Privacy Policy

Privacy Statement

GFL Makler-und Beratungsgesellschaft mbH (hereinafter GFL) strictly adheres to the regulations of the Data Protection Act.
The following information explains the nature, scope and purposes of the collection and usage of personal data.

1. Name and contact details of the data controller and company data protection officer 

Amongst other things, responsibility according to the German Federal Data Protection Act (BDSG) as well as the German General Data Protection Regulation (DSGVO) is with GFL Makler- und Beratungsgesellschaft mbH, represented by Managing Director, Marcus Sarafin, Bahnhofstr. 3, 79199 Kirchzarten, Telefon: +49 (0)7661 9880 0, Fax: +49 (0)7661 98 80 199, email: info@gfl-broker.de.
The company data protection officer for GFL (see company address above), Ms. Leonie Wetzel, can be contacted via the following email: leonie.wetzel@gfl-broker.de

2. Scope of application 

This privacy statement applies to the website www.gfl-broker.de, use of the services offered there as well as GFL’s newsletter.  The website or newsletter may contain links to external third party websites which are not covered by this privacy statement (please refer especially to point 6 and 7).

3. Scope, type and purpose of data collection and use

The scope, type and purpose of data collection as well as the use of personal data differ according to whether you only visit the website to access information or whether you decide to use other services offered (i.e. use of online tools, subscribe to GFL’s newsletter).

3.1 Personal data

This privacy statement concerns your personal data, in particular personal data with regard to DSGVO. It refers to all information and individual items of data relating to personal or material circumstances which could be attributed to identified or identifiable natural persons (Art. 4 Nr. 1 DSGVO).  Included in this, for example, are name, address, telephone number, email address, IP address etc (hereinafter referred to as „data“).

3.1.1 Data disclosure

We do not share your personal data with any third parties other than in the following circumstances:
We will only share your data with a third party if:

• You have given your specific consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO,
• Disclosure pursuant to Art. 6 Abs. 1 S. 1 lit. f DSGVO for the purpose of establishment, exercise or defence of legal claims and provided that there are no grounds to assume that you do not have an overriding legitimate interest in ensuring that such data is not disclosed.
• In the event that there is a legal obligation for disclosure pursuant to Art. 6 Abs. 1 S. 1 lit. c DSGVO, as far as
• this is legally permitted and necessary to conduct the contractual terms pursuant to Art. 6 Abs. 1 S. 1 lit. b DSGVO.

 

3.2 Website use

Use of our website, for information purposes only, does not necessarily require you to provide any personal data. In fact, in this case we only collect the data which is automatically transferred by your internet browser, for example, date and time site accessed, browser type, browser settings, operating system used, last visited site, volume of data transmitted and access status (file transmitted, file not found etc), IP-address, the name and URL for the downloaded file.
The IP-address is anonymous while you are visiting our homepage. The anonymous form is saved for the duration of your visit. Thereafter it is immediately deleted. The remaining data is saved for a limited time until it is then also automatically deleted.
The data listed above is used for the following purposes in particular:

• To ensure a seamless connection to the website,
• To ensure easy use of our website,
• Evaluation of system security and stability in addition to,
• Other administrative uses.

The legal framework for data processing is Art. 6 Abs. 1 S. 1 lit. f DSGVO. Our legitimate interest in collecting data is only for the above named uses. Collected data will never be used for the purpose of establishing your personal details.

3.3 Use of online tools

Insofar as you would like to use the services offered on our website, for example, use of online tools (www.gfl-broker.de/online-tools), it is necessary, in addition to the above named data in 3.2, to collect, process and save additional data. This voluntarily submitted data is required to enable use of our online tools.
Processing your data for the purpose of using our online tools is done solely on the basis of your consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO.
Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected.

3.4 Use of contact formula

Insofar as you complete the contact formula and provide us with your personal data, we use and save this data in order to process your request and potential follow-up questions. Your personal data will not be provided to third parties.
Processing of data for the purpose of contacting you is done solely on the basis of your consent pursuant to Art. 6 Abs. 1 S. 1 lit. a DSGVO.
You can revoke consent at any time, by sending an informal email. The previous legal data processing remains unaffected. Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected.

4. Use of cookies

4.1 General information about use of cookies

Our website makes use of cookies. Cookies are small pieces of data that are stored on your computer or mobile device to enable our website to function properly and offer you a better experience. The cookie collects information and allows the website to “remember” your actions or preferences over time. This does not mean that we are able to get information about your identity.
Cookies do not cause damage to your device, do not contain viruses, trojans or other damaging software.
Data processing through the use of cookies is necessary for the stated purpose of protecting our legitimate interests as well as third parties according to Art. 6 Abs. 1 S.1 lit. f DSGVO.
Insofar as other cookies (i.e. cookies which analyse surfing behaviour) are saved, these will be dealt with separately in this privacy statement.
You can configure your browser to deny access to saved cookies or to alert you before a new cookie is saved to your device.  Complete deactivation of cookies may mean that you cannot fully use all functions available on our website.
Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected.

4.2 Permission to use cookies through Borlabs

Our website uses cookie technology developed by Borlabs – Benjamin A. Bornschein, Rübenkamp 32, 22305 Hamburg, Germany, to obtain your permission to store certain cookies on your browser and to document compliance with data protection.
In order to do this a technically required cookie („Borlabs-cookie“) is placed on your device and stores your permission to enable cookies.
Borlabs-cookie does not process any personal data.
Borlabs-cookie stores your permission to enable cookies, as requested when you initially accessed the website. To revoke consent at any time, you can delete the cookie from your browser. When you next visit the website, you will then be asked for your permission to enable cookies again.
Use of the Borlabs-cookie occurs in order to obtain the legally required permission to enable cookies.  The legal framework for this is inter alia Art. 6 Abs. 1 S. 1 lit. a und f DSGVO.

 

5. Webtracking through Google Analytics 4

It is important to us to design our website as optimally as possible and thus make it attractive for our visitors. To do this, it is necessary for us to know which parts of the website are received by our visitors and how.
If you have given your consent, Google Analytics 4, a web analytics service provided by Google LLC, is used on this website. The controller for users in the EU/EEA and Switzerland is Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland (“Google”).

5.1 Nature and purpose of processing

Google Analytics uses cookies that enable your use of our website to be analyzed. The information collected by the cookies about your use of this website is generally transmitted to a Google server in the USA and stored there.
In Google Analytics 4, the anonymization of IP addresses is activated by default. Due to IP anonymization, your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. According to Google, the IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
During your visit to the website, your user behavior is recorded in the form of “events”. Events can be

• Page views
• First visit to the website
• Start of the session
• Visited web pages
• Your “click path”, interaction with the website
• Scrolls (whenever a user scrolls to the end of the page (90%))
• Clicks on external links
• Internal search queries
• Interaction with videos
• file downloads
• Viewed / clicked ads
• language setting

Also recorded:

• Your approximate location (region)
• Date and time of the visit
• Your IP address (in abbreviated form)
• Technical information about your browser and the end devices you use (e.g. language setting, screen resolution)
• your internet provider
• the referrer URL (via which website/advertising medium you came to this website)

 

5.2 Purposes of the processing

On behalf of the operator of this website, Google will use this information to evaluate your pseudonymous use of the website and to compile reports on website activity. The reports provided by Google Analytics are used to analyze the performance of our website and the success of our marketing campaigns.

5.3 Recipients

Recipients of the data are/may be

• Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (as processor pursuant to Art. 28 GDPR)
• Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA
• Alphabet Inc, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA

 

5.4 Contract data processing

Google acts as a contract data processor and we have concluded a corresponding contract with Google. The information generated by the cookie and the (usually shortened) IP addresses about your use of this website are usually transferred to Google’s server in the USA and processed there. For these cases, Google has, according to its own information, imposed a standard that corresponds to the former EU-US Privacy Shield and has promised to comply with applicable data protection laws when transferring data internationally. We have also so. standard contractual clauses with Google, the purpose of which is to maintain an appropriate level of data protection in the third country.

5.5 Storage period

The data sent by us and linked to cookies is automatically deleted after 2 months. The maximum lifespan of Google Analytics cookies is 2 years. Data whose retention period has been reached is automatically deleted once a month.

5.6 Legal basis

The legal basis for this data processing is your consent in accordance with Art. 6 Para. 1 S.1 lit. a GDPR and § 25 Para. 1 S.1 TTDSG.

5.7 Revocation

You can withdraw your consent at any time with effect for the future by accessing the cookie settings and changing your selection there. This does not affect the lawfulness of the processing carried out on the basis of the consent until revocation.
You can also prevent the storage of cookies from the outset by configuring your browser software accordingly. However, if you configure your browser to reject all cookies, this may restrict the functionality of this and other websites. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by
a. Not giving your consent to the setting of the cookie or
b. downloading and installing the browser add-on to deactivate Google Analytics.
You can find more information on the terms of use of Google Analytics and on data protection at Google at https://marketingplatform.google.com/about/analytics/terms/de/ and at https://policies.google.com/?hl=de.

6. Google tag manager

We use the service called Google Tag Manager from Google. “Google” is a group of companies consisting of Google Ireland Ltd (provider of the service), Gordon House, Barrow Street, Dublin 4, Ireland and Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA and other affiliated companies of Google LLC.
We have concluded a data processing agreement with Google. Google Tag Manager is an auxiliary service and processes personal data itself only for technically necessary purposes. Google Tag Manager ensures the loading of other components, which in turn may collect data. Google Tag Manager does not access this data.
You can find more information about Google Tag Manager in Google’s privacy policy.
Please note that American authorities, such as intelligence agencies, could possibly gain access to personal data that is inevitably exchanged with Google when integrating this service due to the Internet Protocol (TCP) on the basis of American laws such as the Cloud Act.

7. Links to other websites

This privacy statement applies solely to the website www.gfl-broker.de. The website may include links to other providers and/or websites outside the GFL Group, thus third parties which are not covered by this privacy statement. If you leave a GFL website, it is recommended that you carefully read the privacy statement of the website visited.

8. Plug-Ins

8.1 General Information

Pursuant to Art 6 Abs. 1 S. 1 lit. f DSGVO we use social plug-ins from Twitter, LinkedIn, Xing and YouTube in order to increase awareness of our company as well as to share content from our website. The underlying promotional purpose is considered to be a legitimate interest in line with the DSGVO. Responsibility for conforming with data protection regulations is the responsibility of the individual provider.
We use „c’t Shariff“ – technology from Heise Medien GmbH & Co. KG, represented by Heise Medien Geschäftsführung GmbH, Karl-Wiechert-Allee 10, 30625 Hannover, Postfach 61 04 07, 30604 Hannover.
The Shariff-buttons which we use enable direct contact between the social media platform and you but only if you actively click on the share button.  The c’t Shariff – technology is designed to prevent you leaving digital traces on every site visited. By using the c’t Shariff – technology we take your personal data into consideration and protect it as much as we can according to the current technology status.
Further information regarding c’t Shariff – technology can be found under https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html.

8.2 Leaving the website

If you leave our website to visit one of the previously mentioned social media platforms, we do not have any influence with regard to data collection and processing operations, nor do we know the full scope of the data collection, purpose of the processing or the storage period. Furthermore, we do not have information regarding deletion of data collected through the plug-in provider.

8.3 Further Information

Further information of the operating companies of the websites and of the purposes and scopes of the collection and usage of personal data can be found below:

8.3.1 Twitter

The share button of Twitter is pictorially represented by the logo of Twitter. If you click on the share Button of Twitter you will be transferred to the website of Twitter. The operator is Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX 07, Ireland. While visiting the homepage several (personal) data will be collected. If you are a member of Twitter and you are logged in, the collected (personal) data can be related to your account. To avoid this, you need to log off bevor clicking on the share button.
Further information can be found in the following link to Twitters privacy policy: https://twitter.com/privacy
Twitter consents to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

8.3.2 LinkedIn

The operator of the social media platform LinkedIn is LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. If you click on the share Button of LinkedIn you will be transferred to the website of LinkedIn. While visiting the homepage several (personal) data will be collected. If you are a member of LinkedIn and you are logged in, the collected (personal) data can be related to your account. To avoid this, you need to log off bevor clicking on the share button.
Further information can be found in the following link to LinkedIns privacy policy: https://www.linkedin.com/legal/privacy-policy.
LinkedIn consents to the EU-US-Privacy-Shield, https://www.privacyshield.gov/EU-US-Framework.

8.3.3 Xing

If you click on the share Button of Xing you will be transferred to the website of Xing. The access provider of this website is New York SE, Am Standkai 1, 20457 Hamburg. While visiting the homepage several (personal) data will be collected by the access provider. If you are a member of Xing and you are logged in, the collected (personal) data can be related to your account. To avoid this, you need to log off bevor clicking on the share button.
Further information can be found in the following link to Xings privacy policy: https://privacy.xing.com/de/datenschutzerklaerung/druckversion.

8.3.4 YouTube

If you click on the share Button of YouTube, you will be transferred to the website of YouTube. The access provider of this website is Google Ireland Ldt., Gordon House, Barrow Street, Dublin 4, Ireland. While visiting the homepage several (personal) data will be collected by the access provider. If you have an account of Google and you are logged in, the collected (personal) data can be related to your account. To avoid this, you need to log off bevor clicking on the share button.
Further information can be found in the following link to YouTubes privacy policy: https://policies.google.com/privacy?hl=de

9. Google Maps

Our website uses the map service, Google Maps, via an API which displays interactive maps in addition to preparing directions. The provider in EEC countries and Switzerland is Google Ireland Limited („Google“), Gorden House, Barrow Street, Dublin 4, Ireland.
By clicking on the button „Load map“, you give your express consent to Google‘s privacy statement and therefore agree to the collection, processing and transmission of your data to Google. Your server then builds a connection with Google’s servers. The map content is transmitted directly from Google to your browser. It is therefore necessary that the IP address, amongst others, is saved and this is normally transmitted to and saved on a Google server in the USA.
We have no influence over the data transmission and usage by Google and therefore are unable to accept any responsibility for this.
Use of Google Maps occurs as a result of you giving your explicit consent as described above and to provide you with an appealing online presence and enable you to easily retrieve information about the locations shown on our website according to Art. 6 Abs. 1 lit. a) und f) DSGVO.
Insofar as you do not want Google to collect or process your data, you should not click on the button “Load map”.  In this case you will not be able to use the map display.
Further information regarding the purpose and scope of data collection through Google as well as your rights can be found in the following link to Google’s privacy policy. https://policies.google.com/privacy?hl=de&gl=de

10. Live-Chat

Our website uses the Live-Chat-Software of the homepage www.tawk.to. The operator is tawk.to inc., East Warm Springs Rd., SB298, Las Vegas, NV, 89119 (hereinafter referred ta as “tawk.to”) as well as their business partners and sub processors.
We use the live chat in order to provide a direct and simple communication in real time with employees of GFL. Before using the live chat you need to agree to our privacy policy. Without acceptance of the privacy policy, you can not use the live-chat.
We collect the following data while using the live chat: Visited website, length of time of the visited website, browser type, used equipment and country of origin. This data are not used to identify you as a person. We only use the data for our safety and for in house statistics. The chat conversation as well as the above-named data remain with GFL for the purpose of quality assurance until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. The same applies to the contact details, i.e. name, telephone number, e-Mail address etc. which you may tell us while chatting so can easily get in touch with you. Those data won’t be shared with any third party because they are only used to handle an to document your request.
Data processing occurs because of your given specific consent and because of our legitimate interest in a direct and customer-friendly communication pursuant to Art. 6 Abs. 1 S. 1 lit. a) und f) DSGVO.
Simultaneously with using the live chat you are using the services of tawk.to. We do not have any influence with regard to data collection and processing or the storage period through tawk.to, their business partner and sub-processors. Furthermore, we do not have any information regarding deletion of data collected through the operator, so we are not responsible for that.
Further information regarding the scope and purpose of collection and usage of personal data as well as your individual rights and the setting options in order to protect your privacy can be found in the following link to the privacy statement of tawk.to: https://www.tawk.to/privacy-policy/

11. Newsletter and other advertising correspondence

11.1 Newsletter

You can subscribe online to receive our newsletter and may also unsubscribe at any point.  When you subscribe through our website, you receive a confirmation email with a link to confirm that it is you who has subscribed. The newsletter can only be sent after you have confirmed your subscription.
Processing of the data you provided at the time of subscription occurs as a result of you giving your explicit consent pursuant to Art. 6 Abs. 1 S. 1 lit. a) DSGVO.  In particular, your email address is used in order to send the newsletter on a regular basis.
The newsletter is sent monthly. It contains information about the company and its products in addition to current events and developments in the insurance industry and economy.
The newsletter is delivered through the program „SendInBlue“.  The provider is SendInBlue SAS, 55, rue d’Amsterdam, 75008, Paris, France. We use SendInBlue’s program as it offers the ability to organise the delivery of newsletters and enables us to analyse the statistical data from the newsletter delivery. Amongst others, it allows us to analyse how many newsletters are sent, how many people by country open the newsletter, which articles are opened and for how long. Furthermore, we receive information about the domain name and the device and browser used. The Your data remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected. This data is solely used to analyse recipient’s newsletter behaviour and is not provided to any third parties.
In order to enable the continued newsletter subscription, the data provided by you for the purpose of the newsletter subscription and, among others, saved by the “SendInBlue” program, remains with GFL until you request deletion, revoke consent to storage of data or the purpose of processing no longer applies. Mandatory legal regulations remain unaffected.
SendInBlue SAS saves your data for the purpose of the newsletter subscription (i.e. email address), among others, on their servers in France, in a Google cloud in Belgium or an AWS in Ireland. Further information can be found in SendInBlue’s privacy statement and in the help section of DGVO.
Insofar as you do not want SendInBlue to analyse your data, you can unsubscribe to the newsletter in future. This can be done at any time either in writing or by email. We can be contacted at: info@gfl-broker.de or GFL Makler-und Beratungsgesellschaft mbH, Bahnhofstr. 3, 79199 Kirchzarten. Alternatively, you can unsubscribe to the newsletter at any time through a direct link at the end of the email. Following receipt of a request to unsubscribe, your data will be deleted from our servers as quickly as possible, provided that there are no overriding legal storage periods. Previous legitimate data processing remains unaffected.  At the same time, we will arrange for your data to be deleted from SendInBlue’s servers as quickly as possible provided that there are no overriding legal storage periods.

12. Other advertising correspondence

We also use SendInBlue’s program to send other advertising correspondence, insofar as you have given your consent (vgl. Art. 6 Abs. 1 S. 1 lit. a) DSGVO).  This advertising correspondence includes, for example, invitations to events, product or service offers, information on existing products and Christmas, Easter and other bank holiday greetings.
In this context and to avoid repetition we refer to the statements listed in point 8.1 which describe how you can also unsubscribe to other advertising correspondence at any point with the effect that your data will be deleted, provided that there are no overriding legal storage periods.
Use of the digital platform for contract management
On our website, you have the option of setting up a personalized user account in order to display contracts brokered by GFL or GFL Finanzierungs-GmbH & Co. KG between you or the company you represent and third parties and to manage them within the scope of the functionalities offered in each case.
Initial registration requires you to provide an e-mail address and a password of your choice. In addition, you can voluntarily provide further information, whereby mandatory information is marked as such. After setting up the user account, you and the respective contractual partner can provide further information and data by using the functionalities offered. In particular, you and the respective contractual partner can upload various data on the brokered contracts to the platform. Any information and data you enter on the platform will be forwarded to the respective contractual partner.
You can view and change your data in your user account at any time and delete individual items of information or the entire user account. We store your data until you permanently delete your access to the platform or, in the case of voluntary information, unless you delete it beforehand. We store all other data until you finally delete your access, unless you delete it beforehand.
We process your personal data on the basis of Art. 6 para. 1 sentence 1 lit. b and lit. f GDPR in order to provide the service requested by you or the company you represent.

13. Individual’s rights

You have the right:

• pursuant to Art. 15 DSGVO to request information regarding personal data processed on our servers. In particular, information on the purpose of processing, the category of personal data, category of recipients to whom the data is or might be disclosed, the planned storage period, the existence of right to correction, deletion, limitation of processing or objection, existence of right to appeal, the source of your data insofar as these are not collected by us, as well as requesting the existence of automated decision-making including profiling and where appropriate meaningful information with regard to details;
• pursuant to Art. 16 DSGVO to immediately request the correction of inaccurate or incomplete personal data saved by us;
• pursuant to Art. 17 DSGVO to request the deletion of personal data which has been saved by us, insofar as the prior processing is not necessary to exercise the right to freedom of speech and information, to fulfil a legal obligation, in the interests of the public or to maintain confidentiality, to exercise or defend legal claims;
• pursuant to Art. 18 DSGVO  to request the restriction of personal data processing, insofar as the accuracy of your data is disputed, the processing is illegal, you reject the deletion but we no longer require the data, you need to assert, exercise or defend a legal claim or pursuant to Art. 21 DSGVO object to the processing of data;
• pursuant to Art. 20 DSGVO to receive your personal data, already provided to us, in a structured, commonly used and machine-readable format or to request the transmission to another person responsible;
• pursuant to Art. 7 Abs. 3 DSGVO to revoke the consent already given to us at any time. The result of this is that the data processing, based on this consent, can no longer be continued in the future and
• pursuant to Art. 77 DSGVO to complain to a regulatory authority. You can generally approach the regulatory authority where you normally reside or work or alternatively our headquarters.

 

14. Right to object

Insofar as your personal data is processed on the basis of legitimate interest pursuant to Art. 6 Abs. 1 S. 1 lit. f DSGVO, you have the right pursuant to Art. 21 DSGVO to object to the processing of your personal data, as and when reasons exist, which are a result of a particular situation or your opposition to direct marketing. In the latter case you generally have the right to object without specifying a particular situation in order to have it carried out.
If you would like to exercise your right to revoke or object, an email is sufficient:  leonie.wetzel@gfl-broker.de

15. Data security

We use technical and organizational security measures in order to protect the transmission and/or collection of (personal) data, in particular against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.
Our website utilises the widely used SSL solution (Secure Socket Layer) in combination with the highest encryption your browser will support. Typically this involves 256bit encryption.  If your browser does not support 256bit encryption, we will use 128bit v3 technology instead. You can see when our website pages are being transmitted in encrypted form, if your browser displays an icon showing a closed lock in the status bar on the screen.
Please note that data transmission over the internet (i.e. via email communication) may nevertheless have gaps in security. Complete data protection against third party access is not possible.
Our security measures are continually enhanced as new technology becomes available.

16. Amendments to privacy statement

This privacy statement is currently valid. We reserve the right to change this privacy statement in the future.  We therefore recommend that you check our privacy statement regularly. The latest version of the privacy statement can be accessed and printed from our website www.gfl-broker.de at any time.

Latest version of the privacy statement: June 2024
The terms used in this privacy statement have to be interpreted and understood under German Law.  The German version of the privacy statement is authoritative.