DON'T MISS OUR NEXT EXPERT WEBINAR!
We regularly organize webinars with interesting topics. Find out about upcoming dates.
PRIVACY STATEMENT
The following information is intended to provide you, as a “data subject”, with an overview of how we process your personal data and your rights under data protection laws. In principle, it is possible to use our website without providing any personal data. However, if you wish to make use of specific services offered by our company via our website, the processing of personal data may be necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we will generally seek your consent.
The processing of personal data, such as your name, address or email address, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to “GVA Leistungselektronik GmbH”. Through this privacy policy, we wish to inform you about the scope and purpose of the personal data we collect, use and process.
As the data controller, we have implemented numerous technical and organisational measures to ensure the most comprehensive possible protection of the personal data processed via this website. Nevertheless, internet-based data transmissions may, in principle, be subject to security vulnerabilities, meaning that absolute protection cannot be guaranteed. For this reason, you are free to provide us with personal data via alternative channels, such as by telephone or post.
You too can take simple and easy-to-implement measures to protect yourself against unauthorised access to your data by third parties. We would therefore like to provide you with some guidance on the secure handling of your data:
Passwords should consist of at least 12 characters and be chosen so that they cannot be easily guessed. Therefore, they should not contain common everyday words, your own name or the names of relatives, but should include upper and lower case letters, numbers and special characters.
The controller within the meaning of the GDPR is:
GVA Leistungselektronik GmbH
Boehringer Straße 10-12, 68307 Mannheim, Germany
Telephone: +49 (0) 621/7 89 92-0
Fax: +49 (0) 621/7 89 92-99
Email: info@gva-power.de
Representatives of the data controller: Thomas Schulze, Dr Hans Jörg Eyrich
You can contact the Data Protection Officer as follows:
Claus Bauer
Telephone: +49 621 30978982
Fax: +49 621 30978980
Email: claus.bauer@cerdat.de
You can contact our Data Protection Officer directly at any time with any questions or suggestions regarding data protection.
This privacy policy is based on the terminology used by the European legislators and regulators when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the general public as well as for our customers and business partners. To ensure this, we would like to explain the terminology used in advance.
In this privacy policy, we use the following terms, amongst others:
1. Personal data
Personal data is any information relating to an identified or identifiable natural person. A natural person is considered identifiable if they can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
2. Data subject
A data subject is any identified or identifiable natural person whose personal data is processed by the controller (our company).
3. Processing
Processing means any operation or set of operations which is performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, alignment or combination, restriction, erasure or destruction.
4. Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their future processing.
5. Profiling
Profiling is any form of automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, whereabouts or movements.
6. Pseudonymisation
Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data is not attributed to an identified or identifiable natural person.
7. Data processor
A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
8. Recipient
A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, irrespective of whether they are a third party or not. However, public authorities which may receive personal data in the course of a specific inquiry mandate under Union law or the law of the Member States shall not be regarded as recipients.
9. Third party
A third party is a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are authorised to process the personal data.
10. Consent
Consent means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
Article 6(1)(a) of the GDPR (in conjunction with Section 25(1) of the TDDDG (formerly the TTDSG)) serves as the legal basis for our company in relation to processing operations where we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, with processing operations required for the delivery of goods or the provision of other services or consideration, the processing is based on Article 6(1)(b) of the GDPR. The same applies to processing operations necessary for the implementation of pre-contractual measures, such as in cases of enquiries regarding our products or services.
If our company is subject to a legal obligation requiring the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Article 6(1)(c) of the GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor were to be injured on our premises and their name, age, health insurance details or other vital information subsequently had to be disclosed to a doctor, a hospital or other third parties. In such cases, the processing would be based on Article 6(1)(d) of the GDPR.
Finally, processing operations may be based on Article 6(1)(f) of the GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases, where the processing is necessary to safeguard a legitimate interest of our company or a third party, provided that the interests, fundamental rights and freedoms of the data subject do not override those interests. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator. In this regard, the legislator took the view that a legitimate interest could be assumed if you are a customer of our company (Recital 47, sentence 2 of the GDPR).
Our services are generally aimed at adults. Persons under the age of 16 may not transmit any personal data to us without the consent of their parents or legal guardians. We do not request personal data from children and young people, do not collect such data and do not pass it on to third parties.
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only disclose your personal data to third parties if:
1. you have given us your explicit consent to do so in accordance with Article 6(1)(a) of the GDPR,
2. the transfer is permitted under Article 6(1)(f) of the GDPR to safeguard our legitimate interests and there is no reason to assume that you have an overriding legitimate interest in the non-disclosure of your data,
3. there is a legal obligation to disclose the data under Article 6(1)(c) of the GDPR, and
4. this is legally permissible and necessary under Article 6(1)(b) of the GDPR for the performance of contractual relationships with you.
As part of the processing operations described in this privacy policy, personal data may be transferred to the USA. Companies in the USA only have an adequate level of data protection if they have been certified under the EU-US Data Privacy Framework and the EU Commission’s adequacy decision pursuant to Article 45 of the GDPR therefore applies. We have explicitly stated this in the privacy policy for the relevant service providers. To protect your data in all other cases, we have entered into data processing agreements based on the European Commission’s Standard Contractual Clauses. Where the Standard Contractual Clauses are insufficient to ensure an adequate level of security, your consent pursuant to Article 49(1)(a) of the GDPR may serve as the legal basis for the transfer to third countries. This does not apply, however, to data transfers to third countries for which the European Commission has issued an adequacy decision pursuant to Article 45 of the GDPR.
7.1 SSL/TLS encryption
This website uses SSL or TLS encryption to ensure the security of data processing and to protect the transmission of confidential content, such as orders, login details or contact enquiries, which you send to us as the operator. You can recognise an encrypted connection by the fact that the address bar of your browser displays "https://" instead of "http://", and by the padlock symbol in your browser bar.
We use this technology to protect the data you transmit.
7.2 Data collection when visiting the website
When you use our website for information purposes only – i.e. if you do not register, do not otherwise provide us with information, or do not give your consent to processing operations requiring consent – we collect only those data that are technically essential for the provision of the service. These are typically data that your browser transmits to our server (in so-called server log files). Our website collects a range of general data and information each time you or an automated system accesses a page. This general data and information is stored in the server’s log files. The following may be collected:
We do not draw any conclusions about your identity when using this general data and information. Rather, this information is required in order to
We therefore evaluate this collected data and information statistically and with the aim of enhancing data protection and data security within our company, ultimately to ensure an optimal level of protection for the personal data we process. The data from the server log files is stored separately from any personal data provided by a data subject.
The legal basis for data processing is Article 6(1)(f) of the GDPR. Our legitimate interest arises from the purposes of data collection listed above.
7.3 Hosting by Neue Medien Muennich
We host our website with the following provider:
Neue Medien Muennich GmbH
Hauptstraße 68
02742 Friedersdorf
Germany
The servers on which this website is hosted are located exclusively in Germany.
For further details, please refer to the privacy policy of Neue Medien Muennich GmbH:
https://all-inkl.com/datenschutzinformationen/
We use the hosting provider for the purpose of fulfilling our contractual obligations towards our potential and existing customers (Article 6(1)(b) of the GDPR) and in the interests of ensuring the secure, fast and efficient provision of our online services by a professional provider (Article 6(1)(f) of the GDPR).
As part of its services, our hosting provider processes personal data that is automatically collected when our website is accessed. This may include, in particular:
This data is stored in so-called server log files. The processing of this data is technically necessary to provide the website, ensure system security and carry out error analysis.
This data is not combined with other data sources.
Log files are only stored for as long as is necessary to ensure the secure operation of the website. As a rule, this data is deleted or anonymised after 7 days at the latest, unless longer retention is required for security reasons (e.g. to investigate misuse or fraud).
We have concluded a data processing agreement (DPA) with the hosting provider in accordance with Article 28 of the GDPR. This ensures that the processing of personal data takes place only in accordance with our instructions and in compliance with statutory data protection regulations.
8.1 General information on cookies
Cookies are small files that your browser automatically creates and which are stored on your IT system (laptop, tablet, smartphone, etc.) when you visit our website.
The cookie stores information relating to the specific device used. However, this does not mean that we thereby gain direct knowledge of your identity.
The use of cookies serves to make your experience of our website more pleasant. For example, we use so-called session cookies to recognise that you have already visited individual pages of our website. These are automatically deleted when you leave our site.
In addition, to optimise user-friendliness, we also use temporary cookies that are stored on your device for a specific, defined period. If you visit our site again to use our services, the system automatically recognises that you have previously visited us and recalls the entries and settings you made, so that you do not have to enter them again.
We also use cookies to collect statistical data on the use of our website and to evaluate our offering for you for the purpose of optimisation. These cookies enable us to automatically recognise that you have already visited our website when you visit it again. The cookies set in this way are automatically deleted after a defined period of time. The respective storage duration of the cookies can be found in the settings of the consent tool used.
8.2 Legal basis for the use of cookies
The data processed by the cookies, which is required for the proper functioning of the website, is therefore necessary to safeguard our legitimate interests and those of third parties in accordance with Article 6(1)(f) of the GDPR.
For all other cookies, you have given your consent via our opt-in cookie banner in accordance with Article 6(1)(a) of the GDPR.
9.1 Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
The use of Google Analytics is based exclusively on your consent in accordance with Article 6(1)(a) of the GDPR and Section 25(1) of the TTDSG. Consent is obtained via the consent management tool (‘Karo’) and may be withdrawn at any time.
Google Analytics enables us to analyse the behaviour of website visitors. The following data, among others, is processed:
We have enabled the IP anonymisation feature on this website. This means that your IP address is truncated within the European Union or in other signatory states of the European Economic Area before transmission.
Google uses this information on our behalf to evaluate the use of the website, to compile reports on website activity and to provide other services relating to website usage.
The data collected by Google may be transferred to the USA. An adequacy decision has been issued by the European Commission for the USA (EU-US Data Privacy Framework). Google is certified under this framework.
We have concluded a data processing agreement (DPA) with Google in accordance with Article 28 of the GDPR.
Further information on the handling of user data by Google Analytics can be found in Google’s privacy policy: policies.google.com/privacy.
We use the consent management tool provided by KIProtect GmbH on our website to obtain and manage your consent to the storage of certain cookies and the use of certain technologies in accordance with data protection regulations.
Consent Management stores your selection in a cookie or similar technology to document your consents or their withdrawal. In particular, the following data may be processed:
Processing is carried out on the basis of Article 6(1)(c) of the GDPR (compliance with legal obligations) and Article 6(1)(f) of the GDPR (legitimate interest in legally compliant consent management).
You can withdraw or amend your consent at any time via the settings on our consent banner.
Further information on data processing can be found in the privacy policy of KIProtect GmbH. Consent data (consent and withdrawal of consent) is stored for three years. The retention period corresponds to the standard limitation period under Section 195 of the German Civil Code (BGB). The data is then deleted immediately.
The website cannot function properly without the processing described. Users have no right to object as long as there is a legal obligation to obtain their consent for certain data processing operations, in accordance with Article 7(1) and Article 6(1)(c) of the GDPR.
Further information can be found at: klaro.org/de/ressourcen/datenschutz
11. Our activities on social media
On our website, we provide links to external profiles on social media platforms (e.g. LinkedIn, YouTube). The providers of these platforms are the respective operators of the networks.
The embedded icons are simply links. No personal data is transferred to the respective providers unless you actively leave our website by clicking on the relevant link.
Only when you click on such a link will you be redirected to the respective provider’s website. Personal data may be processed by the provider in this process. We have no influence over this data processing.
Further information on the processing of your data can be found in the privacy policies of the respective providers:
12.1 Right to confirmation
You have the right to request confirmation from us as to whether personal data concerning you is being processed.
12.2 Right of access (Article 15 of the GDPR)
You have the right to obtain from us, free of charge, information at any time regarding the personal data stored about you, as well as a copy of this data in accordance with the statutory provisions.
12.3 Right to rectification Art. 16 GDPR
You have the right to request the rectification of inaccurate personal data concerning you. Furthermore, you have the right to request the completion of incomplete personal data, taking into account the purposes of the processing.
12.4 Erasure Art. 17 GDPR
You have the right to request that we erase personal data concerning you without undue delay, provided that one of the grounds provided for by law applies and insofar as the processing or storage is not necessary.
12.5 Restriction of processing Art. 18 GDPR
You have the right to request that we restrict processing if one of the legal conditions is met.
12.6 Data portability Art. 20 GDPR
You have the right to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. You also have the right to transmit this data to another controller to whom the personal data has been provided, without hindrance from us, provided that the processing is based on consent pursuant to Article 6(1)(a) of the GDPR or Article 9(2)(a) of the GDPR or on a contract pursuant to Article 6(1)(b) of the GDPR, and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.
Furthermore, when exercising your right to data portability pursuant to Article 20(1) of the GDPR, you have the right to have the personal data transmitted directly from one controller to another, insofar as this is technically feasible and provided that this does not adversely affect the rights and freedoms of others.
12.7 Objection under Article 21 of the GDPR
You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Article 6(1)(e) (data processing in the public interest) or (f) (data processing based on a balancing of interests) of the GDPR.
This also applies to profiling based on these provisions within the meaning of Article 4(4) of the GDPR.
If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or where the processing serves to establish, exercise or defend legal claims.
In individual cases, we process personal data for the purposes of direct marketing. You may object at any time to the processing of your personal data for the purposes of such marketing. This also applies to profiling insofar as it is related to such direct marketing. If you object to us processing your data for direct marketing purposes, we will no longer process your personal data for these purposes.
Furthermore, you have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which we carry out for scientific or historical research purposes or for statistical purposes in accordance with Article 89(1) of the GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.
You are free to exercise your right to object in connection with the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures using technical specifications.
12.8 Withdrawal of consent under data protection law
You have the right to withdraw your consent to the processing of personal data at any time with effect for the future.
12.9 Complaint to a supervisory authority
You have the right to lodge a complaint with a supervisory authority responsible for data protection regarding our processing of personal data.
We process and store your personal data only for the period necessary to fulfil the purpose of storage or insofar as this is required by the legal provisions to which our company is subject.
If the purpose of storage ceases to apply or a prescribed storage period expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.
The criterion for the duration of storage of personal data is the respective statutory retention period. Once this period has expired, the relevant data is routinely deleted, provided it is no longer required for the performance of a contract or for entering into a contract.
This privacy policy is currently valid and is dated April 2026.
Due to the further development of our website and services, or as a result of changes to legal or regulatory requirements, it may become necessary to amend this privacy policy. You can view and print the current version of the privacy policy at any time on the website at www.gva-power.de/datenschutz.