As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our web site.
I. Definitions
„Personal data“ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
„Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
„Controller“ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
„Recipient“ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
II. General information
1. The data controller
Global Standard gemeinnützige GmbH
Rothebühlstr. 102
70178 Stuttgart
Germany
E-Mail:
2. Contact details of the data protection officer
Herr Gerhard Deiters
BHO Consulting GmbH
Vorgebirgstraße 132, 50969 Köln
Email:
Website: www.bho-consulting.com
3. Legal bases
We process personal data based on at least one of the following legal bases:
In this privacy policy we refer to the respective legal basis of the individual data processing operations.
4. Onward transfer of personal data
We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:
5. Third countries
The transfer of personal data to a third country or an international organisation outside the European Union (EU) or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. It means that pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR do exist. In individual cases, a data transfer may be permitted on the basis of an exception under Art. 49 GDPR.
On our web site we may use external services provided by organisations based in the USA. If these services are active, personal data is collected in connection with the provision of the relevant service and may be transferred to and stored on servers in the USA. The European Court of Justice considers the USA a country with an inadequate level of data protection. When data is transferred to the US, there is a fundamental risk that the US authorities may access and use the data for surveillance and monitoring purposes without notification and without the possibility of a legal remedy.
6. Rights of data subjects
As a data subject you have the following right:
If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.
7. Erasure and restriction of personal data
Unless otherwise provided for in this privacy notice, personal data will be deleted, if these data are no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR.
In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 Abs. 1 No. 1, 4, 4a AO.
8. Cookies
Our web site uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our web site. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the web site more user-friendly, effective and secure. We use the following cookies on our web site.
Necessary cookies:
The data processed by necessary cookies are required for the above-mentioned purposes to safeguard our legitimate interests and those of third parties in the provision and operation of our website in accordance with Art. 6 (1) lit. f GDPR.
Most browsers accept cookies automatically. However, if you do not wish to accept cookies, you can configure your browser so that no cookies are stored on your device or a message is displayed before new cookies are created. A general objection to the use of cookies used for online marketing purposes can be made for a variety of services, such as explained at http://www.youronlinechoices.com/ or the opt-out page of the Network Advertising Initiative http://optout.networkadvertising.org. However, disabling cookies may mean that you may not be able to use all the features of our web site.
III. Individual processing operations
1. Hosting
In order to make available our web site, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of the web site visitors on the basis of our legitimate interests in providing efficient and secure access to our web site in accordance with Art. 6 (1) lit. f GDPR.
2. Access data ad log files
By visiting our web site or its individual pages, your device’s internet browsers automatically sends information to the server of our web site. This information is stored in so-called log files by us or our hosting provider and will be deleted after 6 months at the latest.
The following information is stored:
This data will be used for the following purposes:
The legal basis for data processing is Art. 6 (1) lit. f GDPR. Our legitimate interest follows from the data collection purposes mentioned above. Under no circumstance will we use the personal data collected for the purpose of drawing conclusions about a person.
3. Contact form / other modes of contact
If you use the contact form, you will be asked to provide your name and your e-mail address and any other contact details, so that we can get in touch with you. Further information can be provided voluntarily. The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 (1) lit. a GDPR on the basis of your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless further storage is required for the documentation of other transactions (for example, subsequent conclusion of a contract).
If you contact us using the contact details published in our web site (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1) lit. b GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1) lit. a GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1) lit. f GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions - especially retention periods - remain thereof unaffected.
4. Newsletter
If you would like to receive our newsletter, we need your e-mail address. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1) lit. a GDPR on the basis of your voluntary consent by means of the so-called double-opt-in procedure. The e-mail address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the e-mail address given under Clause II.
We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader's reading behaviour. In this context, we gather information whether and at what time a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign in order to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.
5. GOTS Monitor
To activate the software license and register for the use of the GOTS Monitor Water / Energy, we will forward your license number, name, telephone number, address, e-mail and website to the manufacturer of the software. The recipient of the data is Systainable Solutions Ltd., Hamilton House, Mabledon Place, Bloomsbury, London, WC1H 9BB, United Kingdom. The data transfer is required for entering into the contract which is to be concluded at your request. Objecting or refusing to the data transfer has the consequence that the license will not be released or will be deleted. The legal basis for the data transfer is ours, and Systainable's legitimate interest under Art. 6(1) lit. f GDPR in the documentation of licensing and license-compliant use of the application. For more information on how Systainable handles your personal data please refer to the privacy policy at: https://systainable.eu/en/
6. GOTS Databases
We will store your first name, last name, telephone number and e-mail address in the GOTS database for the purpose of publishing this information as commercial contact details representing a certified company on this website. The legal basis for processing is your voluntary consent pursuant to Art. 6 (1) lit. a GDPR. Your personal data will be deleted after the company profile has been removed from the database or you withdraw your consent for publishing the information.
If you serach for shop locations, we may use you geolocation to narrow down the search results. The legal basis for processing is your voluntary consent pursuant to Art. 6 (1) lit. a GDPR.
Statistics and Analytics
7. Matomo (formerly Piwik)
Our web site uses the Open-Source software Matomo. Matomo collects data about user visits to our web site. These data are used to ensure that our web site is well designed and continuously optimised to meet the needs of our web site visitors, to measure the success of marketing activities, and to create statistical evaluations. The legal basis is our legitimate interests under Art. 6 (1) lit. f GDPR. The information will not be disclosed to third parties and under no circumstance will the IP address be associated with other user data. IP addresses are anonymized, so that any assignment is impossible.
If you do not want Matomo to process visitor data from you, you can prevent this by setting an opt-out cookie from Matomo. This cookie will prevent Matomo from collecting and storing any future visitor data from your browser when you visit this web site: www.global-standard.org Attention: If you delete your cookies, this will also result in the opt-out cookie being deleted. You must then reactivate the Matomo opt-out cookie. For more information on how Matomo handles your personal information, see Matomo's Privacy Policy on: https://matomo.org/privacy-policy/.
IV. Google Services
Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter „Google“).
The information collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA.
For more information about how Google deals with your personal data, please refer to Google's Privacy Policy: https://www.google.com/intl/de/policies/privacy/. For information on the use of data for advertising purposes by Google, setting and your right to object please refer to:
https://www.google.de/policies/privacy/partners/
https://www.google.de/policies/technologies/ads/
https://adssettings.google.com/
1. Google services for which your consent is required
The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1) lit. a GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1) lit. a GDPR.
i. YouTube
Our web site uses media content from the YouTube platform. Provider is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter "Google").
The purpose is to display content of the YouTube platform that relates to the content of our web site. This service collects your IP address and any additional data Google may need to provide the YouTube content. The information gathered about your use of this web site is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. If you are logged in to your YouTube account while you are visiting our web site, Google can link your visit of our web site directly to your YouTube user account. If you do not want Google to be able to associate the data collected on our web site with your respective user account on YouTube, you must first log out of YouTube.
2. Other Google services
The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1) lit. f GDPR. Our legitimate interests are listed below for each service individually.
i. reCAPTCHA
This web site uses Google reCAPTCHA to ensure that the forms provided on our web site are used by an actual person and are not abused by bots or automated procedures. This service collects your IP address and any additional data required by Google for providing the reCAPTCHA service. The collected information about your use of this web site is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
ii. Google Maps
This web site uses Google Maps to display site maps, maps, terrain data, or geographic maps. This service collects your IP address, which of our web sites you have visited and, if necessary, other data required by Google for the provision of the maps (such as location data). The generated information is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. The Google Maps terms of service can be found at: https://www.google.com/intl/en_uk/help/terms_maps.html.
If you would like to receive our newsletter, we need your name and your e-mail address. The data processing for the purpose of sending the newsletter takes place under Art. 6(1)(a) GDPR based on your freely given consent by means of double Opt-in. We use and store your data until you withdraw your consent or unsubscribe the newsletter. Withdrawal of consent is possible at any time, for example by using the link at the bottom of each newsletter. You will find further information about how we process your data in our privacy notice.