Privacy Policy

Controller and data protection officer

Germany Trade & Invest GmbH is the operator of the website www.gtai.de and the controller within the meaning of the General Data Protection Regulation (GDPR). You can find our contact details here.
You can reach our data protection officer via the GTAI data protection contact form or at our postal address with the addition ‘Data protection’.

We use your personal data for the following purposes

GTAI processes personal data as part of the fulfilment of its tasks as the foreign trade agency of the Federal Republic of Germany. The tasks assigned to GTAI include export promotion, investor recruitment, location marketing and the internationalisation of structurally weak regions and regions affected by structural change. The legal basis for the data processed in this context is generally Art. 6 para. 1 lit. e GDPR in conjunction with the corresponding national or European task standard or in conjunction with Section 3 BDSG.

If consent is obtained from you for the processing of personal data, Art. 6 para. 1 lit. a GDPR serves as the legal basis, for example when registering on our website or sending information by email.

Personal data that is used to fulfil a contractual relationship is processed on the basis of Art. 6 para. 1 lit. b GDPR, for example in the case of orders and their payment processing.

Data exchange between your browser and our server when you visit our website

When you visit our website, your browser sends the following technically necessary data to our server so that it can display our website to you in exchange and ensure its stability and security (legal basis is Art. 6 para. 1 sentence 1 lit. e GDPR, in conjunction with § 5 BSI Act):

- IP address
- Date and time of the request
- Content of the request (specific page)
- Website from which the request comes
- Browser operating system and its interface
- Language and version of the browser software.

Your IP address serves as the response address for our server, which displays our website in your browser in accordance with the above data.

This data cannot be assigned by us to specific persons. This data is not merged with other data sources. If you enter personal data via our forms, this will not be combined with the data transmitted via the browser. We do not store your full IP address at any time. Your full IP address will only be stored if this is necessary for the traceability of technical errors and cyber attacks. The IP address is then deleted promptly.  

When transmitting personal information/data, we use encryption technology for maximum confidentiality. Your personal data is transmitted over the Internet in encrypted form using an SSL connection. We use technical and organisational measures to secure our website and other systems against loss, destruction, access, modification or dissemination of your data by unauthorised persons.

You have the option of creating a customer account on our website. Access to your customer account is only possible after entering your personal access information (user ID and password). You should always treat your access information confidentially and close the browser window when you have finished communicating with us, especially if you share your computer with others.

Collection of anonymised data for statistical purposes

This website uses the services of etracker GmbH, Erste Brunnenstraße 1, 20459 Hamburg, Germany (www.etracker.com) to analyse usage data. etracker GmbH has been carefully selected and commissioned by us, is bound by our instructions and is regularly monitored. There is a corresponding order processing agreement with the service provider in accordance with Art. 28 GDPR.

The following data is collected in order to analyse the usage data 
- IP address
- User identifiers, if applicable
- URL identifiers, if applicable.

This data is anonymised or pseudonymised as soon as possible. It is not used for any other purpose, merged with other data or passed on to third parties.

No cookies are used for web analysis. If you wish to object to data processing, you can click on the link at the end of this notice. If no link is displayed, data collection has already been prevented by other blocking measures.

The data processing is carried out on the legal basis of Art. 6 para. 1 lit. e GDPR in conjunction with. § 3 BDSG.

The data generated with etracker is processed and stored by etracker on behalf of the provider of this website exclusively in Germany and is therefore subject to the strict German and European data protection laws and standards. etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval.

Disable Tracking

Further information on data protection at etracker can be found here.

Use of cookies

When you visit our website, cookies are stored on your computer to make your visit more convenient or to transmit data to our service provider, Mapp GmbH, for anonymous statistical analysis.

Cookies are small text files that your browser stores on your computer in order to read information from the end devices. Cookies are used, for example, to store the log-in status in a user account, the contents of a shopping basket in the web shop or the content accessed or functions used in an online offering. Cookies are also used for purposes such as the functionality, security and user-friendliness of online services and to create analyses of visitor flows.  

The legal basis for the setting of cookies is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR).

The access to and storage of information in the end device is based on the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDDG.

An overview of the purpose, use, legal basis, storage duration and, if applicable, transfer to third countries of the cookies used can be found below:

 

We maintain online presences within social networks in order to provide information about us and to communicate with active users of these platforms. When interacting, we necessarily process user data. For example, publicly accessible data such as profile and account name, profile picture, content of the interaction, number of followers and profiles followed by the profile as well as the latest posts may be visible to us. The data is processed on the basis of Art. 6 para. 1 lit. e GDPR i.V.m. § 3 BDSG.

In addition, the providers of the social networks process numerous data of their users (e.g. website visitors, users of online services), contact data (e.g. email, telephone numbers), content data (e.g. entries in online forms), usage data (e.g. websites visited, interest in content, access times) or meta/communication data (e.g. device information, IP addresses). The purposes of processing are communication, contact enquiries, feedback e.g. via online forms and marketing.

We have no influence on the type and scope of the data processed by the providers of the social networks, the type of processing and use or the transfer of this data to third parties. We also have no effective control options in this respect. As a rule, data is processed for market research and advertising purposes by creating user profiles based on user behaviour and the resulting interests of the users.

These profiles are used, for example, to place adverts inside and outside the networks. In particular, cookies are used for this purpose. For a detailed description of the respective form of processing and the possibility of objection (opt-out), please refer to the privacy policy and information provided by the operators of the respective networks. When using social networks, please also note that user data may be processed outside the European Union, which may result in risks, for example because it is more difficult to enforce users' rights.

We would like to point out that you use the offers of social networks and their functions on your own responsibility. This applies in particular to the use of interactive functions (e.g. sharing, rating, etc.).

X (formerly Twitter)

GTAI uses the short message service X (formerly Twitter) via the technical platform and services of Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland of the parent company Twitter Inc, 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.

GTAI is represented on X with two corporate channels as well as various regional and industry-specific channels. The data collected when using the service is processed by Twitter Inc. and may be transferred to countries outside the European Union. We have no influence on the type and scope of the data processed by X or on its transfer to third parties. Further information on the handling of personal data by Twitter can be found in X's privacy policy. In some cases, you can set how your data is processed. You can find more information on this under Settings on the X website.

Xing

GTAI maintains a company channel on the Xing platform of New Work SE, Am Strandkai 1, 20457 Hamburg, Germany. When using this service, Xing collects and processes personal data. Further information on the handling of this data can be found in Xing's privacy policy.

LinkedIn

GTAI operates a company-wide page and several topic-specific pages on the LinkedIn platform of the provider LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland. We use these channels to provide information about topics and events relevant to GTAI.
When using the platform, personal data is collected and processed, including by LinkedIn. Information on how LinkedIn handles personal data can be found in LinkedIn's privacy policy.

YouTube

To distribute its video content, GTAI operates a corporate channel on the YouTube video platform of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5 Ireland, parent company Google Inc, Amphitheatre Parkway 1600, 94043 Mountain View, CA, USA.
The data collected when using the service is processed by Google and may be transferred to countries outside the European Union. We have no influence on the type and scope of the data processed by Google or on its transfer to third parties. Google is certified in accordance with the EU-US Data Privacy Framework. Further information on the handling of personal data can be found in Google's privacy policy.

 

WeChat

GTAI maintains a corporate channel on the WeChat platform of Tencent Holdings Ltd, Tencent Binhai Building, No. 33, Haitian Second Road, Nanshan District, Shenzen 518054, PR China to disseminate information on the Chinese market. 
When using the platform, WeChat collects and processes personal data, such as telephone numbers. The data is also transferred to countries outside the European Union. We have no influence on the type and scope of the data processed by WeChat or Tencent or on its transfer to third parties. Further information on the handling of personal data can be found in WeChat's privacy policy. When used with a Chinese telephone number, the Weixin privacy policy applies.

Instagram

GTAI operates a corporate channel on the Meta Group's Instagram platform. GTAI uses the technical platform and services of Meta Platforms Ireland Ltd, Merrion Road, Dublin 4, D04 X2K5 Ireland.

When you visit the website, Instagram stores, among other things, your IP address, which can be read with the help of cookies. Further information on the use of cookies can be found in Instagram's cookie policy.

The data collected when using the platform is processed by Meta and may be transferred to countries outside the European Union. We have no influence on the type and scope of the data processed by Meta or on its transfer to third parties. Meta is certified in accordance with the EU-US Data Privacy Framework. Further information on the handling of personal data by Twitter can be found in Meta's privacy policy.

Online meetings

We use the following applications to hold online and telephone conferences (hereinafter referred to as online meetings):

Webex from the provider Cisco
Cisco Systems, Inc, 170 West Tasman Dr, San Jose, CA 95134, USA.

Microsoft Teams from the provider Microsoft Inc.
Microsoft Ireland Operations Limited, South Country Business Park, Leopardstown, Dublin 18, Ireland

The following data may be processed as part of participation in an online meeting:

- Participant data (first name, surname, telephone number, email address),
- Metadata (topic of the online meeting, IP address, technical data of your device, operating system and browser type used)
- Chat data (text data for display and, if applicable, logging),
- Audio (recording data of the microphone), video (recording data of the video conference),
- in the case of recording (video, audio and screen sharing),
- Telephone usage (telephone number, country name, start and end time, IP address if applicable).

During the meeting, your participant data is generally visible to the other participants. You can adjust and prevent the transmission of your audio and video recordings using the settings available at any time during the meeting.

The data is processed on the basis of Art. 6 para. 1 lit. e GDPR i.V.m. § SECTION 3 BDSG. If the online meetings are held as part of an existing contractual relationship with you, the processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR.

There is an order processing agreement with both Cisco and Microsoft in accordance with Art. 28 GDPR. As part of the order processing, Cisco and Microsoft may obtain knowledge of the above-mentioned data in order to process it. We cannot rule out and have no influence on the processing of data in the USA.

Cisco: Insofar as data is transferred to Cisco in the USA, this is based on Art. 46 para. 2 lit. b GDPR. Cisco complies with binding internal data protection regulations that have been approved by the European supervisory authorities and also include technical precautions to protect data from unauthorised access. In this way, Cisco guarantees an appropriate level of data protection.

Microsoft Teams: If personal data is transferred to the USA, Microsoft is certified for the transfer from the EU to the USA. In accordance with the EU-U.S. Privacy Framework, data transfers can be based on the European Commission's adequacy decision of July 2023.

The conclusion of corresponding standard contractual clauses with Microsoft legitimises such data transfers to third countries. In addition, the data transfer is encrypted and is therefore protected against possible access by unauthorised third parties.

How the providers Cisco and Microsoft handle your data and to what extent Cisco and Microsoft also process your data independently can be found in the respective information provided by the providers. You will find the links below:

Cisco:

- Data protection information sheet
- Cisco data protection declaration
- Cisco privacy policy
 

Microsoft Teams:

- Privacy Policy
- Data protection information on Microsoft Teams 
- Technical measures

Webinars

Our webinars give you the opportunity to find out about current developments on the global markets. We therefore offer free webinar series on various topics. We use the GotoWebinar platform of the provider LogMeIn (LogMeIn Ireland Limited, Bloodstone Building Block C, 70 Sir John Rogerson's Quay Dublin 2, in Ireland) to organise our webinars.

The following data is processed for the purpose of organising webinars

Participant data (first name, surname, telephone number, email address),

Metadata (IP address, technical data of your device, operating system and browser type used),

Participation data (start and end, questions asked, survey entries)

Chat data (text data for display and, if applicable, logging),

in the case of telephone use (telephone number, country name, start and end time, IP address if applicable).

The processing is carried out on the basis of Art. 6 para. 1 lit. e GDPR in conjunction with. § 3 BDSG.

There is an order processing contract with the service provider LogMeIn in accordance with Art. 28 GDPR. In addition to the data processing agreement, we have agreed the EU standard contractual clauses with LogMeIn. Insofar as data is forwarded to LogMeIn servers in the USA, this is based on Art. 46 para. 2 lit. c GDPR. Information on data processing by the service provider can be found in LogMeIn's privacy policy. You can also find information on the technical security measures on the LogMeIn website.

Processing of personal data when participating in face-to-face events

GTAI regularly (co-)organises face-to-face events. In order to organise and run the event, we need some personal data. The specific data required depends on the type of event. As a rule, it is the following data:
- Contact details (surname, first name, email address)
- Job title
- IP address for electronic registration, if applicable
- Photo and/or video recordings, if applicable

The collection, storage and processing takes place on the basis of Art. 6 para. 1 lit. e GDPR i.V.m. § 3 BDSG.

Photographs and video recordings are used for the purpose of public relations and reporting on the respective event. These may be published on our website, the websites of our cooperation partners, on social media channels and in the regional press in order to report on the respective event.
In accordance with Art. 21 GDPR, you may have the right not to be photographed or filmed. If you wish to assert this right, please contact the organiser.

The data will be stored for as long as it is necessary for the organisation and implementation of the event. It will then be deleted.

If a service provider is commissioned to organise the event, they will be carefully selected and commissioned. They are bound by our instructions and are checked regularly. If necessary, an order processing contract will be agreed with them in accordance with Art. 28 GDPR. 

Newsletter dispatch

If you register for a GTAI newsletter, we will store your e-mail address, the date and time of registration and the type of newsletter you have selected. If you enter your surname in the registration form, this will also be stored by us. The processing takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Your data will not be passed on to third parties.

If you no longer consent to the storage of your data for this purpose, you can unsubscribe from our newsletters at any time. To do this, you will find access to your personal newsletter account in the credits of every newsletter you subscribe to. You can use this link to manage your subscriptions yourself. Please do not forward the newsletters we send to you to prevent unauthorised access to your personal newsletter account.

Ordering in the online shop

If you order brochures or other printed products via our website, we require your personal data in order to fulfil the contract with you. The following information is required for this purpose:
- Surname, first name
- e-mail address
- Street, house number
- Postcode
- town
- Country.

The processing is carried out on the basis of Art. 6 para. 1 lit. b GDPR. If the order cannot be finally processed by us, the data you provide will be forwarded to third parties (shipping company or other organisation that handles shipping). 

As part of an application process, GTAI collects personal data from applicants in order to make a selection decision. The personal data relates to the person, professional background, education, professional and personal qualifications and, if applicable, information on severe disabilities or equalisation.

The documents submitted as part of an application process (e.g. certificates, CV, cover letter) contain personal data. This data is processed by GTAI for the purpose of establishing an employment relationship in accordance with Art. 88 para. 1 GDPR in conjunction with Section 26 para. 1 and 3 BDSG. § Section 26 (1) and (3) BDSG.

Within GTAI, only those employees who are entrusted with carrying out the application process have access to the personal data. The interest groups (works council, equal opportunities officer and representative body for severely disabled employees) receive the data so that they can fulfil their duties in accordance with the BetrVG, the BGleiG or the SGB IX. The personal data will not be transferred to bodies outside the GTAI or to a country outside the European Union.

No procedures for automated decision-making are used. If the application process leads to recruitment, the documents will become part of the personnel file if they are necessary for the implementation of the employment relationship. Transmitted data that is not required for the fulfilment of the employment relationship will be deleted six months after completion of the application process. If no employment relationship is established, the transmitted data will be deleted six months after completion of the application process. If an application is withdrawn before the application process is completed, the data will be deleted immediately.

You have various rights under the GDPR, which are primarily derived from Articles 15 to 21 GDPR. For inquiries related to access, correction, deletion, and objection, please contact us via the Withdrawal of Consent GTAI contact form.

Right to Access

According to Article 15 GDPR, you have the right to obtain information about the personal data stored about you. You can request information on whether and which data is being processed about you. Additionally, you have the right to receive a copy of the affected data that complies with legal requirements.

Right to Rectification

If your data is incorrect or incomplete, you have the right under Article 16 GDPR to have the data completed or corrected.

Right to Erasure

You also have the right to erasure if the conditions of Article 17 GDPR are met.

The data cannot be deleted if there is a legal obligation to retain it or if other legal reasons require it. You can also keep your data up to date yourself under MYGTAI and in your newsletter account.

Right to Restriction of Processing

According to Article 18 GDPR, you can request that the processing of your personal data be restricted. The data will not be deleted but, for example, blocked for certain processing purposes such as advertising.

Right to Object

According to Article 21 GDPR, you have the right to object to the collection, processing, or use of your personal data. The exceptions to this right are regulated in Section 36 BDSG.

Right to Data Portability

According to Article 20 GDPR, you can request to receive your data in a common, machine-readable format or to have it transferred to another controller. According to Article 20(3) Sentence 2 GDPR, this right is not available if the data processing serves the performance of public tasks.

Right to Withdraw Consent

According to Articles 13 and 14 GDPR, you can withdraw your consent to the processing of your data at any time with effect for the future.

After withdrawing your consent, you will no longer receive any further information from us about new publications, offers, etc.

Please submit your withdrawal via the Withdrawal of Consent GTAI contact form.

If you believe that your rights have been violated in the collection, processing, or use of your personal data, you can file a complaint with the competent supervisory authority:

Bundesbeauftragte für Datenschutz und Informationsfreiheit (BfDI)
Graurheindorfer Straße 153
53117 Bonn
Telefon: +49 (0)228-997799-0
E-Mail: poststelle@bfdi.bund.de