge a complaint with a supervisory authority (Article 77 GDPR and § 24 DSG).

Responsilbe supervisory authority
Austrian Data Protection Authority

Barichgasse 40-42
1030 Vienna

www.dsb.gv.at
E-Mail: dsb@dsb.gv.at

8. Cookies

See Cookie policy under https://gls-group.eu/AT/de/cookie-einstellungen

9. Google-Tools

9.1 Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc (hereafter: Google). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, due to the activation of IP anonymisation on these websites, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. In addition, you can prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available under the following link: Browser add-on to disable Google Analytics.

The processing is based on our legitimate interests pursuant to Art. 6 (1) lit. f GDPR and your consent pursuant to Art. 6 (1) lit. a GDPR.

IP-Anonymisation

We use the function "Activation of IP anonymisation" on this website. However, this means that your IP address is shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

9.2 Google AdWords

Our website uses Google conversion tracking. If you have reached our website via an ad placed by Google, Google AdWords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked across AdWords customers' websites.

The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.

If you do not wish to participate in the tracking, you can reject the setting of a cookie required for this - for example, by means of a browser setting that generally deactivates the automatic setting of cookies or by setting your browser in such a way that cookies from the domain "googleleadservices.com" are blocked.

Please note that you may not delete the opt-out cookies as long as you do not want any measurement data to be recorded. If you have deleted all your cookies in the browser, you must set the respective opt-out cookie again.

9.3 Google Remarketing

This website uses the remarketing function of Google Inc. The function is used to present interest-based advertisements to website visitors within the Google advertising network. A so-called "cookie" is stored in the browser of the website visitor, which makes it possible to recognise the visitor when they visit websites that belong to the Google advertising network. On these pages, the visitor can be presented with advertisements that relate to content that the visitor has previously accessed on websites that use Google's remarketing function.

According to its own information, Google does not collect any personal data during this process. However, if you do not wish to use Google's remarketing function, you can generally deactivate it by making the appropriate settings at http://www.google.com/settings/ads

Alternatively, you can deactivate the use of cookies for interest-based advertising via the advertising network initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp

9.4 Google script libraries

In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries such as Google Webfonts (https://www.google.com/webfonts/) on this website. Google Web Fonts are transferred to your browser's cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content is displayed in a standard font.

Calling up script libraries or font libraries automatically triggers a connection to the operator of the library. It is theoretically possible - although it is currently unclear whether and, if so, for what purposes - that the operators of such libraries collect data.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/

9.5 Google Maps

The integration of Google Maps provides an improved user experience on this website.

By using the Google Maps API from Google Inc. (responsible for the data of users in the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), it is possible to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about the use of the map functions by visitors.

The following data is transferred for this purpose:

  • Referrer (address of the page which Google Maps is used)
  • IP address of the user
  • Google account (if the user is logged in to Google, this is recognized and assigned to the account)
  • The browser used and browser perferences such as browser window size and screen resolution, browser plug ins, timestamp, language setting.

You can find more information about data processing by Google in the Google privacy policy. There you can also change your personal privacy settings in the Privacy Center.

10. Third-Party-Tools

10.1 Hotjar

This website uses Hotjar. The provider is Hotjar Ltd, Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta, Europe (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user behaviour on our website. Hotjar allows us to record, among other things, your mouse movements, scrolling movements and clicks. Hotjar can also determine how long you have stayed on a particular spot with the mouse pointer. From this information, Hotjar creates so-called heat maps, which can be used to determine which website areas are viewed preferentially by the website visitor.

We can also see how long you stayed on a page and when you left. We can also determine at which point you abandoned your entries in a contact form (so-called conversion funnels).

In addition, Hotjar can be used to obtain direct feedback from website visitors. This function serves to improve the website operator's web offerings.

Hotjar uses cookies. Cookies are small text files that are stored on your computer and saved by your browser. They serve to make our offer more user-friendly, effective and secure. In particular, these cookies allow us to determine whether our website has been visited with a particular end device or whether the Hotjar functions have been deactivated for the browser in question. Hotjar cookies remain on your terminal device until you delete them.

You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If you deactivate cookies, the functionality of this website may be limited.

The use of Hotjar and the storage of Hotjar cookies is based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in analysing user behaviour in order to optimise both its web offering and its advertising.

Deactivating Hotjar

If you would like to deactivate the data collection by Hotjar, click on the following link and follow the instructions there: https://www.hotjar.com/opt-out

Please note that deactivating Hotjar must be done separately for each browser or end device.

For more information about Hotjar and the data it collects, please see Hotjar's privacy policy at the following link: https://www.hotjar.com/privacy.

10.2 Microsoft Advertising

On our pages, we use the conversion tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising stores a cookie on your computer if you have accessed our website via a Microsoft advertisement. In this way, Microsoft Advertising and we can recognise that someone has clicked on an advertisement, been redirected to our website and reached a previously determined target page (conversion page). We will only know the total number of users who clicked on a Microsoft Advertising ad and were then directed to the conversion page. No personal information about the user's identity is shared.

If you do not want Microsoft to use information about your behaviour as explained above, you can refuse the setting of a cookie required for this purpose - for example, by means of a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website as well as the processing of this data by Microsoft by clicking on the following link: http://choice.microsoft.com/de-DE/opt-out to declare your objection. Further information on data protection and the cookies used by Microsoft and

Microsoft Advertising can be found on the Microsoft website at https://privacy.microsoft.com/de-de/privacystatement.

10.3 Trusted Shops Trustbadge

The Trusted Shops trust badge is integrated on this website to display our Trusted Shops seal of approval and any ratings collected, as well as to offer Trusted Shops products to buyers after they have placed an order.

This serves to protect our legitimate interests, which outweigh our interests in the context of a balancing of interests, in optimal marketing by enabling secure shopping in accordance with Article 6 (1) lit. f GDPR. The trust badge and the services advertised with it are an offer of Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Cologne. The Trustbadge is provided by a CDN provider (Content Delivery Network) within the framework of order processing. Trusted Shops GmbH also uses service providers from the USA. An appropriate level of data protection is ensured. Further information on the data protection of Trusted Shops GmbH can be found here:

https://www.trustedshops.de/impressum/#datenschutz

When the Trustbadge is called up, the web server automatically saves a so-called server log file, which also contains your IP address, the date and time of the call-up, the amount of data transferred and the requesting provider (access data) and documents the call-up. Individual access data are stored in a security database for the analysis of security anomalies. The log files are automatically deleted 90 days after creation at the latest.

Further personal data is transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or if you have already registered to use them. The contractual agreement between you and Trusted Shops applies. For this purpose, personal data is automatically collected from the order data. Whether you as a buyer are already registered for product use is automatically checked using a neutral parameter, the email address hashed by cryptological one-way function. The e-mail address is converted into this hash value, which cannot be decrypted by Trusted Shops, before it is transmitted. After checking for a match, the parameter is automatically deleted.

This is necessary for the fulfilment of our and Trusted Shops' overriding legitimate interests in the provision of the buyer protection linked to the specific order in each case and the transactional evaluation services in accordance with Article 6 (1) lit. f GDPR. Further details, including the objection, can be found in the Trusted Shops privacy policy linked above and in the Trustbadge.

11. Social Media

GLS Austria operates so-called company profiles in the social networks listed below. In principle, GLS Austria and the respective operator of the network are jointly responsible for data processing on the respective company profile within the meaning of the EU General Data Protection Regulation (Article 4 item 7 GDPR). In the following sections we inform you about the data processing in connection with our company profiles.

Note on data processing by GLS Austria

If you use the interactive functions of the respective social network (e.g. "Like" button, "Follow" button), it becomes visible to the responsible parties and, if applicable, to the users of the social network that you are a fan of our site.

As soon as you communicate and interact with us (comment, post, message), we store your user name and the content of the message or comment for the purpose of processing your request. In private messages, depending on the request, further personal data may be provided by yourself or requested by us. (e.g. parcel number, e-mail address or telephone number if you wish to be contacted by telephone). If possible, please do not provide any personal or confidential data in publicly visible comments and posts.

In the event that you participate in one of our competitions, we will store and use your Facebook name to determine the winner and to communicate with you.

In order to continuously improve our social media presence, we use the analysis tool "Fanpage Karma" from the provider uphill GmbH, Oranienstr. 188, 10999 Berlin, for our profiles on Facebook, Instagram and LinkedIn. Here, only statistical evaluations are carried out in aggregated form (without drawing conclusions about individuals).

GLS operates these company profiles in order to present itself to users of the social network and other interested persons who visit the company profile and to communicate with them. The processing of users' personal data is based on the legitimate interests (Article 6(1)(f) GDPR) of GLS Austria in an optimal presentation of the company. In the case of competitions, the lawful processing of your data is based on consent (Article 6(1)(a) GDPR).

The personal data from your requests will be automatically deleted six months after your request. Should you manually request deletion, you have the right to do so at any time. Should legal retention periods (e.g. in the case of complaints) prevent deletion, the data will only be deleted or destroyed after the expiry of the prescribed retention period.

Information on platform-dependent data processing by the respective provider and options for contacting the provider can be found in the following sections.

11.1 Social Media Links

On the GLS websites there are links (connections) to social media profiles of GLS Austria (e.g. on Xing , LinkedIn, Kununu, Instagram, YouTube and Facebook). When using these links, please note that data processing on these profile pages is partly carried out by the respective provider.

As the operator of these company profiles, we are jointly responsible with the respective operator of these social networks within the meaning of Article 4 fig. 7 GDPR. If you visit one of our company profiles, personal data will be processed by the joint controllers.

11.2 Share Buttons

These are a kind of bookmark with which users of a service can share job advertisements etc. with the respective service. The share buttons are integrated on our website with the data protection-friendly "Shariff solution" from heise.de as a link to the corresponding services. After clicking on the embedded graphic, you will be redirected to the page of the respective provider; only then will user information be transmitted to the respective provider. For information on the handling of your personal data when using these providers, please refer to the data protection declarations of the respective providers.

11.3 Meta Platform Inc. (Facebook, Instagram, Whastapp)

If you have given your consent to the use of the Facebook visitor action pixel, we use the "visitor action pixel" of Meta Platforms Inc.Deboarh Crawford 1601 Willow Road, Menlo Park, California 94025, U.S.A. within our website. This makes it possible to track the behaviour of users after they have been redirected to the provider's websites by clicking on a Facebook ad. This procedure is used to evaluate the effectiveness of the Facebook ads for statistical and market research purposes and can help to optimise future advertising measures.

The collected data is anonymous for us, so it does not offer us any conclusions about the identity of the users. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes, in accordance with the Facebook data usage policy (https://www.facebook.com/about/privacy/). You may enable Facebook and its partners to serve ads on and off Facebook. A cookie may also be stored on your computer for these purposes.

Consent to the use of the Visitor Action Pixel may only be given by users who are over 13 years of age. If you are younger, we ask you to ask your legal guardians for permission.

For the operation of the Facebook fan page, GLS Austria uses the technical platform and services of Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland ("Facebook").

For the operation of the Instagram company profile, GLS Austria uses the technical platform and services of Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA 94025, USA ("Instagram").

The Instagram service is one of the Facebook products provided by Facebook Ireland Limited. Consequently, the following information about Facebook applies equally to our company profile on Instagram.

We would like to point out that you use our Facebook page and its functions on your own responsibility. This applies in particular to the use of the interactive functions (e.g. commenting, sharing, rating). The Facebook terms of use are authoritative for this.

Collection of access data by Facebbok (Insights)

Please check carefully what personal data you share with us via Facebook. As long as you are logged into your Facebook account and visit our Facebook profile, Facebook can assign this to your Facebook profile. We expressly point out that Facebook stores the data of its users (e.g. personal information, IP address, etc.) and may also use this for business purposes. If you would like to avoid Facebook processing personal data you have transmitted to us, please contact us by other means. For more information on Facebook's data processing, please see Facebook's privacy policy at http://de-de.facebook.com/policy.php (Instagram: https://help.instagram.com/519522125107875).

Name and contact details of the common responsible persons

Insofar as the data you provide to us via Facebook is also or exclusively processed by Facebook (Insights data), we are joint data controllers within the meaning of the GDPR with Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. The associated data processing is carried out on the basis of an agreement between joint controllers pursuant to Article 26 GDPR, which you can view here: www.facebook.com/legal/terms/page_controller_addendum .

You can contact Facebook's data protection officer via the online form at https://www.facebook.com/help/contact/540977946302970.

Data processing for statistical purposes using page insights

Facebook provides us with so-called page insights for our Facebook page (www.facebook.com/business/a/page/page-insights or for Instagram https://help.instagram.com/788388387972460?helpref=related&ref=related). These are aggregated data that allow us to understand how people interact with our page. Page Insights may be based on personal data collected in connection with an individual's visit to or interaction with our Site and its content.

You can object to the processing of your data for the aforementioned purposes at any time by changing your ad settings in your Facebook user account at www.facebook.com/settings?tab=ad s accordingly.

You can contact Facebook's data protection officer via the online form at https://www.facebook.com/help/contact/540977946302970.

Facebook Pixel

If you have consented to our use of the Facebook Pixel, our website will feature the Facebook Pixel provided by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This enablesus to track the actions a user takes after having been forwarded to the website of the provider by clickingon a Facebook advertisement. This enables us to evaluate the effectiveness of Facebook advertisementsfor statistical and market research purposes and can help us to optimize future promotional measures.
The data collected are anonymized for us, and as such we are unable to draw any conclusions as to the identity of a user. However, Facebook stores and processes the data, making it possible to associate them with the profile of a user and for Facebook to use the data for its own advertising purposes in line with its data policy (https://www.facebook.com/about/privacy/). The data enable Facebook and its partners to place advertisements on and outside of Facebook. Furthermore, a cookie can be installed on your computer for these purposes. Only users over the age of 13 can consent to the Facebook Pixel. If you are younger, please ask your parent or legal guardian for permission.

11.4 XING/Kununu

For the operation of the XING/Kununu company profile, GLS Austria uses the technical platform and services of New Work SE, Dammtorstraße 30, 20354 Hamburg ("XING").

The privacy policy of XING/Kununu can be found at https://privacy.xing.com/de/datenschutzerklaerung.

XING/Kununu BrandManager

The XING/Kununu BrandManager provides us with general evaluations of the performance of our company profile. The key figures provided there (e.g. total number of page visits, total number of followers, etc.) are only aggregated data that do not allow any conclusions to be drawn about individuals.

11.5 LinkedIn

We use plugins of the social network LinkedIn of LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (hereinafter "LinkedIn"). You can recognise the LinkedIn plugins by the LinkedIn logo on our site.

When you visit our pages, a direct connection is established between your browser and the LinkedIn server via the plugin. LinkedIn thereby receives the information that you have visited our site with your IP address.

If you click the LinkedIn "Recommend Button" while logged into your LinkedIn account, you can link the content of our pages on your LinkedIn profile. This enables LinkedIn to assign the visit to our pages to your user account.

We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by LinkedIn.

Details on data collection (purpose, scope, further processing, use) as well as your rights and setting options can be found in LinkedIn's privacy policy. LinkedIn provides this information at http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv/.

Company analysis

LinkedIn's company page analytics provide insights into the performance of our LinkedIn company profile to assess trends based on dates and time periods. The analytics data (e.g., follower and visitor counts) is aggregate data only and does not identify individuals.

11.6 YouTube

We embed YouTube videos on some of our websites. The operator of the corresponding plugins is YouTube, LLC, 901 Cherry Ave, San Bruno, CA 94066, USA.

When you visit a page with the YouTube plugin, a connection to YouTube servers is established. This tells Youtube which pages you are visiting. If you are logged into your Youtube account, Youtube can assign your surfing behavior to you personally. You can prevent this by logging out of your Youtube account beforehand.

If a Youtube video is started, the provider uses cookies that collect information about user behavior.

If you have deactivated the storage of cookies for the Google Ad program, you will not have to deal with such cookies when watching Youtube videos. However, Youtube also stores non-personal usage information in other cookies. If you would like to prevent this, you must block the storage of cookies in the browser.

For more information on data protection at "Youtube", please refer to the provider's privacy policy at: https://www.google.de/intl/de/policies/privacy/

12. SSL-encryption and security (including server logs)

GLS Austria protects your personal data against loss and misuse through appropriate technical and organizational security measures. This includes the transmission of your data entered on the GLS website via SSL encryption. We reserve the right to adapt these security and data protection measures if this becomes necessary due to technical developments.

When you access this website, the browser used on your terminal device automatically sends information to the server of our website. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until automated deletion:

  • IP-Adress of the requesting computer,
  • Date and time of access,
  • Name and URL of the accessed file,
  • Website of origin (Referrer-URL),
  • Browser used and, if applicable, the operating system of your computer as well as the name of your access provider.

The possibility to use this data on the legal basis according to Art. 5 section 1 lit. f GDPR for purposes such as:

  • ensuring a smooth connection of the website,
  • the gutantee of a comfortable use of our website,
  • the evaluation of system security and stability as well as
  • for further administration purposes

is currently perceived by us. The collected data will in no case be uses to draw conclusions about your person.

13. Amendment of this privacy policy

GLS Austria is entitled to update this information by publishing the changed information on this website. We are continuously developing and optimizing our services. It may therefore be that we add new functionalities. Should this have an impact on the way your personal data is processed, we will inform you in a timely manner in our privacy policy.

Status: 16.01.2023.