Privacy Policy

Privacy Statement

GFL Makler-und Beratungsgesellschaft mbH (hereinafter GFL) strictly adheres to the regulations of the Data Protection Act. 

The following information explains the nature, scope and purposes of the collection and usage of personal data. 

1. Name and contact details of the data controller and company data protection officer 

Amongst other things, responsibility according to the German Federal Data Protection Act (BDSG) as well as the German General Data Protection Regulation (DSGVO) is with GFL Makler- und Beratungsgesellschaft mbH, represented by Managing Director, Marcus Sarafin, Bahnhofstr. 3, 79199 Kirchzarten, Telefon: +49 (0)7661 9880 0, Fax: +49 (0)7661 98 80 199, email:

The company data protection officer for GFL (see company address above), Ms. Ute Hinsen, can be contacted via the following email: 

2. Scope of application 

This privacy statement applies to the website, use of the services offered there as well as GFL’s newsletter.  The website or newsletter may contain links to external third party websites which are not covered by this privacy statement (please refer to point 6.). 

3. Scope, type and purpose of data collection and use

The scope, type and purpose of data collection as well as the use of personal data differ according to whether you only visit the website to access information or whether you decide to use other services offered (i.e. use of online tools, subscribe to GFL’s newsletter). 

3.1 Personal data

This privacy statement concerns your personal data, in particular personal data with regard to DSGVO. It refers to all information and individual items of data relating to personal or material circumstances which could be attributed to identified or identifiable natural persons (Art. 4 Nr. 1 DSGVO).  Included in this,for example, are name, address, telephone number, email address, IP address etc (hereinafter referred to as „data“).  

3.1.1 Data disclosure

We do not share your personal data with any third parties other than in the following circumstances: 

We will only share your data with a third party if:

· You have given your specific consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO,

· Disclosure pursuant to Art. 6 Abs. 1 S. 1 lit. f DSGVO for the purpose of establishment, exercise or defence of legal claims and provided that there are no grounds to assume that you do not have an overriding legitimate interest in ensuring that such data is not disclosed.   

· In the event that there is a legal obligation for disclosure pursuant to Art. 6 Abs. 1 S. 1 lit. c DSGVO, as far as 

· this is legally permitted and necessary to conduct the contractual terms pursuant to Art. 6 Abs. 1 S. 1 lit. b DSGVO.

3.2 Website use

Use of our website, for information purposes only, does not necessarily require you to provide any personal data. In fact, in this case we only collect the data which is automatically transferred by your internet browser, for example, date and time site accessed, browser type, browser settings, operating system used, last visited site, volume of data transmitted and access status (file transmitted, file not found etc), IP-address, the name and URL for the downloaded file. 

The IP-address is anonymous while you are visiting our homepage. The anonymous form is saved for the duration of your visit. Thereafter it is immediately deleted. The remaining data is saved for a limited time until it is then also automatically deleted.  

The data listed above is used for the following purposes in particular:

· To ensure a seamless connection to the website, 

· To ensure easy use of our website, 

· Evaluation of system security and stability in addition to, 

· Other administrative uses. 

The legal framework for data processing is Art. 6 Abs. 1 S. 1 lit. f DSGVO. Our legitimate interest in collecting data is only for the above named uses. Collected data will never be used for the purpose of establishing your personal details. 

3.3 Use of online tools

Insofar as you would like to use the services offered on our website, for example, use of online tools (, it is necessary, in addition to the above named data in 3.2, to collect, process and save additional data. This voluntarily submitted data is required to enable use of our online tools. 

Processing your data for the purpose of using our online tools is done solely on the basis of your consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO. 

Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. 

3.4 Use of contact formula 

Insofar as you complete the contact formula and provide us with your personal data, we use and save this data in order to process your request and potential follow-up questions. Your personal data will not be provided to third parties.  

Processing of data for the purpose of contacting you is done solely on the basis of your consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO.

You can revoke consent at any time, by sending an informal email. The previous legal data processing remains unaffected. Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. 

4. Use of cookies 

4.1 General information about use of cookies  

Our website makes use of cookies. Cookies are small pieces of data that are stored on your computer or mobile device to enable our website to function properly and offer you a better experience. The cookie collects information and allows the website to “remember” your actions or preferences over time. This does not mean that we are able to get information about your identity. 

Cookies do not cause damage to your device, do not contain viruses, trojans or other damaging software. 

Data processing through the use of cookies is necessary for the stated purpose of protecting our legitimate interests as well as third parties according to Art. 6 Abs. 1 S.1 lit. f DSGVO.

Insofar as other cookies (i.e. cookies which analyse surfing behaviour) are saved, these will be dealt with separately in this privacy statement. 

You can configure your browser to deny access to saved cookies or to alert you before a new cookie is saved to your device.  Complete deactivation of cookies may mean that you cannot fully use all functions available on our website.  

Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. 

4.2 Permission to use cookies through Borlabs 

Our website uses cookie technology developed by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany, to obtain your permission to store certain cookies on your browser and to document compliance with data protection. 

In order to do this a technically required cookie („Borlabs-cookie“) is placed on your device and stores your permission to enable cookies. 

Borlabs-cookie does not process any personal data. 

Borlabs-cookie stores your permission to enable cookies, as requested when you initially accessed the website. To revoke consent at any time, you can delete the cookie from your browser. When you next visit the website you will then be asked for your permission to enable cookies again. 

Use of the Borlabs-cookie occurs in order to obtain the legally required permission to enable cookies.  The legal framework for this is inter alia Art. 6 Abs. 1 S. 1 lit. a und f DSGVO.

Open Cookie Preferences


5. Webtracking through Google Analytics

We consider it of utmost importance that our website design functions optimally and as a result should provide you with a good experience. In order for us to achieve this, it is essential to understand how you reach different parts of our website. 

5.1 General Information 

This website uses a web analysis service provided by Google Analytics. The service provider is Google Ireland Limited („Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics also uses cookies, or text files, which are stored on your computer and enable us to analyse your use of our website. The information generated through these cookies is generally transmitted and saved to a Google server in the USA. This covers the following information: 

· Browser Type / Version

· Operating system used

· Referrer URL (previously visited page)

· Hostname of accessing computer (IP address) 

· Time of server request

The information is used to evaluate usage of the website, to compile reports on website activity and to provide other services associated with the usage of the website and internet for the purposes of market research and to enable tailored design of our website.  In summary, the analysis of usage for the purposes of legitimate interest, enables optimisation of the web offering as well as advertising. This is done pursuant to Art. 6 Abs. 1 lit. f) DSGVO.  

Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. 

On our website, anonymisation of your IP is activated, meaning that addresses are shortened by Google within EU member states or in other states party to the Agreement of the European Economic Area. We have enhanced Google Analytics on this website with the code „gat._anonymizeIp();“  in order to ensure anonymous collection of IP addresses (IP masking). A complete IP address will only be, in exceptional cases, transmitted to a server and shortened by Google in the USA.  Google holds certification according to the current EU-US Privacy Shield (see

We have signed a contract with Google for data processing services (the contractual terms can be found at the following link ( Accordingly, Google will only use the information agreed in our contract to evaluate usage of the website, to compile reports on website activity and to provide other services associated with the usage of the website and internet. 

IP addresses transmitted from your browser through Google Analytics will not be merged with any other data from Google.  

5.2  Prevention options, Right to object 

You can prevent data collection generated through cookies and usage of the website (including your IP address) in addition to data processing through Google, by downloading and installing the available browser plug-in using the following link (

Alternatively, collection through Google Analytics may be prevented by rejecting the cookie setting under „Statistics“ on our website. 

Further information regarding terms of use and data protection in connection with Google Analytics can be found under and 

6. Links to other websites 

This privacy statement applies solely to the website . The website may include links to other providers and/or websites outside the GFL Group, thus third parties which are not covered by this privacy statement. If you leave a GFL website, it is recommended that you carefully read the privacy statement of the website visited.  

7. Plug-Ins

7.1 Twitter, LinkedIn und Xing

a. Pursuant to Art 6 Abs. 1 S. 1 lit. f DSGVO we use social plug-ins from Twitter, LinkedIn and Xing in order to increase awareness of our company as well as to share content from our website. The underlying promotional purpose is considered to be a legitimate interest in line with the DSGVO. Responsibility for conforming with data protection regulations is the responsibility of the individual provider. 

We use „c’t Shariff“ – technology from Heise Medien GmbH & Co. KG, represented by Heise Medien Geschäftsführung GmbH, Karl-Wiechert-Allee 10, 30625 Hannover, Postfach 61 04 07, 30604 Hannover. 

The Shariff-buttons which we use enable direct contact between the social media platform and you but only if you actively click on the share button.  The c’t Shariff – technology is designed to prevent you leaving digital traces on every site visited. By using the c’t Shariff – technology we take your personal data into consideration and protect it as much as we can according to the current technology status.    

Further information regarding c’t Shariff – technology can be found under

b. If you leave our website to visit one of the previously mentioned social media platforms, we do not have any influence with regard to data collection and processing operations, nor do we know the full scope of the data collection, purpose of the processing or the storage period. Furthermore, we do not have information regarding deletion of data collected through the plug-in provider.  

c. Further information regarding the purpose and scope of data collection and processing through the plug-in provider can be found in the following links to the privacy statements of these providers. 

Privacy statements:

aa) Twitter:   

Twitter consents to the EU-US-Privacy-Shield,

bb) LinkedIn:

LinkedIn consents to the EU-US-Privacy-Shield,

cc) Xing:

7.2 Proven Expert

a. Our website uses the review portal “Proven Expert” from Expert Systems AG, represented by its respective Managing Board, Quedlinburger Straße 1, 10589 Berlin, Deutschland. 

b. You can review our services using this website. In order to ensure the authenticity of a review and prevent misuse of the review system either through spam or reviews by the same user, processing and storage of the following data through Proven multiple Expert is required. Use of Proven Expert helps to ensure the security and integrity of our IT system. We have a legitimate interest in processing the following information. 

c. Insofar as you have given us permission, the legal framework is Art. 6 Abs. 1 S. 1 lit. a) DSGVO. Outside of that the legal framework is Art. 6 Abs. 1 S. 1 lit. f) DSGVO.

d. If you generate a review, Proven Expert records and saves your email address as well as, in a corresponding log file, technical data such as your IP address and information about your web browser.  Furthermore, Proven Expert also saves any additional voluntary data you may provide. You can download further information about this third party provider and data protection from Proven Expert’s website:

7.3 Google Maps

Our website uses the map service, Google Maps, via an API which displays interactive maps in addition to preparing directions. The provider in EEC countries and Switzerland is Google Ireland Limited („Google“), Gorden House, Barrow Street, Dublin 4, Ireland. 

By clicking on the button „Load map“, you give your express consent to Google‘s privacy statement and therefore agree to the collection, processing and transmission of your data to Google. Your server then builds a connection with Google’s servers. The map content is transmitted directly from Google to your browser. It is therefore necessary that the IP address, amongst others, is saved and this is normally transmitted to and saved on a Google server in the USA.     

We have no influence over the data transmission and usage by Google and therefore are unable to accept any responsibility for this. 

Use of Google Maps occurs as a result of you giving your explicit consent as described above and to provide you with an appealing online presence and enable you to easily retrieve information about the locations shown on our website according to Art. 6 Abs. 1 lit. a) und f) DSGVO. 

Insofar as you do not want Google to collect or process your data, you should not click on the button “Load map”.  In this case you will not be able to use the map display. 

Further information regarding the purpose and scope of data collection through Google as well as your rights can be found in the following link to Google’s privacy policy.  

8. Newsletter and other advertising correspondence

8.1 Newsletter 

You can subscribe online to receive our newsletter and may also unsubscribe at any point.  When you subscribe through our website, you receive a confirmation email with a link to confirm that it is you who has subscribed. The newsletter can only be sent after you have confirmed your subscription.    

Processing of the data you provided at the time of subscription occurs as a result of you giving your explicit consent pursuant to Art. 6 Abs. 1 S. 1 lit. a) DSGVO.  In particular, your email address is used in order to send the newsletter on a regular basis. 

The newsletter is sent monthly. It contains information about the company and its products in addition to current events and developments in the insurance industry and economy. 

The newsletter is delivered through the program „SendInBlue“.  The provider is SendInBlue SAS, 55, rue d’Amsterdam, 75008, Paris, France. We use SendInBlue’s program as it offers the ability to organise the delivery of newsletters and enables us to analyse the statistical data from the newsletter delivery. Amongst others, it allows us to analyse how many newsletters are sent, how many people by country open the newsletter, which articles are opened and for how long. Furthermore, we receive information about the domain name and the device and browser used. The Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. This data is solely used to analyse recipient’s newsletter behaviour and is not provided to any third parties.  

In order to enable the continued newsletter subscription, the data provided by you for the purpose of the newsletter subscription and, among others, saved by the “SendInBlue” program, remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. 

SendInBlue SAS saves your data for the purpose of the newsletter subscription (i.e. email address), among others, on their servers in France, in a Google cloud in Belgium or an AWS in Ireland. Further information can be found in SendInBlue’s privacy statement and in the help section of DGVO. 

Insofar as you do not want SendInBlue to analyse your data, you can unsubscribe to the newsletter in future. This can be done at any time either in writing or by email. We can be contacted at: or GFL Makler-und Beratungsgesellschaft mbH, Bahnhofstr. 3, 79199 Kirchzarten. Alternatively, you can unsubscribe to the newsletter at any time through a direct link at the end of the email. Following receipt of a request to unsubscribe, your data will be deleted from our servers as quickly as possible, provided that there are no overriding legal storage periods. Previous legitimate data processing remains unaffected.  At the same time, we will arrange for your data to be deleted from SendInBlue’s servers as quickly as possible provided that there are no overriding legal storage periods. 

8.2 Other advertising correspondence

We also use SendInBlue’s program to send other advertising correspondence, insofar as you have given your consent (vgl. Art. 6 Abs. 1 S. 1 lit. a) DSGVO).  This advertising correspondence includes, for example, invitations to events, product or service offers, information on existing products and Christmas, Easter and other bank holiday greetings.   

In this context and to avoid repetition we refer to the statements listed in point 8.1 which describe how you can also unsubscribe to other advertising correspondence at any point with the effect that your data will be deleted, provided that there are no overriding legal storage periods.  

 9. Individual’s rights

You have the right: 

· pursuant to Art. 15 DSGVO to request information regarding personal data processed on our servers. In particular, information on the purpose of processing, the category of personal data, category of recipients to whom the data is or might be disclosed, the planned storage period, the existence of right to correction, deletion, limitation of processing or objection, existence of right to appeal, the source of your data insofar as these are not collected by us, as well as requesting the existence of automated decision-making including profiling and where appropriate meaningful information with regard to details;

· pursuant to Art. 16 DSGVO to immediately request the correction of inaccurate or incomplete personal data saved by us;

· pursuant to Art. 17 DSGVO to request the deletion of personal data which has been saved by us, insofar as the prior processing is not necessary to exercise the right to freedom of speech and information, to fulfil a legal obligation, in the interests of the public or to maintain confidentiality, to exercise or defend legal claims;

· pursuant to Art. 18 DSGVO  to request the restriction of personal data processing, insofar as the accuracy of your data is disputed, the processing is illegal, you reject the deletion but we no longer require the data, you need to assert, exercise or defend a legal claim or pursuant to Art. 21 DSGVO object to the processing of data;

· pursuant to Art. 20 DSGVO to receive your personal data, already provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another person responsible;

· pursuant to Art. 7 Abs. 3 DSGVO to revoke the consent already given to us at any time. The result of this is that the data processing, based on this consent, can no longer be continued in the future and 

 · pursuant to Art. 77 DSGVO to complain to a regulatory authority. You can generally approach the regulatory authority where you normally reside or work or alternatively our headquarters.    

10. Right to object 

Insofar as your personal data is processed on the basis of legitimate interest pursuant to Art. 6 Abs. 1 S. 1 lit. f DSGVO, you have the right pursuant to Art. 21 DSGVO to object to the processing of your personal data, as and when reasons exist, which are a result of a particular situation or your opposition to direct marketing. In the latter case you generally have the right to object without specifying a particular situation in order to have it carried out.  

If you would like to exercise your right to revoke or object, an email is sufficient:

11. Data security 

We use technical and organizational security measures in order to protect the transmission and/or collection of (personal) data, in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.  

Our website utilises the widely used SSL solution (Secure Socket Layer) in combination with the highest encryption your browser will support. Typically this involves 256bit encryption.  If your browser does not support 256bit encryption, we will use 128bit v3 technology instead. You can see when our website pages are being transmitted in encrypted form, if your browser displays an icon showing a closed lock in the status bar on the screen.  

Please note that data transmission over the internet (i.e. via email communication) may nevertheless have gaps in security. Complete data protection against third party access is not possible. 

Our security measures are continually enhanced as new technology becomes available. 

12. Amendments to privacy statement 

This privacy statement is currently valid. We reserve the right to change this privacy statement in the future.  We therefore recommend that you check our privacy statement regularly. The latest version of the privacy statement can be accessed and printed from our website at any time. 

Latest version of the privacy statement: September 2020 

The terms used in this privacy statement have to be interpreted and understood under German Law.  The German version of the privacy statement is authoritative.

Let us be a part of your success story!

Get in contact with us now.

+49 7661 98 80-0