Data protection declaration

of General Logistics Systems Austria GmbH

Privacy policy

Privacy Policy for the Websites and Services of General Logistics Systems Austria GmbH

Witch the following information we would like to provide you with an overview on how we process your personal data on the websites of General Logistics Systems Austria GmbH and inform you about your rights according to privacy laws. Depending on the services you use, the details of the data processing differ. In addition to general information, you will find a detailed description of data processing for the specific service you use.

1. General Information

1.1 Applicable data protection laws and data protection obligation

GLS Austria GmbH (GLS Austria) takes data protection and privacy seriously. For that reason, personal data will exclusively be processed in accordance with the EU General Data Protection Regulation (GDPR) and the Austrian Federal Data Protection Act (DSG).

As GLS Austria provides postal services or takes part in it, we are subject to maintaining postal secrecy under the Austrian Postal Market Act (PMG).

1.2 Security of personal data

By means of technical and organizational security measures, GLS Austria does its best to protect personal data from loss or misuse. We process personal data in IT systems which are protected by appropriate security measures. This includes using SSL/TLS encryption for transfer of data entered by you on this website. If required by technical progress, we reserve the right to modify these security and privacy protection measures.

1.3 Contact details of the controller and the data protection officer

Controller according to Article 4 (7) GDPR resp. media owner according to § 1 ( 1) number 8 MedienG (Austrian Medien Act) is:

General Logistics Systems Austria GmbH

Traunuferstraße 105a

4052 Ansfelden

Phone: +43 (0)5 9876 0

Fax: + 43 (0)5 9876 1901

E-Mail: info@gls-austria.com

(Hereinafter: „GLS Austria “)

You can contact our company data protection officer at:

General Logistics Systems Austria GmbH

Data Protection Officer

Traunuferstraße 105 a

4052 Ansfelden

Fax: +43 (0)5 9876 1902

E-Mail: dataprotection@gls-austria.com

If you want to contact via e-mail, please note that the confidentiality of the transmitted information cannot be guaranteed. Unencrypted e-mails can possibly be read by unauthorised third parties.

1.4 Personal Data

'Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). This includes for example information such as name, address, telephone number and date of birth.

Information that cannot be linked to a specific or determinable individual - such as the number of users of a website - is not considered to be personal data.

1.5 Legal bases of processing

Your personal data will only be processed by us provided with a legal basis. The processing is lawful, if at least one of the following conditions applies:

Consent (Article 6 (1) lit. a GDPR):

The data subject has given consent to the processing of his or her personal data for one or more specific purposes. One purpose might the processing of your request. The consent can be withdrawn by any time. This also applies to consent given even before the EU GDPR. The withdrawal is only effective for the future and does not affect the legality of the data processed until the withdrawal.

Contractual obligations or pre-contractual measures (Article 6 (1) lit. b GDPR):

The processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. Upon your request we process your data. Usually this results out of our products/services or can include consultation or analysis on demand.

Legitimate interest (Article 6 (1) lit. f GDPR):

The processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party. Besides the fulfilment of a contract we may have further interests. (e.g. ensuring IT security and operations, to analyse and improve the use of our website, etc.)

Compliance with legal obligation (Article 6 (1) lit. c GDPR):

The processing is necessary for compliance with a legal obligation to which the controller is subject. GLS Austria is subject to different legal obligations. Among others, these include retention periods prescribed by Austrian Corporate Code (UGB) or Federal Tax Code (BAO).

1.6 Data transfer and recipients

Within GLS Austria, those entities, who need your data to fulfil their contractual or legal obligations, have access to your data. Also providers, commissioned by GLS Austria, may receive data for these purposes, provided they meet the legal requirements. Those parties include Group and carefully selected non-Group third parties contractually required to provide services for or on behalf of GLS Austria. GLS Austria has concluded corresponding contractual agreements with these parties. In regard to a data transfer to further recipients, we will only pass on your personal data if required by law, with your consent or if we are authorized for disclosure. Under these conditions, public bodies and institutions (such as prosecuting authorities) can receive your personal data if it is required by law. A transfer of personal data to a third countries will exclusively take place if explicitly mentioned in the context of the former mentioned services.

1.7 Duration of data storage and erasure

GLS Austria stores your personal data only in accordance to legal retention periods and legal obligations, as long as it is necessary for the purpose. We set the duration of the storage according to the following requirements:

Operational requirements: The storage duration, that is needed to complete operational processes.

Legal requirements: Commercial and tax retention periods, which result e.g. from the Austrian Corporate Code (UGB) or the Federal Tax Code of Austria (BAO). According to § 212 UGB and § 132 BAO they usually prescribe retention periods of 7 years. This concerns e.g. the electronic customer invoices that may be accessible through “YourGLS”.

The periods of limitation according to §§ 1489 ff. Of the Austrian Civil Code (ABGB) may be up to 30 years, whereby the regular period of limitation is three years. E.g. Complaints communicated via the contact form.

After expiry of the defined retention period, the data will be deleted or destroyed.

2. Information for consignors and consignees

2.1 Consignor, Consignee and Consignment Data

Parcel Delivery

For the purpose of Parcel Delivery we process consignor information like address, contact details, bank details and other required data for the services used by the consignor.

In addition to that we process data of the consignees. The consignor provides us with the name, address, postcode, city and country of the consignee. During the delivery process the name and signature of the consignee are registered. If the consignee is not at home, GLS is authorized to deliver the parcel to an alternative consignee, for example a neighbour. In this case the name and signature of the alternative consignee are registered. If this delivery is not possible, the parcel will be delivered to a GLS parcel shop. If the parcel is picked up in the parcel shop the name and signature of the consignee or his/her assignee are registered on a smartphone which GLS supplies to the parcel shop owner. All data will be saved on the central GLS IT system.

If you give us a one-time or permanent permission of deposit, we collect your name, address, postcode, city and place of deposit. If you give another person a parcel pickup authorisation, we will collect this person’s name, address and place of residence. The processing takes place in the context of the fulfilment of the contract with the consignor who has an interest in the proper delivery.

For specific delivery services it is required to collect further personal data in order to fulfil the contract:

Servicename: Personenbezogene Daten Betroffene PersonZweck
FlexDeliveryServicee-mail adressConsigneeInformation about the scheduled delivery via e-mail to the alternative consignee
In case of alternative delivery: name, addressAlternative consignee 
CashServiceBank account detailsConsignorPayment of CashOnDelivery Service amount to consignor
ShopDeliveryServicee-mail address or mobile phone no.ConsigneeInformation about parcel delivery in selected ParcelShop via e-mail or SMS
Pick&ReturnService, Pick&ShipServicePickup address  

e-mail address

Consigneeparcel pickup

Pickup information

   
DeliveryAtWorkServiceDepartment, contact, person, phone no.ConsigneeDelivery in the selected department/on consignee´s workplace
InfoServicee-mail addressConsigneeTracking information about parcel and planned delivery time via e-mail

If parcels are sent to other countries, the needed consignor and consignee data will be transferred to the GLS partner company in the delivery country.

The collection of your personal data is necessary for the execution of our deliveries and for operations related to that (e.g. accounting or claimed damages) in order to fulfil our contractual duties with our customers (consignor).

As far as needed we process your personal data for the purpose of legitimate interest of GLS Austria or thirds. This applies e.g. to solvency checks, quality management, complaint management and controlling purposes.

In addition to that we as a company are subject to several legal obligations, e.g. fiscal checking and notification duties and sanction checks according to the Foreign Trade and Payments Act.

2.2 Responsibility

Compliance with applicable data protection regulations regarding consignor, consignment and consignee data is an original duty of GLS Austria. Transferring data to GLS Austria by the consignor/client for the purpose of fulfilling a contract does not constitute a processing of data on behalf.

For additional services like our “FlexDeliveryService” and the “ShopDeliveryService” the e-mail address or the phone number of the consignee is required in order to receive updates on the delivery. GLS Austria receives this data from the customer, who orders the service. The consignor is therefore responsible for a proper handling of this data. In particular the client is also responsible for obtaining the consent of the consignee to the transfer of his telephone number and/or e-mail address to GLS Austria.

In case of “Pick&ReturnService” or “Pick&ShipService” the customer can provide the e-mail address of the pickup contact (see above). GLS Austria receives this data from the customer, who orders the service. The consignor is therefore responsible for a proper handling of this data. In particular the client is also responsible for obtaining the consent of the pickup contact to the transfer of his e-mail address to GLS Austria.

In case of any question according to this process, please contact your contracting party (the consignor/requester of the pickup order). Furthermore it is also possible to withdraw your consent towards GLS Austria. To do so, please contact our data protection officer.

2.3 Delivery options

When choosing a new delivery option, personal data is collected and processed:

User Data

The following user data will be collected and processed when choosing a new delivery option:

• First name, last name*

• New delivery address (street, ZIP, city, country)*

• Drop-off point*

• Authorised recipient (first name, last name)*

• E-Mail address

*does not apply to all delivery options

The data is being used to fulfil the delivery agreement or to contact users during delivery to make sure the parcel can be delivered at the desired time and place. This represents a fulfilment of contractual obligations according to Article 6 (1) lit. b GDPR. A use for other purposes, especially disclosure to third parties, is excluded.

3. Information for applicants

Controllers for the processing in terms of the application process according to Article 4 (7) GDPR resp. media owner according to § 1 (1) number 8 MedienG (Austrian Media Act) are: General Logistics Systems Austria GmbH Traunuferstraße 105 4052 Ansfelden (Hereinafter: „The controllers“)

3.1 Application information

By applying to one of the above mentioned companies via https://gls-group.eu/AT/en/career, by e-mail or by post, you provide the respective company with your personal data for the purpose of examining your application. The data will help the controller to manage your application and to find a suitable job for you. Your data is stored and processed on the systems of our software partner e- Recruiter GmbH.

3.2 Software-Partner e- Recruiter GmbH

In order to optimize our recruiting process continuously, we use the applicant management solution of our software partner e-Recruiter. For details of their privacy policy, please use the following link: https://www.erecruiter.net/p/datenschutz To ensure the compliance with data protection regulations, we concluded a Data Processing Agreement according to Article 28 GDPR with e-Recruiter.

3.3 Applicant data

When applying via our GLS career page, the following information is mandatory: salutation, first name, surname, e-mail address (and password for registration), your salary requirements, a curriculum vitae and information on how you have become aware of us.

Additional personal data we receive from you by the voluntary indication of, among other things, a phone number, address details, a photo, a letter of motivation, or your relevant credentials.

If you apply by e-mail or post, we will store all data that you provide us in your application.

In the context of any other contact and use of the e-mail contact form, the data you enter, such as name, address, telephone number, e-mail address, etc., is required to process your request.

The storage and processing of your data for the purpose of applicant management takes place for the initiation of an employment contract with you. As far as necessary we process your personal data for the purpose of legitimate interest of the controllers or thirds. This includes processing for statistical purposes in an anonymous or aggregated way (e.g. reportings).

3.4 Communication via E-mail or WhatsApp

If you give us consent to the processing and storage of your personal data for processing purposes for application beyond the actual staffing and you also want to be contacted via job offers by phone or in electronic form, the lawful processing is based on your consent.

At any time you have the right to withdraw your consent in data processing towards us. This also applies to consent given before the GDPR. The withdrawal is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.

If you have given your consent that we may contact you via WhatsApp, data will be transmitted to WhatsApp Inc. WhatsApp has implemented an end-to-end encryption so that the transmitted content is only accessible to the communication partners. WhatsApp can collect so-called metadata (who communicates with whom and how often).

WhatsApp Inc. receives personal data (including metadata), which are also processed on servers in countries outside the EU (e.g. USA). This data will also be passed on to other companies within and outside the Facebook group. For more information, see WhatsApp’s privacy policy. WhatsApp Inc. is certified under the EU-US Privacy Shield, which guarantees compliance with European data protection law. The controllers have neither exact knowledge nor influence on the data processing by WhatsApp Inc.

3.5 Data transfer of applicant data

The central processing of the applicant data is the responsibility of GLS Austria. Your data will only be saved, evaluated, processed or forwarded internally (within the responsible companies) as part of your application. They are only accessible to employees of the human resources department and those persons responsible for the selection of applicants. They are committed to maintain confidentiality of personal data as part of their employment contract. In exceptional cases, additional parties may receive your data.

In the case of recruitment by external recruiting agents, e.g. through Head-hunter or the Employment Agency, they may receive your personal information.

In regard to a data transfer to third parties, we will only transmit your personal data if required by law, with your consent of if we are authorised for disclosure. Under these conditions, public bodies and institutions (such as law enforcement agencies) can receive your personal data.

A transfer of personal data to a non-EU-country will exclusively take place if explicitly stated in the context of the previously mentioned services.

3.6 Duration of storage and erasure

We store your personal data only in accordance with legal retention periods and legal obligations, as long as it is necessary for the purpose. We set the duration of the storage according to the following requirements:

If you start a job with the person in charge, your personal data, or at least an excerpt thereof, will be added to your personal file.

If you have applied and have received a negative decision, your details will be saved for 6 months after completing the application process and will then be anonymized (profile and application). There is no notification about the deletion of the data.

4. Information for ParcelShop partners

4.1 Application as ParcelShop partner

If you apply as a ParcelShop partner of GLS Austria, we need the following personal data of you, respectively: surname, given name, company if applicable, street, house number, postcode, town, country, phone number, e-mail address and website (if applicable) for the purpose of reviewing your application (pre-contractual measures).

If the contract (ParcelShop contract) is closed between you and GLS Austria, we process these data in order to fulfil the contract. Furthermore in terms of accounting we need your bank details, tax ID and sales tax ID. For the proof of business registration we need the corresponding trade register excerpt.

Legal basis for the data processing is Article 6 (1) lit. b GDPR. If no contract is concluded, your data will be deleted latest 2 years after the process has been completed.

4.2 Searching for a ParcelShop

For a better traceability of your ParcelShop its address will be published or shown as a search result on the following websites and applications. This might include ParcelShop searching included in the GLS Austria websites ( gls-group.com; gls-one.at) and in the GLS App, Online directory services: (e.g. Google Maps, Herold) and Integration in web shops of ParcelShop partners who offer our ShopDeliveryService.

5. Video surveillance

With video surveillance at the locations of GLS Austria, the company pursues the following legitimate interests in accordance with Article 6 (1) f GDPR:

• Property protection, burglary prevention and householder’s rights

• Parcel tracking incl. documentation of liability transfer

• Security and employee protection for Cash on Delivery transactions

Video recording will be stored for 30 calendar days.

6. Websites of GLS Austria

For a proper use of our services you must provide us with personal data, which is necessary for the fulfilment of the specific purpose or which we are legally required to collect. Otherwise we are usually not able to form a contract with you. The scope of data processing depends on the use of the respective functions.

6.1 gls-group.eu/AT/de/home

Track & Trace

The parcel number is required to provide you with status information about the parcel.

Contact form

The data you submit via contact form (e.g. name, address, zip code and town) is required to process and answer your request.

Shipping information under "Join as business partner"

The data entered in the above mentioned form, such as first name, number of parcels, etc., is required to process your request. After receiving your request we will send you a confirmation e-mail.

“YourGLS”

The GLS Austria website is generally divided into an open and closed area: Functions in the open area can be used without prior registration. GLS business customers receive login data for “YourGLS” (closed area) from their responsible depot on request.

The closed area "YourGLS" offers you to save addresses of regular consignees in the YourGLS address book. These addresses can be used to produce parcel labels easily. You can delete these addresses any time. Upon request or when your customer relation ends, the YourGLS account will be locked by the responsible depot. The data is deleted after the legal retention period is expired.

Searching for ParcelShop

For searching the closest ParcelShop or GLS Depot, you need to enter the ZIP Code. Please note that a ZIP Code on its own is no personal data.

Application form for suppliers

If you apply as a supplier at GLS Austria, we collect the following personal data of the creditor resp. contact person(s) as part of the pre-contractual review:

First name, last name, (company), address, zip code, city, country, language, telephone number, fax, e-mail address and (website).

Application form for ParcelShop partners

If you apply as a ParcelShop partner at GLS Austria, we collect the following personal data as part of the pre-contractual review:

First name, last name, (company), address, zip code, city, country, telephone number, e-mail address, website.

Drop off permission

On our website you have the option to fill a drop off permission. This allows a delivery, even if we cannot meet you in person. As part of the issue of a parking permit, we collect the following personal data:

First and last name of the recipient or company name, street/house number, zip code/place of residence, e-mail address and a description of the desired storage location (e.g. Garage).

The data of the drop off permission will be stored for another 3 years after revocation, in case of asserting claims for damages.

Proposal for ParcelShop

If you submit a proposal for a ParcelShop in your area, we will process the personal data that you have provided to us via the contact form. Therefore it is mandatory to provide a street, house number, postcode and town. In addition, you have the possibility to provide the name of the ParcelShop, a contact person and your own contact details for us to contact you. You will then only be notified by us if you have given us your consent.

6.2 GLS-ONE and GLS App

Send parcel The personal data entered by you in the „Send parcel“ form, such as consignor and consignee information (first name, last name, company, address, zip code, city and country) are processed and stored in order to fulfil the contract on the legal basis of Article 1 (1) lit. b GDPR. Some services require additional data: • The GLS “FlexDeliveryService” requires the e-mail address and/ or telephone number of the consignee. So we can provide the consignees with information about their upcoming parcel delivery and offer alternative delivery options. • By commissioning the “Send@ParcelShop” Service the e-mail address and/ or telephone number of the consignee will be used to inform the consignee about their delivery at their desired ParcelShop. Consignee data transmitted by the user will exclusively be used by GLS Austria to fulfil the ordered service (parcel delivery). A use for further purposes, in particular the transfer to third parties is excluded, unless legal regulations require another use. As consignor, please note that transmitting the e-mail address or telephone number of the consignee requires permission. We use the following payment service provider to process your data in terms of the payment for our delivery services: • PayPal/PayPal PLUS: PayPal (Europe) S.à r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter “PayPal”) Please note that in the context of your paying process via “PayPal”, “PayPal via PayPal PLUS”, “Direct Debit via PayPal PLUS”, “Credit Card via PayPal PLUS” or “PayPal PLUS Invoice”, PayPal is responsible for the data processing. Therefore all transactions are subject to PayPal’s privacy policy. When you select one of the following listed payment methods “Credit Car via PayPal PLUS”, “Direct Debit via PayPal PLUS” or “PayPal Invoice” PayPal conducts a credit check to calculate the likelihood of a payment default (so called “Scoring Value”). For information on identity verification at PayPal and for data exchange with credit reporting agencies (credit rating), click here: https://www.paypal.com/de/webapps/mpp/ua/creditchk

Credit Card: EVO Payments International GmbH, Elsa-Brändström-Str. 10-12, 50668 Köln, Germany (hereinafter „EVO Payments“)

Please note that in the context of your paying process via credit card EVO Payments will be responsible for the data processing. Therefore all transactions are subject to EVO Payments Privacy Policy.

GLS applies fraud prevention measures when you are making an online payment at GLS-ONE or in the GLS App. Therefore your payment can fail (e.g. when exceeding a maximum amount). If you would like to be exempted from these measure, for example, if you want to send higher amounts of parcels, please contact customer-service@gls-one.at. We ask you for understanding, that we check your payment history before activation.

Registration

When registering for GLS-ONE or GLS App, your e-mail address and your GLS-ONE password (user data) will be collected and stored. The e-mail address will be used as a user name for GLS-ONE or GLS App and to give you a new password for GLS-ONE if required.

Under "My parcels" you can find a list of all parcels you sent with GLS-ONE including creation date, parcel number, consignee, price and status.

In addition to that, as a registered GLS-ONE user you have the opportunity to save your consignee address under „My address book”. You can delete the addresses at any time. We won’t use the addresses, unless you send us a transport request by using the function “Send parcel”.

By deleting your GLS-ONE account, those consignee addresses will be deleted automatically. The erasure of your data will take place after everything has been settled and after expiry of the legal retention periods.

Track & Trace ("Where is my parcel?")

Your entered parcel number is required to provide you with status information about your searched parcel.

Search for a ParcelShop

For searching the closest ParcelShop, you need to enter the zip code. Please note that a zip code on its own is no personal data.

6.3 gls-insight.at

Contact form

The data you submit via contact form (e.g. name, address, postcode, town) is required to process and answer your request.

Newsletter

When you register for our newsletter, your e-mail address will be sent to us and a confirmation e-mail will be sent to the address provided. This e-mail contains a link that you must click to confirm your registration (double opt-in procedure).

The lawful processing is based on a balance of interests according to Article 6 (1) lit. f GDPR. GLS Austria operates this InSight site in order to provide customers and other interested people who visit the InSight site with current information from the company itself and to report on current industry trends. The processing of personal data is based on the legitimate interests of GLS Austria in an optimized company presentation. If you have registered for our newsletter with your e-mail address, the data will be processed on the basis of consent in accordance with Article 6 (1) lit. a GDPR.

7. Information about cookies, web analytics and service providers

Hereinafter you will find an overview of the data automatically collected on our website. You will find a description of the individual processes below.

 gls-group.eu/ATGLS ONE+ GLS APPgls-insight.at
Logging of IP addressesXXX
CookiesXXX
Google AnalyticsXXX
Google Optimize X 
Google AdWords X 
Google Remarketing X 
Facebook Pixel X 
Microsoft Advertising X 
Hotjar X 
Trusted Shops Trust badge X 
Social Media LinksXXX
Share Buttons   

7.2 Logging of IP addresses

Each time a user accesses the GLS website, data is recorded in a log file. The following data is temporarily recorded:

• Date and time of request

• IP address or DNS name of the requesting computer

• Requested page (URL)

• HTTP answer code

• Client operating system and version

• Browser and version

The log file data is anonymously analysed for statistical purposes. Statistical reports are used to evaluate the usage of this website. In particular, the order in which the pages are visited and the path taken between pages is shown. This is intended to give GLS Austria an indication how the usability of the website can be improved further.

7.3 Cookies

What are cookies?

Small text files stored on your computer, enabling an analysis of your website use. The information stored by cookies can be read by the website when you visit it again at a later date. On the one hand cookies are necessary to ensure that all processes on the site work smoothly. On the other hand cookies can make the re-use of the site easier for the user: Information stored by cookies at the first visit, e. g. language settings or user names, do not need to be entered again. Hence, the website adjusts itself to a certain extent to your individual needs under the condition that the same device will be used.

That’s why GLS uses cookies:

To provide you an optimal service, adapted to your customer needs. For instance, some information you have already received at the first visit, will not be displayed once more. Activities such as the login and logout process can be facilitated, information you already searched for will be displayed faster. The performance of the website can be increased.

GLS uses the following cookies:

ProviderUsed by websiteName Purpose
GLSgls-group.eu/ATBIGIPFor internal load balancing of web servers Storage period: Only for current browser session
GLSgls-group.eu/ATfeature_releaseTo provide new features to website users
GLSgls-group.eu/ATglsCountryURLSaves the selected country on gls-group.eu Storage period: 5 years
GLSgls-group.eu/ATJSESSIONIDSession ID for current browser session Storage period: Only for current browser session
GLSgls-group.eu/ATSEARCHGLSIDFor identification of search queries Storage period: Only for current browser session
GLSgls-group.eu/AT, GLS-ONE,gls-cookie-policy, IsCookieConsentAccepted, cookieUsageConfirmed, cookieconsent_dismissedUsed to save acceptance of cookies by website user Storage period: 2 years
Google (Analytics, Optimize, Adwords, Remarketing)gls-group.eu/AT, GLS-ONE, gls-insight.at_ga, _gid, _gat, _dc_gtm_<property-id>, AMP_TOKEN, _gac_<property-id> __utma, __utmt, __utmb, __utmc, __utmz, __utmv, __utmx, __utmxx, _gaexp _opt_awcid, _opt_awmid, _opt_awgid, _opt_awkid, _opt_utmc These cookies are used by Google Analytics to collect information on how users use the websites or apps, respectively. The information is used to create aggregated usage reports which help us to improve the websites and apps. Detailed information on the single cookies can be found under https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
Storage period: 13 months
Microsoft Inc. (Advertising/Bing Ads)GLS-ONE, GLS- App_uetsidTracking cookie to identify a user which has visited the website before Storage period: 30 minutes after ending the browser session
Sgalinski Internet Servicesgls-insight.atspamshieldUsed to protect the website from spam created by spam bots. Storage period: Only for current browser session
Sgalinski Internet Servicesgls-insight.atCookie_optinSaves the cookie settings of the website user. Storage period: 30 days
Youtubegls-insight.atPREFUsed to save user settings like language for YouTube videos embedded in the websites. Storage period: 13 months
Youtubegls-insight.atVISITOR_INFO1_LIVEUsed to track information on the embedded YouTube videos on a website. Storage period: 5 months
Youtubegls-insight.atYSC, GPSThese cookies are used to track views of embedded YouTube videos. The cookies contain a unique ID to track users based on their geographical location. Storage period: 30 minutes

How to deactivate cookies:

You can adjust this in the settings of your browser. You can find more information in the help for your browser. Please note: If you deactivate cookies, you may no longer be able to use all functions of the respective website.

7.4 Google Analytics and Optimize

The above listed websites are using Google Analytics, a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA ("Google"). Google Analytics uses cookies. The information about your use of this web site, generated by the cookie (incl. your IP address), is transmitted to a Google server in the USA and saved there.

Some of these websites also uses Google Optimize. Google Optimize analyses the use of different variants of our website and helps us to improve the usability accordingly to improve the behaviour of our users on the website. Google Optimize is a tool integrated into Google Analytics.

The website operator has a legitimate interest in analysing user behaviour in order to optimize its website. Due to that the legal basis for the data processing is Article 6 (1) lit. f GDPR. We are using Google Analytics to analyse and improve the use of our website. These statistics help us make our services more interesting and efficient. For the exceptional cases in which personal data is transferred to the USA, Google has the EU-US Privacy Shield certification, https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

The GLS website uses the Google Analytics extension „gat._anonymizeIp();“. This ensures anonymized registration of IP addresses ("IP masking"). If IP anonymization is activated on this website, your IP address is shortened before transmission in member states of the European Union or other contractual states of the agreement on the European Economic Area. Only in exceptional cases the full IP address is transmitted to a Google server in the USA and shortened there.

Google, on behalf of the website operator, will use this information in order to analyse your use of the website, to compile reports about the website activities and to perform further services that are connected with the website use and the internet use. Google will in no case connect your IP address with other data of Google. Further information about how Google Analytics handles user data can be found in the Google Privacy Policy: https://support.google.com/analytics/answer/6004245?hl=en

You can avoid the installation of cookies by adjusting the according settings of your browser software; however we would like to point out that in this case you might not be able to use all functions of this web site to the full extent. Furthermore you can block the registration of the data created by the Cookie (incl. your IP address) and related to your use of this website and the processing of this data by Google by downloading and installing the browser plugin available under https://tools.google.com/dlpage/gaoptout?hl=de

By clicking on the following link, you can prevent the data collection by Google Analytics. An opt-out cookie will be set, that prevents the data collection on future visits to this website.

Information about the third party supplier:

Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland,

Fax: +353 (1) 436 1001

Terms and conditions: https://www.google.com/analytics/terms/de.html

Privacy and Privacy Policy: https://www.google.de/intl/de/policies/privacy.

Google is certified under the Privacy Shield Framework and as a result, offers a guarantee that complies with European data protection law. https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

7.5 Google AdWords

Our website uses Google conversion tracking. If you reached our website through an ad placed on Google, Google AdWords will place a cookie on your computer. The cookie for conversion tracking is set when a user clicks an ad placed on Google. These cookies expire after 30 days and cannot be used for personal identification. If the user visits certain pages on our website and the cookie has not expired yet, we and Google can detect that the user clicked on the ad and was redirected to this page. Every Google AdWords customer receives a different cookie. Thus cookies cannot be used to trace AdWords customers through the websites. The information obtained using the conversion cookie serves to generate conversion statistics for AdWords customers who have opted for conversion tracking. The customer receives the total number of users that clicked on their ad and were redirected to a site with a conversion tracking tag. However, they will not receive any information that could be used to personally identify users.

If you do not want to participate in tracking, you can decline the setting of cookies required for this – for example through the browser setting that generally disables the automatic setting of cookies or by adjusting your browser so that cookies from the domain “googleadservices.com” are blocked.

Please note that you may not delete opt-out cookies as long as you do not want any measurement data recorded. If you have deleted all the cookies in your browser, you will need to reset the respective opt-out cookie.

7.6 Use of Google Remarketing

This website uses the remarketing function of Google Inc. This function serves to present website visitors within the Google advertising network with ads based on their interests. A “cookie” will be stored in the website user’s browser that makes it possible to recognise the visitor when they access websites that belong to Google’s advertising network.

Visitors on this page can be shown ads related to content that the visitor previously accessed on websites that use Google’s remarketing function.

According to their own information, Google does not collect any personal data in this process. However, if you do not want Google’s remarketing function, you can always disable it by making the appropriate settings at http://www.google.com/settings/ads.

Alternatively, you can disable the use of cookies for interest-based advertising via the Network Advertising Initiative by following the instructions at http://www.networkadvertising.org/managing/opt_out.asp.

7.7 Hotjar

This website utilizes Hotjar. The provider is Hotjar Ltd., Level 2, St Julians Business Centre, 3, Elia Zammit Street, St Julians STJ 1000, Malta (website: https://www.hotjar.com).

Hotjar is a tool used to analyse your user patterns on our website. Hotjar allows us to for instance record your mouse and scroll movements as well as your click. During this process, Hotjar also has the capability to determine how long your cursor remained in a certain position. Based on this information, Hotjar compiles so-called Heat maps that allow to determine which parts of the website the website visitor reviews with preference.

We are also able to determine how long you have stayed on a page of our website and when you left. We can also determine at which point you suspended making entries into a contact form (so-called conversion funnels).

Furthermore, Hotjar can be deployed to obtain direct feedback from website visitors. This function aims at the improvement of the website offerings of the website operator.

Hotjar uses cookies. Cookies are small text files that are placed on your computer and stored by your browser. Their purpose is to make our website presentation more user friendly, more effective and more secure. These cookies allow us to in particular determine if our website was used with a certain device or if the functions of Hotjar have been deactivated for the respective browser. Hotjar cookies will remain on your device until you delete them.

You can set up your browser in such a manner that you will be notified anytime cookies are placed and you can permit cookies only in certain cases or exclude the acceptance of cookies in certain instances or in general and you can also activate the automatic deletion of cookies upon closing of the browser. If you deactivate cookies, the functions of this website may be limited.

The use of Hotjar and the storage of the Hotjar cookies are based on Article 6 (1) lit. f GDPR. The website operator has a legitimate interest in the analysis of user patterns, in order to optimize the operator's web offerings and advertising.

Deactivation of Hotjar: If you would like to deactivate the recording of data by Hotjar, please click on the link below and follow the instructions provided under the link: https://www.hotjar.com/opt-out.

Please keep in mind that you will have to separately deactivate Hotjar for every browser and every device.

For more detailed information about Hotjar and the data to be recorded, please consult the Data Privacy Declaration of Hotjar under the following link: https://www.hotjar.com/privacy.

7.8 Conversion measurement with Facebook Pixel

If you have consented to our use of the Facebook Pixel, our website will feature the Facebook Pixel provided by Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”). This enables us to track the actions a user takes after having been forwarded to the website of the provider by clicking on a Facebook advertisement. This enables us to evaluate the effectiveness of Facebook advertisements for statistical and market research purposes and can help us to optimize future promotional measures.

The data collected are anonymized for us, and as such we are unable to draw any conclusions as to the identity of a user. However, Facebook stores and processes the data, making it possible to associate them with the profile of a user and for Facebook to use the data for its own advertising purposes in line with its data policy ( https://www.facebook.com/about/privacy/). The data enable Facebook and its partners to place advertisements on and outside of Facebook. Furthermore, a cookie can be installed on your computer for these purposes.

Only users over the age of 13 can consent to the Facebook Pixel. If you are younger, please ask your parent or legal guardian for permission.

7.9 Microsoft Advertising

On our pages we use the Conversion Tracking of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Advertising will place a cookie on your computer if you access our website via a Microsoft Advertising. This allows Microsoft Advertising and us to identify if someone has clicked on an ad, has been redirected to our website and has reached a previously defined target page (conversion page). We only see the total number of users who clicked on a Bing ad and were then redirected to the conversion page. No personal information about the user is disclosed. If you do not want information as described above to be used by Microsoft, you can prevent the setting of a cookie required for this purpose – for example, by using a browser setting that generally deactivates the automatic setting of cookies. You can also prevent the collection of data generated by the cookie and related to your use of the website and the processing of this data by Microsoft by clicking on the following link: https://account.microsoft.com/privacy/ad-settings/signedout?lang=en- GB to declare your objection. Further information on data protection and the cookies used at Microsoft and Microsoft Advertising can be found on the Microsoft website at https://privacy.microsoft.com/en-us/privacystatement.

7.10 Trusted Shops Trustbadge

The Trusted Shops Trustbadge is integrated on this website to display our Trusted Shops Trustmark and the collected reviews as well as to offer Trusted Shops products to buyers after an order.

This is necessary to safeguard our legitimate prevailing interests in an optimal marketing by ensuring the safety of your purchase according to Article 6 (1) lit. f GDPR. The Trustbadge and the services advertised with it are an offer of the Trusted Shops GmbH, Subbelrather Str. 15C, 50823 Köln, Germany. The Trustbadge is made available by a CDN provider (Content-Delivery-Network) as part of order processing. The Trusted Shops GmbH uses also service provider from the USA. An adequate level of data protection is guaranteed. Further information to the data security of the Trusted Shops GmbH can be found here: https://www.trustedshops.co.uk/imprint/ .

When the Trustbadge is called up, the web server automatically saves a server log file which contains, for example, your IP address, the date and time of the call, the amount of data transferred and the requesting provider (access data) and documents the call. Individual access data are stored in a security database for the analysis of security problems. The log files are automatically deleted 90 days after creation at the latest.

Further personal data will be transferred to Trusted Shops GmbH if you decide to use Trusted Shops products after completing an order or have already registered for use. The contractual agreement made between you and Trusted Shops applies. For this purpose personal data is automatically collected from the order data. Whether or not you are already registered as a Trusted Shops customer is automatically checked by means of a neutral parameter, the e-mail address hashed by cryptologic one-way function. The e-mail address is converted to this hash value, which cannot be decrypted by Trusted Shops before it is transmitted. After checking for a match, the parameter is deleted automatically.

This is necessary for the fulfilment of our and Trusted Shops' legitimate prevailing interests in the provision of the buyer protection linked to the specific order and the transactional review services in accordance with Article 6 (1) lit. f GDPR. Further details, including your right to object, can be found in the Trusted Shops Privacy Policy linked above and within the Trustbadge.

7.11 Social Media Links

The GLS websites contain links to the social media accounts of GLS Austria (e.g. Xing, LinkedIn, Instagram, YouTube, Kununu and Facebook). When using these links, please note that data processing on these profile pages is carried out in part by the respective provider.

GLS maintains business profiles on Facebook, Instagram, YouTube, XING, LinkedIn, and Kununu. As the operator of these business profiles, together with the respective operator of these social networks we are responsible within the meaning of Article 4 (7) GDPR. When visiting one of our fan pages, personal data will be processed by the controllers. Find more information on privacy when visiting on of our business profiles here.

7.12 Share Buttons

On our in 3.1 listed websites you can find some, so called Share Buttons (e.g. Facebook and WhatsApp). Those Buttons can be seen as a kind of bookmark that allows users to share our job advertisements with the respective service. On our website the share buttons are integrated by the privacy-friendly „Shariff-solution“ of heise.de and serve as a link to the corresponding services. After clicking on the integrated graphic, you will be redirected to the respective provider’s website. Only then user information will be transmitted to the provider. Please refer to the provider’s policy for further information on how they deal with your personal data.

8. Social Media Business Profiles

8.1 General information

In the below listed social networks GLS Austria maintains so called business profiles. Together with the respective operator of the social network, GLS Austria is jointly responsible for the data processing on the respective business profile within the meaning of the GDPR (Article 4 (7) GDPR). In the following sections we will inform you about data processing in connection with our business profiles.

Information on data processing by GLS Austria

When using the functions of the respective social network (e.g. „Like“-Button, „Follow“-Button), the controllers and possibly other users of the social network can see, that you are a follower of the business profile.

If you communicate and interact with us (comment, post, message), we will store your user name and the content of the message or comment for the purpose of processing your enquiry. Depending on the matter, you may provide or we may request additional personal data via private messages (e.g. parcel number, e-mail address or telephone number if you wish to be called). Please note that you should not provide any personal or confidential data in publicly visible comments and posts.

If you participate in one of our competitions, we store and use your Facebook user name to determine the winners and to communicate with you.

For continuous improvement of our social media presence on Facebook, Instagram, and LinkedIn we use the analysis tool ‘Fanpage Karma’ provided by uphill GmbH, Oranienstr. 188, 10999 Berlin. This only involves statistical analyses in aggregated form (with no reference to individual persons).

GLS Austria runs these business profile to present the company to social media users or other prospects and to get in contact with them. The processing of personal data is justified by the legitimate interest of GLS Austria (Article 6 (1) lit. f GDPR) to optimize the representation of the company. In case of a competition, the lawful processing is ensured by your consent (Article 6 (1) lit. a GDPR).

Personal data arising from your enquiries is automatically deleted six months after your enquiry. You have the right to request the manual deletion of this data at any time. If statutory retention periods preclude the deletion (for example in the event of complaints), the data will only be deleted or destroyed on expiry of the prescribed retention period.

Information on platform-dependent data processing by the respective provider and ways to contact the provider can be found in the following sections.

8.2 Facebook and Instagram

For the GLS business profile on Facebook GLS uses the technical platform and services of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland („Facebook“).

For the GLS business profile on Instagram GLS uses the technical platform and services of Instagram LLC, 1 Hacker Way, Building 14 First Floor, Menlo Park, CA 94025, USA („Instagram“).

The Instagram service is one of the Facebook products provided by Facebook Ireland Limited. Consequently, the following information on Facebook also applies to our business profile on Instagram.

We point out that you use our Facebook fan page and its functions on your own responsibility. This is especially true for the use of the interactive features (e.g. commenting, sharing, rating). The terms of use of Facebook apply.

Collection and processing of access data by Facebook (Insights)

Please carefully check which personal data you share with us via Facebook. As long as you are logged into your Facebook account and visit our Facebook profile, Facebook can assign this to your Facebook profile. We expressly point out that Facebook stores the data of its users (for example, personal information, IP address, etc.) and may also use it for business purposes. If you want to prevent Facebook from processing personal data transmitted to us, please contact us by other means. Detailed information about the data processing of Facebook can be found in the data policy of Facebook under https://www.facebook.com/privacy/explanation

(Instagram: https://help.instagram.com/519522125107875).

Name and contact details of the joint controllers

As far as the data submitted by you is also or exclusively processed by Facebook (Insights data), Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and we are the joint data controllers as defined in GDPR. The data processing takes place in this respect on the basis of an agreement between the joint controllers according to Article 26 GDPR, which you can find here: www.facebook.com/legal/terms/page_controller_addendum.

You can contact the Data Protection Officer of Facebook via the contact form provided under https://www.facebook.com/help/contact/540977946302970.

Data processing for statistical purposes using site insights Facebook provides us with so-called site insights for our Facebook page www.facebook.com/business/a/page/page-insights (or Instagram: https://help.instagram.com/788388387972460?helpref=related&ref=related). This is aggregated data that helps us to understand how people interact with our site. Site insights may be based on personal information collected in connection with a visit or interaction of people on or with our site and its content. You may opt-out of the processing of your data for any of the above purposes at any time by changing your ad settings in your Facebook user account at www.facebook.com/settings?tab=ads.

Competent supervisory authority for Facebook and Instagram Data Protection Commission Canal House Station Road Portarlington Co. Laois R32 AP23, Ireland

https://www.dataprotection.ie

8.3 XING/Kununu

For the maintenance of the GLS business profile on XING/Kununu GLS uses the technical platform and services of New Work SE, Dammtorstraße 30, 20354 Hamburg („XING“).

Privacy policy of XING/Kununu: https://privacy.xing.com/de/datenschutzerklaerung.

Contact the data protection officer of XING/Kununu here: Datenschutzbeauftragter@xing.com.

XING/Kununu BrandManager

The XING/Kununu BrandManager provides us with general evaluation of the performance of our company profile. The key figures provided there (e.g. total number of page visits, total number of followers etc.) are merely aggregated data that do not allow any conclusions to be drawn about individuals.

Competent supervisory authority for XING/Kununu

Freie und Hansestadt Hamburg

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit

Ludwig-Erhard-Str. 22, 7. OG

20459 Hamburg

Tel.: 040 / 428 54 – 4040

https://datenschutz-hamburg.de

8.4 LinkedIn

For the maintenance of the GLS business profile on Facebook GLS uses the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland („LinkedIn“).

Privacy policy of LinkedIn: https://www.linkedin.com/legal/privacy-policy.

Through the privacy shield certification LinkedIn guarantees an adequate level of data protection when processing data in the USA:

https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active

LinkedIn Page Analytics

LinkedIn’s page analytics provides insight into the performance of our LinkedIn business profile to assess trends based on dates and time periods. The analysis data (e.g. follower and visitor numbers) are only aggregated data that do not allow any conclusions to be drawn about individuals.

Competent supervisory authority for LinkedIn

Irish Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

https://www.dataprotection.ie

8.5 YouTube

For the maintenance of the GLS business profile on YouTube GLS uses the technical platform and services of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Parent company: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“). YouTube is a Google service.

The privacy policy of Google and the associated services can be found at https://policies.google.com/privacy

Through the privacy shield certification Google guarantees an adequate level of data protection when processing data in the USA https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active

Competent supervisory authority for Google

Irish Data Protection Commission

21 Fitzwilliam Square South

Dublin 2

D02 RD28

Ireland

https://www.dataprotection.ie

9. Rights of the data subject, withdrawal of consent, exercise of rights, right to complain

9.1 Rights of the data subject

As data subject you have the right to:

  • obtain the controller confirmation as to whether or not and which personal data concerning him or her are being processed (Right of access by the data subject acc. to Article 15 GDPR)
  • obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her (Right to rectification acc. to Article 16 GDPR)
  • obtain from the controller the erasure of personal data concerning him or her without undue delay (Right to erasure acc. to Article 17 GDPR)
  • obtain from the controller restriction of processing (Right to restriction of processing acc. to Article 18 GDPR)
  • receive the personal data concerning him or her, which he or she has provided to a controller (Right to data portability according to Article 20 GDPR)
  • object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. (Right to object according to Article 21 GDPR)

9.2 Withdrawal of consent

At any time you have the right to withdraw your consent in data processing towards us. This also applies to consent given even before the GDPR. The withdrawal is only effective for the future and does not affect the lawfulness of the data processed until the withdrawal.

9.3 Exercise your rights

To exercise your rights or for withdrawal of your consent, please contact ´╗┐dataprotection@gls-austria.com and declare which right you wish to exercise so that GLS Austria may take further steps required to work on your request.

Please note, that we may ask you for a proof of identity in order to protect your personal information from unauthorized access or alteration.

9.4 Right to lodge a complaint with a supervisory authority

If you note any violation against our data protection regulations, do not hesitate to contact us. Furthermore, in such cases, you also have the right to lodge a complaint with a supervisory authority. (Article 77 GDPR in conjunction with § 24 DSG) Supervisory authority: Austrian Data Protection Authority Barichgasse 40-42 1030 Vienna Austria/Europe www.dsb.gv.at e-mail: dsb@dsb.gv.at

10.Updating this privacy information

GLS Austria is entitled to update this information by publishing the amended information on this website. Developing and optimizing our services is a continuous process. So we might add new services or functions from time to time. If this affects the way your personal data is processed, we will inform you in our privacy policy. This information was last updated on June 5th 2020.