Get in contact with us now. +49 7661 98 80-0

Privacy Policy

Privacy Policy GFL Makler- und Beratungsgesellschaft mbH

Below, we provide information about the type, scope, and purpose of the collection and use of personal data.

  1. Name and contact details of the controller and the company data protection officer

The controller within the meaning of the Federal Data Protection Act (BDSG) and the General Data Protection Regulation (GDPR) is GFL Makler- und Beratungsgesellschaft mbH, represented by Managing Director Marcus Sarafin, Freiburger Straße 7, 79199 Kirchzarten, telephone: 07661 9880 0, fax: 07661 98 80 199, email: info@gfl-broker.de .

  1. Scope

This privacy policy applies to the website www.gfl-broker.de , the use of the services offered there, and the GFL newsletter. If the website or newsletter contains links to external third-party sites, these websites are not covered by the privacy policy.

  1. Use of the website

When you visit our website, the browser used on your device automatically sends information to our website server. This information is temporarily stored in a so-called log file. The following information is collected without your intervention and stored until it is automatically deleted:

  • IP address of the requesting computer
  • Date and time of access to our website
  • Browser type and browser settings
  • Operating system used
  • The last page you visited
  • The amount of data transferred and the access status (file transfer, file not found,etc.), the IP-adress, the name, and the URL of the file accessed.

The IP address is anonymized during your visit to the homepage. This anonymized form is stored for a maximum of 16 days and then deleted.

The above data is processed for the following purposes in particular:

  • Ensuring a smooth connection to the website,
  • Ensuring comfortable use of our website,
  • Evaluating system security and stability, and
  • For further administrative purposes.

The legal basis for data processing is Art. 6 (1) (f) GDPR. Our legitimate interest follows from the above-mentioned purposes. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

  1. Use of online tools

If you wish to use a service offered by us on our website, e.g., the use of an online tool (www.gfl-broker.de/online-tools ), you must enter additional data. However, this data is essentially non-personal data. The data you voluntarily enter is necessary to enable the use of the online tools.

The data entered when using the online tools is processed for the purpose of fulfilling a contract in accordance with Article 6(1)(b) GDPR.

The data you enter is only used for the purpose of using the online tools and is not stored.

  1. Contacting us via the contact form

If you use our contact form and provide us with the requested personal data, we will use and store this data to process your enquiry and any follow-up questions. If you contact us in this way, we will collect your first and last name, your email address and your telephone number. In addition, you can voluntarily provide your address, company, and fax number.

We will not pass on your personal data to third parties.

Data processing for the purpose of contacting us is carried out for the fulfillment of a contract or for the implementation of pre-contractual measures in accordance with Art. 6 (1) (b) GDPR.

  1. Use of cookies

6.1 General information on the use of cookies

We use cookies on our website. Cookies are small text files that are sent from our web server to your browser when you visit our website and are stored on your computer in order to improve our website and offer you a better service. The cookie stores information that is specific to the device you are using. However, this does not mean that we have direct knowledge of your identity.

When you visit our website, session cookies are used to ensure the functionality of the website. These session cookies are automatically deleted when you close your browser. The data processed by the cookies is necessary for the aforementioned purposes to protect our legitimate interests and those of third parties in accordance with Art. 6 (1) (f) GDPR.

You can configure most browsers so that no cookies are stored on your computer or so that a message always appears before a new cookie is created. However, completely deactivating cookies may mean that you cannot use all the functions of our website to their full extent

6.2 Cookie consent with Borlabs

Our website uses cookie technology from Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany, to obtain your consent to store certain cookies in your browser and to document this in accordance with data protection regulations.

A technically necessary cookie (known as a “Borlabs cookie”) is set to store your cookie consent. The Borlabs cookie does not process any personal data.

The Borlabs cookie stores the consent you gave when you accessed the website. If you wish to revoke this consent, simply delete the cookie in your browser. When you reload the website, you will be asked again for your cookie consent.

The Borlabs cookie is used to obtain the legally required consent for the use of cookies. The legal basis for this is Art. 6 (1) (c) and (f) GDPR.

  1. Web tracking by Google Analytics 4

It is important to us to design our website as optimally as possible and thus make it attractive to our visitors. To do this, we need to know which parts of the website are popular with our visitors.

If you have given your consent, Google Analytics 4, a web analytics service provided by Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”), is used on this website for the above-mentioned purposes.

Google Analytics uses cookies that enable an analysis of your use of our websites. The information collected by the cookies about your use of this website is usually transferred to a Google server in the USA and stored there. On July 10, 2023, the EU Commission confirmed with an adequacy decision for the so-called EU-U.S. Data Privacy Framework that the USA ensures an adequate level of protection for personal data. Google LLC is certified under the EU-U.S. Data Privacy Framework

However, as we use Google Analytics with the extension “anonymizeIP()” for IP anonymization, your IP address will be truncated by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics is not merged with other Google data.

During your visit to the website, your user behavior is recorded in the form of “events.” Events can be:

  • Page views
  • First visit to the website
  • Start of the session
  • Web pages visited
  • Your “click path,” interaction with the website
  • Scrolls (whenever a user scrolls to the bottom of the page (90%))
  • Clicks on external links
  • Internal search queries
  • Interaction with videos
  • File downloads
  • Ads viewed/clicked
  • Language

The following information is also collected:

  • Your approximate location (region)
  • Date and time of your visit
  • Your IP address (in abbreviated form)
  • Technical information about your browser and the devices you use (e.g., language settings, screen resolution)
  • Your internet service provider
  • The referrer URL (which website/advertisement you used to access this website)

On behalf of the operator of this website, Google will use this information to evaluate your use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR.

The data sent by us and linked to cookies is automatically deleted after 2 months. The maximum lifetime of Google Analytics cookies is 2 years. Data that has reached its retention period is automatically deleted once a month

  1. Google Tag Manager

We use a service called Google Tag Manager from Google. This service allows website tags to be managed via an interface. Google Tag Manager only implements tags, but does not set cookies or collect personal data. Google Tag Manager ensures that other components are loaded, which may in turn collect data. Google Tag Manager does not access this data.

The legal basis for this data processing is your consent in accordance with Art. 6 (1) (a) GDPR

  1. Plug-ins

Based on your consent in accordance with Art. 6 (1) (a) GDPR, we use social plug-ins from Twitter, LinkedIn, Xing, and YouTube on our website to promote our company and share the content of our website.

We use the “c’t Shariff” technology from Heise Medien GmbH & Co. KG, represented by Heise Medien Geschäftsführung GmbH, Karl-Wiechert-Allee 10, 30625 Hanover, P.O. Box 61 04 07, 30604 Hanover.

The Shariff buttons we use only establish direct contact between the social network and you when you actively click on the share button. In this way, c’t Shariff technology prevents you from leaving a digital trail on every page you visit. By using c’t Shariff technology, we take your personal data into account and protect it to the extent possible with current technology.

Further information on c’t Shariff technology can be found at https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

If you visit the website of one of the aforementioned social networks and thus leave our website, we have no influence on the data collected and the data processing operations, nor are we aware of the full scope of data collection, the purposes of processing, or the storage periods. We also have no information about the deletion of the collected data by the plug-in provider.

Further information on the operator of the respective website and on the purpose and scope of data collection and its processing by the operator of the respective social network can be found here:

9.1. X (formerly Twitter)

The Twitter share button is represented by the corresponding logo. When you click on the Twitter share button, you will be redirected to the X homepage (www.X.com ). The homepage is operated by Twitter International Unlimited Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07, Ireland. Each time you visit the homepage, various data is collected that can also be assigned to your account, provided you have an account and are logged in. If you wish to prevent this, you must log out beforehand.

Further details can be found in the following privacy policy: https://twitter.com/privacy

9.2. LinkedIn

The social network LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you click on the corresponding logo, you will be redirected to the LinkedIn homepage (www.linkedin.com ). Various data is collected there and, depending on whether you have a LinkedIn profile and are logged in, this data is also assigned to that profile. If you wish to prevent this, you must log out beforehand.

Further information can be found in the following privacy policy: http://www.linkedin.com/legal/privacy-

9.3. Xing

If you click on the Xing logo, you will be redirected to the Xing homepage (www.xing.com). This is operated by the service provider New Work SE, Am Strandkai 1, 20457 Hamburg. When you visit the website, the service provider collects various data that is also assigned to a specific account, provided you have an account with Xing and are logged in there. If you wish to prevent this, you must log out beforehand.

Further information can be found in the following privacy policy: https://privacy.xing.com/de/datenschutzerklaerung/

9.4. YouTube

When you click on the YouTube share button, you will be redirected to the YouTube homepage (www.youtube.com). The service provider for the homepage is Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland. The service provider collects various data, which is also stored in a Google account if you have one. If you wish to prevent this, you must log out beforehand.

Further information can be found in the following privacy policy: https://policies.google.com/privacy?hl=

10. Google Maps

We use the Google Maps service on our website via an API to display interactive maps and to create directions. The provider in the EEA and Switzerland is Google Ireland Limited (known as “Google”), Gorden House, Barrow Street, Dublin 4, Ireland.

By clicking on the “Unlock content // Accept required service and unlock content” button, you expressly agree to Google’s privacy policy and thus to the collection, processing, and transfer of your data to Google. Your server then establishes a connection with Google’s servers. The map content is then transmitted directly from Google to your browser. In this case, your usage data, in particular your IP address, is transmitted to Google in the USA. The European Commission has decided, by means of an adequacy decision within the meaning of Art. 45 GDPR, that the USA offers an adequate level of protection for your personal data.

  1. Newsletter

You can subscribe to our newsletter. To do so, you must provide your email address and your first and last name.

Registration for the newsletter is carried out using the double opt-in procedure. To prevent misuse, we will send you an email after your registration asking you to confirm your registration.

The legal basis for data processing is your consent in accordance with Art. 6 (1) (a) GDPR.

The newsletter is usually sent out once a month. It contains information about the company, its products, and current events and innovations in the insurance industry and the economy

The newsletter is sent via the Brevo program. The provider is Sendinblue GmbH, Köpenicker Straße 126, 10179 Berlin. Using the Brevo program allows us to organize the distribution of the newsletter and analyze statistical data related to newsletter distribution. Among other things, the program allows us to analyze how many newsletters are sent, how many people from which countries open the newsletter, and which articles are opened and for how long. In addition, we receive information about the domain name, the device used, and the browser used.

You can revoke your consent to receive a newsletter by email at any time. There is also a revocation link at the end of each newsletter. If you have only subscribed to our newsletter and revoked this subscription, your personal data will be deleted.

  1. Use of the digital platform for contract management

On our website, you have the option of setting up a personalized user account to view contracts brokered by GFL or GFL Finanzierungs-GmbH & Co. KG between you or the company you represent and third parties, and to manage them within the scope of the functions offered.

To register, you need to provide an email address and a password of your choice. You can also provide additional information voluntarily, although mandatory fields are marked as such. Once the user account has been set up, you and the respective contractual partner can provide further information and data using the functions offered. On the platform, you and the respective contractual partner can upload various data relating to the brokered contracts. Information and data posted by you on the platform may be forwarded to the respective contractual partners.

You can view and change your data in your user account at any time and delete individual pieces of information or your entire user account. We store your data until you permanently delete your access to the platform or, in the case of voluntary information, unless you delete it beforehand. We store all other data until your access is permanently deleted, unless you delete it beforehand.

We process your personal data on the basis of Art. 6 (1) (b) GDPR in order to provide the service requested by you or the company you represent.

  1. Storage period

The personal data processed by us in connection with the use of this website will be stored for as long as necessary for the purposes for which it is processed. After that, it will be deleted. However, we always reserve the right to store the data for as long as is necessary for legal purposes or to protect our legitimate interests (assertion, exercise, or defense of legal claims). Insofar as commercial and tax law retention periods must be observed, the storage period for certain data may be up to 10 years

  1. Rights of data subjects

You have the right:

  • to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you can request information about the purposes of processing, the category of personal data, the category of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of appeal, the origin of your data if it was not collected by us, and the existence of automated decision-making, including profiling and, where applicable, meaningful information about its details;
  • to request the immediate correction of inaccurate or incomplete personal data stored by us in accordance with Art. 16 GDPR;
  • to request the erasure of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise, or defense of legal claims;
  • in accordance with Art. 18 GDPR, to request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have lodged an objection to the processing pursuant to Art. 21 GDPR;
  • pursuant to Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request its transmission to another controller;
  • pursuant to Art. 7 (3) GDPR, to revoke your consent to us at any time. As a result, we will no longer be allowed to continue processing data based on this consent in the future; and
  • pursuant to Art. 77 GDPR, to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence or workplace or our company headquarters for this purpose

If you withdraw your consent, this does not affect the legality of the consent given prior to withdrawal. However, the withdrawal of your consent means that we may no longer continue the data processing based on this consent in the future.

If you have any questions about your rights as a data subject or if you wish to exercise these rights, please contact us by email at info@gfl-broker.de  or use the other contact options provided in our legal notice.

  1. Right to object

If your personal data is processed on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data pursuant to Art. 21 GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct marketing. In the latter case, you have a general right to object, which we will implement without you having to specify a particular situation.

If you wish to exercise your right of revocation or objection, simply send an email to: info@gfl-broker.de.

 

Status of the privacy policy: July 2025

Let us be a part of your success story!

Get in contact with us now.

+49 7661 98 80-0 info@gfl-broker.de