top of page

Privacy Policy

Privacy Policy of Gellner GmbH
Uhlandstrasse 15, 75446 Wiernsheim, Germany

Status: April 2026

1. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) is:

Gellner GmbH
Uhlandstrasse 15 | 75446 Wiernsheim | Germany
Phone +49 7041 9611-16 | Fax +49 7041 9611-96

Mail info@gellner.de

2. Data Protection Officer

Mr. Andreas Lingenfelser
c/o LSH Rechts- und Fachanwälte PartmbB
Gewerbepark 16, 75331 Engelsbrand, Germany
Email: al@lsh-ra.de

3. General Information on Data Processing

3.1 Scope of Processing Personal Data

We process personal data of our users only to the extent necessary to provide a functional website and our content and services. Personal data is generally processed only with the user's consent. An exception applies where prior consent cannot be obtained for factual reasons and processing is permitted by law.

3.2 Legal Basis for Processing Personal Data

Where we obtain consent, Art. 6 (1) (a) GDPR serves as the legal basis.

Where processing is necessary for the performance of a contract or pre-contractual measures, Art. 6 (1) (b) GDPR applies.

Where processing is necessary to comply with a legal obligation, Art. 6 (1) (c) GDPR applies.

Where processing is necessary to protect vital interests, Art. 6 (1) (d) GDPR applies.

Where processing is necessary for legitimate interests and these are not overridden by the data subject’s interests, Art. 6 (1) (f) GDPR applies.

3.3 Data Deletion and Storage Duration

Personal data is deleted or blocked as soon as the purpose for storage ceases. Further storage may occur if required by European or national legislation. Data is deleted once statutory retention periods expire unless further storage is necessary for contract purposes.

4. Provision of the Website and Log Files

4.1 Description and Scope

Each time our website is accessed, our system automatically collects:

Information about the browser type and version
The user's operating system
The user's internet service provider
The user's IP address
Date and time of access
Websites from which the user’s system accesses our website
Websites accessed by the user’s system via our website

These data are also stored in the log files of our system. This data is not stored together with other personal data of the user.

4.2 Legal Basis

The legal basis for temporary storage is Art. 6 (1) (f) GDPR.

4.3 Purpose

Temporary storage of the IP address is necessary to deliver the website. Storage in log files ensures functionality, optimization, and IT security. No marketing evaluation takes place.

4.4 Storage Duration

Data is deleted when no longer necessary. Session data is deleted after the session ends. Log file data is deleted after seven days at the latest; longer storage anonymizes IP addresses.

4.5 Objection

Data collection is essential for operation; therefore, there is no right to object.

5. Use of Cookies

5.1 Description

Our website uses cookies, which are text files stored in the user’s browser. They enable browser identification.

Stored data includes:
Language settings
Login information

5.2 Legal Basis

Necessary cookies: Art. 6 (1) (f) GDPR
Analytics cookies: Art. 6 (1) (a) GDPR and § 25 TTDSG

5.3 Purpose

To improve usability and enable website functions.

5.4 Storage, Objection and Removal

Users can disable or delete cookies via browser settings. Functionality may be limited. Consent must be voluntary and not misleading.

6. Contact Form and Email Contact

6.1 Description and Scope of Data Processing

Our website provides a contact form which can be used for electronic contact. If a user makes use of this option, the data entered in the input form will be transmitted to us and stored. This data includes:

  • Company

  • Name

  • Address

  • Email address

  • Phone number

  • Message

  • Captcha

At the time the message is sent, the following additional data is stored:

  • The user’s IP address

  • Date and time of registration

During the submission process, your consent is obtained for the processing of your data, and reference is made to this privacy policy.

Alternatively, it is possible to contact us via the email address provided. In this case, the personal data transmitted with the email will be stored.

No data will be passed on to third parties in this context. The data will be used exclusively for processing the conversation.

6.2 Legal Basis for Data Processing

The legal basis for processing the data, where consent has been given by the user, is Article 6 (1) (a) GDPR.

The legal basis for processing data transmitted in the course of sending an email is Article 6 (1) (f) GDPR. If the email contact aims at the conclusion of a contract, an additional legal basis is Article 6 (1) (b) GDPR.

6.3 Purpose of Data Processing

The processing of personal data from the input form serves solely to handle the contact request. In the case of contact via email, this also constitutes the necessary legitimate interest in processing the data.

The additional personal data processed during the submission process serves to prevent misuse of the contact form and to ensure the security of our information technology systems.

6.4 Duration of Storage

The data will be deleted as soon as it is no longer required for the purpose for which it was collected.

For personal data from the contact form and those sent via email, this is the case when the respective conversation with the user has ended. The conversation is considered ended when it can be inferred from the circumstances that the matter in question has been conclusively resolved.

The additional personal data collected during the submission process will be deleted no later than seven days after submission.

6.5 Right to Object and Removal

The user has the option to withdraw their consent to the processing of personal data at any time.

If the user contacts us via email, they may object to the storage of their personal data at any time. In such a case, the conversation cannot be continued.

To withdraw consent, please contact: info@gellner.de

All personal data stored in the course of the contact will be deleted in this case.

7. Google Analytics

We use Google Analytics (Google LLC, USA), which uses cookies for analysis.

Data may be transferred to US servers. IP anonymization is enabled.

Legal basis: Art. 6 (1) (a) GDPR and § 25 TTDSG

Purpose: Website analysis and reporting

Users can prevent tracking via browser settings or plugins.

8. Cookiebot

We use Cookiebot (Usercentrics A/S, Denmark) to manage consent.

Processed data includes IP address (anonymized), consent timestamp, browser info, and consent status.

Data is stored for 12 months.

Legal basis: Art. 6 (1) (c) GDPR

9. Vimeo Videos

We use Vimeo (Vimeo Inc., USA) with “Do Not Track”.

Data such as IP address and device info may still be transmitted.

Legal basis: Consent (Art. 6 (1) (a) GDPR)

Data transfers are covered by the EU-US Data Privacy Framework.

10. Content Delivery Network (CDN)

We use a CDN to improve loading speed.

Processed data may include IP address, browser information, and access data.

Legal basis:
Consent (Art. 6 (1) (a) GDPR)
Legitimate interest (Art. 6 (1) (f) GDPR)

11. Rights of Data Subjects

If your personal data is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

11.1 Right of Access

You have the right to obtain from the controller confirmation as to whether or not personal data concerning you is being processed.

Where that is the case, you have the right to obtain access to the following information:

  • the purposes of the processing;

  • the categories of personal data concerned;

  • the recipients or categories of recipients to whom the personal data have been or will be disclosed;

  • the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;

  • the existence of the right to request rectification or erasure of personal data, restriction of processing, or to object to such processing;

  • the existence of a right to lodge a complaint with a supervisory authority;

  • all available information as to the source of the data where the personal data are not collected from the data subject;

  • the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved and the significance and envisaged consequences of such processing.

You also have the right to be informed whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.

11.2 Right to Rectification

You have the right to obtain from the controller without undue delay the rectification and/or completion of inaccurate or incomplete personal data concerning you.

11.3 Right to Restriction of Processing

You have the right to request restriction of processing where one of the following applies:

  • you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;

  • the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

  • the controller no longer needs the personal data for the purposes of processing, but they are required by you for the establishment, exercise or defence of legal claims; or

  • you have objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override yours.

Where processing has been restricted, such data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

You will be informed by the controller before the restriction of processing is lifted.

11.4 Right to Erasure

a) Obligation to erase

You have the right to obtain from the controller the erasure of personal data concerning you without undue delay, and the controller shall have the obligation to erase such data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

  • you withdraw consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing;

  • you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object pursuant to Article 21(2) GDPR;

  • the personal data have been unlawfully processed;

  • the personal data must be erased for compliance with a legal obligation in Union or Member State law;

  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

b) Information to third parties

Where the controller has made the personal data public and is obliged to erase it pursuant to Article 17(1) GDPR, the controller shall take reasonable steps, including technical measures, taking account of available technology and the cost of implementation, to inform other controllers processing the personal data that you have requested the erasure of any links to, or copies or replications of, those personal data.

c) Exceptions

The right to erasure shall not apply to the extent that processing is necessary:

  • for exercising the right of freedom of expression and information;

  • for compliance with a legal obligation or for the performance of a task carried out in the public interest;

  • for reasons of public interest in the area of public health pursuant to Article 9(2)(h) and (i) and Article 9(3) GDPR;

  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR;

  • for the establishment, exercise or defence of legal claims.

11.5 Right to Notification

If you have exercised your right to rectification, erasure or restriction of processing, the controller shall communicate this to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

You have the right to be informed about those recipients.

11.6 Right to Data Portability

You have the right to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance, where:

  • the processing is based on consent or on a contract; and

  • the processing is carried out by automated means.

You also have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

This right shall not adversely affect the rights and freedoms of others and does not apply where processing is necessary for a task carried out in the public interest or in the exercise of official authority.

11.7 Right to Object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on Article 6(1)(e) or (f) GDPR, including profiling.

The controller shall no longer process the personal data unless it demonstrates compelling legitimate grounds which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to such processing, including profiling related to direct marketing.

If you object, the personal data will no longer be processed for such purposes.

11.8 Right to Withdraw Consent

You have the right to withdraw your consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

11.9 Automated Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

This shall not apply if the decision:

  • is necessary for entering into or performing a contract;

  • is authorised by Union or Member State law; or

  • is based on your explicit consent.

Such decisions shall not be based on special categories of personal data unless appropriate safeguards are in place.

11.10 Right to Lodge a Complaint with a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority shall inform you of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Article 78 GDPR.

12. Applications

We process application data such as personal details and documents.

Legal basis: Art. 6 (1) (b) GDPR and § 26 BDSG

Data is stored during the application process and deleted after six months in case of rejection.

13. Social Media Plugins

Our website may use plugins from social networks (e.g. Facebook, Instagram, LinkedIn).

These create direct connections to their servers.

Legal basis: Consent (Art. 6 (1) (a) GDPR)

14. SSL / TLS Encryption

We use encryption to protect transmitted data.

15. Changes to this Privacy Policy

We reserve the right to update this policy to reflect legal or service changes.

16. Contact

If you have questions about data protection, please contact us by email or the responsible person listed above.

bottom of page