The fast &
frame-accurate
G&L LIVE2VOD Engine

1. If you would like to read an introduction to the topic of data protection and general information on the terms used in the General Data Protection Regulation, you will find further information on the website of the Federal Data Protection Officer, available at https://www.bfdi.bund.de/DE/Datenschutz/datenschutz-node.html (German language only).

2. Information regarding controller and data protection officer
2.1. G&L Geißendörfer & Leschinsky GmbH, Maarweg 149-161, 50825 Cologne, is the ‘controller’ and as such responsible for the processing of your personal data. You can reach us for general questions either by phone at +49 221 99809-0 or by e-mail at kontakt@gl-systemhaus.de. Further information may be found on our website at www.gl-systemhaus.de.
2.2. For questions on data protection or exercising your rights under data protection law (see Section 4), you may contact our data protection officer either by post at our address given above or by email at datenschutz@gl-systemhaus.de.

3. Activities, in which we process your personal data
3.1. Visiting our website
If you visit our website without logging in, registering or otherwise filling in the input fields on the website, we process your personal data as follows:
3.1.1. For the purpose of providing our website, we process the IP address, access time, browser information, operating system, language setting, and screen resolution of all website visitors. The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The data is deleted after the end of your visit to our website, unless specific data is processed for one of the following purposes.
3.1.2. Cookies
We use cookies on our website. Cookies are small text files. They allow us to store specific user-related information in the context of the use of our website.
We use the following cookies on our website:
a) For the purpose of accelerating the delivery of our website, we use the content delivery network services of Cloudflare. For this purpose, several cookies are stored on the device of each visitor of our website to recognize each visitor by means of a random pseudonym identifier for as long as the browser window is open. The cookies do not contain any further personal data. The cookies are transferred to Cloudflare Inc, [Insert address] as our data processor (Art. 28 GDPR). The processing is technically necessary to enable the use of our website (Art. 6 (1) lit. b GDPR). The cookies are deleted after one year, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
b) To provide a map containing the location of our business, we store a cookie on the device of each visitor who views the map. This cookie contains a unique identifier, by which Google stores the user’s settings and preferences, such as preferred language (e.g. German), how many search results are displayed per page (e.g. 10 or 20), and whether Google SafeSearch is activated. This data is transferred to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA as our data processor (Art. 28 GDPR) and processed there. This processing is technically necessary for the usability of this function of our website (Art. 6 (1) b GDPR). The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". This cookie is deleted after six months, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
c) For the analysis of visitor behaviour by Google Analytics we store cookies on the device of the website visitors. Thus, the IP address (shortened and anonymised by anonymization function) of the visitor, from which website the visitor is forwarded to a website (so-called referrer), what subpages of the website are accessed or how often and for how long a subpage is viewed, are transferred to Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA as our processor (Art. 28 GDPR) and processed there. The processing there is mainly used for the optimisation of our website and for the cost-benefit analysis of internet advertising. Among other things, Google uses the data and information obtained to evaluate the use of our website, to compile online reports on the activities on our website for us, and to provide other services related to the use of our website. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". The cookies are deleted at the latest after two years, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
d) For the analysis of the effectiveness of our advertising, we use the online advertising programme “Google AdWords” and in this context, the “conversion-tracking” feature. The cookie for the conversion tracking is stored and transferred to Google Inc., 1600 Amphitheater Pkwy, Mountain View, CA 94043-1351, USA as our processor (Art. 28 GDPR) each time a website visitor clicks on an advert placed by Google. These cookies are valid for 30 days and are not intended for the identification of natural persons. If a website visitor views certain pages of this website while the cookie is still valid, Google and we will recognize that the visitor clicked on advert and was referred to this website. Each Google AdWords customer receives a different cookie. Cookies therefore cannot be traced across the websites of multiple AdWords customers. The data collected with the conversion cookies are used to provide conversion statistics for AdWords customers using the conversion-tracking feature. The customers receive the total number of visitors who have clicked on their advert and were referred to a website with a conversion-tracking tag. Customers do not receive any information that may identify a visitor. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to measure and assess the reach of our advertising and the cost-benefit ratio and to provide targeted advertising. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". The cookies are deleted at the latest after thirty days, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
e) For the analysis of visitor behaviour using services of Hubspot, we store cookies on the device of the website visitors. Thus, the IP address (shortened and anonymised by anonymization function) of the visitor, from which website the visitor is forwarded to a website (so-called referrer), what subpages of the website are accessed or how often and for how long a subpage is viewed, are transferred to Hubspot Inc., [Insert address] as our data processor (Art. 28 GDPR) and processed there. The processing there is mainly used for the optimisation of our website and for the cost-benefit analysis of internet advertising, in particular to compile online reports on the activities on our website for us. Hubspot also compares the public IP-address of every device used to access our website with known IP-address range allocations to specific companies and provides reports to us on the use of our website with devices in that company. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to provide website visitors with a website experience that is tailored to their personal preferences and to provide product recommendations and advertising for our company and our products that are tailored to their interests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". The cookies are deleted at the latest after ten years, or earlier in accordance with the settings of your web browser (e.g. when closing the browser window).
All cookies are allowed, blocked and deleted according to the settings stored in your web browser (e.g. when closing the browser window). If cookies are disabled entirely for our website, it may not be possible to fully use all functions of the website.
You may object the processing described in the above letters c) to e) at any time in accordance with Section 4.2.3, if the conditions of Art. 21 GDPR are met. You can also prevent the storage and processing described in letters c) to e) above through preferences in your browser, for example, by turning on the measures offered there to protect against tracking of your activities. Furthermore, you can prevent the storage and processing of cookies under lit. e) by declining the request to allow the use of cookies made at beginning of your visit to our website (in the “cookie banner”).
3.2. Contact form on our website
For the provision of a contact form for the initiation of business and answering general questions, we process the following data categories, if entered in the contact form: name, first name, email address, company name, IP-address and message of the request. This data is processed solely for the purpose of attending to the request entered in the contact form. The mandatory information (name and email address) is necessary to match requests to existing contractual relationships and address the enquirer by name. All data entered in the contact form is transferred to Hubspot Inc., [Insert address] as our data processor (Art. 28 GDPR) and processed there to [please insert the specific processing activities]. Further processing for other purposes (such as advertising) is limited to instances, in which such additional processing is necessary (e.g. sending advertising material upon request or for providing product support). The processing is necessary to handle the request of the caller (Art. 6 (1) lit. b GDPR). The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax law retention requirements, the data is deleted.
3.3. Subscription to G&L newsletter
For the provision of the G&L newsletter, we will send emails to the subscribers in irregular intervals. The newsletter will contain information on general trends, our new products and services, on new features of our existing products and services, and on products and services of our partners [insert company name and address of partner(s)] in the fields of [insert product categories] that are relevant to our products and services. For this purpose, we process name, first name, email address, information on the business, given consent to receive the newsletter, IP-address of the device used to subscribe, and confirmation of the email address using “double-opt-in” of all subscribers. This processing is based on your freely given consent (Art. 6 (1) a GDPR).
You may withdraw your consent under section 4.2.4 at any time by following the hyperlink so labelled below the subscription form on our website and entering the email address. Each newsletter also contains a hyperlink leading to the form for withdrawing your consent.
3.4. Job applications
For the purpose of making a decision on entering into an employment contract we process the following data of all applicants: name, first name, postal address, email address, phone number, photograph, all information provided by the applicant on qualifications, curriculum vitae, previous employment, personal interests and personality of the applicant. We also collect data from the career network platforms Xing and LinkedIn to complement and compare with the provided application details, as long as the data on the platforms is publically visible or shared with us by the applicant. All job application data is shared internally with our key members of staff in those departments, in which area a possible employment of the applicant would fall. We analyse the data to assess the professional and personal aptitude of the applicant for work in our company, and for comparison with other applicants.
The data is processed solely for the purpose of making a decision on an employment with regard to a specific (published) job offer, or in case of unsolicited applications with regard to a current demand in our company. This processing is based on Art. 26 BDSG (2018). The data is deleted upon completion of the decision and application process, unless the applicant has consented to continued retention and processing of his or her data.
3.5. Use of our “Containercoder” service
3.5.1. For the provision of the web-based “Containercoder” service and fulfilment of the service agreement, we process the following data categories of all users registered as manager of a choir: name, first name, email address, password hash, language and time zone, choir name, short choir name, choir size and choir voices. We process the following data categories of all users registered as singers in a choir: name, first name, email address, password hash, names of all choirs the singer is a member of, and choir voice. Additionally, all users may freely enter their postal address, date of birth, and upload a photograph. Furthermore, we process data created in the normal use of the “Containercoder” service, in particular appointment topics and confirmations. Users may also upload files of any type, which may contain any categories of personal data, for sharing with the other members of a choir. We process the data given by users to provide user management and authentication in our “Containercoder” service, enable communication between the members of a choir, and to provide the overall functionality of the service (e.g. scheduling of meetings, management of contact details, and availability of files for download). Personal data is transferred to recipients or categories of recipients as follows:
a) All aforementioned personal data are made available for view and download by the manager and all singers of choir, which the user is a member of, to enable the use of all features of the “Containercoder” service.
b) All aforementioned personal data are transferred to Amazon Web Services Inc., 410 Terry Avenue North, Seattle WA 98109, United States as our data processor (Art. 28 GDPR) to provide the technical availability of the “Containercoder” service (hosting). The servers are located in Germany.
c) Name, first name, email address and email content are transferred to SendGrid Inc. 1801 California Street, Suite 500, Denver, CO 80202, USA as our data processor (Art. 28 GDPR) to enable the feature of sending emails to other choir members and to send service emails for user management purposes. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
d) User name and email address of users who submitted a request for support, as well as other data related to the individual support case, are transferred to Zendesk Inc., 1019 Market St, San Francisco, CA 94103, USA as our data processor (Art. 28 GDPR) to enable us to receive and attend to support requests. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
e) User name and email address of users who are affected by a technical malfunction or similar incident are transmitted to Sentry, 132 Hawthorne St, San Francisco, CA 94107, USA as our data processor (Art. 28 GDPR) to detect errors in the software or its operation and to provide technical information for error correction to our programmers. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
f) User name and email address of users who are affected by a technical malfunction or similar incident are transmitted to Atlassian Pty Ltd., 341 George Street, Sydney, NSW, 2000, Australia as our data processor (Art. 28 GDPR) to exchange information about incidents, problems or malfunctions of the “Containercoder” service within our team. The servers are located in the United States of America and in Ireland. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
g) User name and email address of users who are affected by a technical malfunction or similar incident, or who have submitted a support request are transmitted to Slack Technologies, Inc, 500 Howard Street, San Francisco, CA 94105, USA as our data processor (Art. 28 GDPR) to exchange information about problems or malfunctions of the “Containercoder” service and the content of support request within our team. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
h) User name and email address of users who are affected by a technical malfunction or similar incident, or who have submitted a support request are transmitted via the Google-Mail service to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA as our data processor (Art. 28 GDPR) to send email notifications about new support requests and detected incidents to our employees. The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield".
The aforementioned processing is necessary for the fulfilment of the service agreement (Art. 6 (1) b GDPR). The data that is stored and processed in the user account, and transferred in accordance with lit. a) and b), is deleted within 90 days after deletion of the user account by the user, if all mutual claims are finally fulfilled. This shall not apply to files uploaded by the user and shared with other choir members; these files will only be deleted, if either the user who uploaded them or a manager of the choir deletes them manually. The data that is processed and transferred in accordance with lit. c) to h) is deleted automatically at the end of the third calendar year after the completion of the respective processing activity (e.g. support request) on the systems of the recipients of the data, without regard to whether the user account has been deleted or not.
3.5.2. Cookies used in the “Containercoder” service
To provide the functionality of the “Containercoder” service, we store the following cookies. A SessionID cookie stores a random unique identifier to recognize a correctly authenticated user and to distinguish users accessing the service simultaneously. Another cookie stores the language preference of the user (e.g. German or English), and a CSRF (cross-site request forgery) cookie stores a different random unique identifier to secure the data connection between the user and the server against certain types of attack. This processing is necessary to enhance security of the use of the service (Art. 6 (1) b GDPR). The data is not transmitted to third parties. The cookies are deleted at the end of the web-browser session (i.e. upon closing the browser application), unless the web-browser settings stipulate a different retention period.
3.6. Processing of requests by telephone
To process general or mandate-related telephone inquiries, we process names, first names, telephone numbers, customer number and other personal data communicated by the caller via telephone as well as details of the content of the telephone request. The processing is necessary to handle the request of the caller (Art. 6 (1) lit. b GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). The telephone numbers of all callers, as well as data, time and duration of calls are stored in our telephone system for a maximum of about three months (limited number of records, the oldest ones are overwritten) in order to be able to give evidence of past phone calls. After the fulfilment of the respective purpose, the data is deleted automatically.
3.7. Processing inquiries via social media
In order to process inquiries directed at us via our presence in the social networks Facebook, Twitter, LinkedIn, Xing or Google+, we process the personal data that you have published on the respective social network. The processing of your data is required to process your request (Art. 6 (1) lit. b GDPR). Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax retention requirements, the data is deleted.
3.8. Processing email requests
To process all inquiries that reach us by email, we process the surname, first name, email address, customer number or user name of the sender, and other personal data communicated in the e-mail as well as information on the content of the request. These data are transferred via the Google-Mail service (email hosting) to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA as our data processor (Art. 28 GDPR). The processing is necessary to handle the request or inquiry (Article 6 (1) lit. b GDPR). The transfer to the United States of America is based on an adequacy decision by the EU Commission (Art. 45 GDPR) due to the recipient's participation in the "EU-US Privacy Shield". Depending on the content of the request, processing will be restricted to processing for the specific purpose of the request immediately after completing the processing of the requestor's request (e.g. use of our products by the customer, promotion of our services in the context of new customer acquisition). After the fulfilment of the request or inquiry as well as all legal obligations, in particular commercial and tax law retention requirements, the data is deleted.
3.9. Advertisement to prospective clients
To advertise our company's products by telephone, letter, e-mail, and electronic messages on the platforms Xing, and LinkedIn, we process the names, first names, mailing addresses, e-mail addresses, phone numbers, and electronic identifiers of the respective platform, the position in the company and the information available on the specific interest of the company in our products and services of the contact persons of potential clients. Insofar as we have not received this data from the (representative of a) potential customer (e.g. as a contact at a trade fair or event, via the contact form on the website or as part of a call), we collect the data about the respective platform used (Xing or LinkedIn), as far as they are visible for everybody or have been shared with us there, as well as from public directories. This processing is required to pursue our legitimate interests (Art. 6 (1) lit. f GDPR) to advertise our services to prospective clients directly, thereby increasing sales of our services. The data is no longer processed for direct advertising if the prospective client objects, and in any case only to the extent that the potential client would expect in the context of a contractual relationship, without being considered a nuisance. The data is deleted, respectively the connection on the platforms Xing or LinkedIn terminated, if the contact person objects to the data processing for advertising purposes. The data is deleted manually upon decision of our sales department if, during the course of the conversation, it is made clear that the potential client has no present or future interest in our services, or if enough time has passed without response of the potential customer that a reaction can no longer be expected.

4. Your data subject rights
4.1. You may at any time exercise your rights as a data subject by contacting us by mail to our address mentioned in section 2.1 or by e-mail to the e-mail address mentioned in section 2.2. Please keep in mind that we do not answer any inquiries about personal data by telephone, because generally the identity of the caller cannot be determined with sufficient certainty.
4.2. You have the following rights with respect to your personal data:
4.2.1. You may exercise your right of access (Art. 15 GDPR), the right to rectification (Art. 16 GDPR), the right to erasure (Art. 17 GDPR) and the right to restriction of processing, i. e. blocking for certain purposes, (Art. 18 GDPR) at any time, if the respective statutory prerequisites are met.
4.2.2. Your right to data portability (Art. 20 GDPR) also stipulates that, if the statutory prerequisites are met, you may demand that your personal data stored by us will be transferred to you – or insofar as technically feasible, to another controller designated by you – in a structured, commonly used and machine-readable format.
4.2.3. You have the right to object to processing (Art. 21 GDPR) for some processing purposes, in particular advertising purposes. Insofar as we process your data based on a balancing of interests (pursuant to Art. 6 (1) lit. f GDPR), you have the right to object to this processing at any time based on grounds related to your particular situation. Such grounds may be compelling, in particular, if they give special weight to your interests, which thereby outweigh our interests, for example if these reasons are not known to us and therefore could not be taken into account in the balancing of interests.
4.2.4. You have the right to withdraw your consent (Art. 7 (3) GDPR) to our processing of your personal data. You may exercise this right at any time in relation to all or only specific processing that is based on your consent. You do not need to give any reasons for withdrawing your consent. The withdrawal of consent will affect only the future processing of your data, whereas past processing until the withdrawal of consent will remain unaffected. We describe some easy methods to withdraw your consent above in section 3 at the respective processing activity.
4.3. You also have the right to contact the competent data protection supervisory authority for questions or complaints regarding the processing of your personal data.