You are here: / Privacy Policy

  • Datenschutzinformation

Privacy Information

for the Website and Social Media

For GMC-I Service GmbH, the lawful and responsible handling of personal data is important. This privacy information describes, in accordance with Article 13 of the General Data Protection Regulation (GDPR), how GMC-I Service GmbH collects, uses, and transfers personal data of users (hereinafter collectively referred to as “users”) when accessing this website and using social media channels, and informs about the rights of individuals affected by the processing.

Personal data is processed in accordance with applicable data protection regulations, in particular the GDPR and the German Federal Data Protection Act (BDSG).

1. Controller and Data Protection Officer

Controller responsible for processing within the meaning of data protection regulations:

GMC-I Service GmbH
Beuthener Straße 41
D-90471 Nuremberg
Tel.: +49 911 817718-0
Fax: +49 911 817718-253
service@gossenmetrawatt.com

GMC-I Service GmbH has appointed an external Data Protection Officer:

Joachim Hader
secudor GmbH
Am Schulhof 1
91757 Treuchtlingen
Germany
Tel.: +49 911 8602-642
E-Mail: datenschutz@gossenmetrawatt.com

2. Provision of Data

When accessing the website or a social media channel, the user provides the data listed below. Beyond the technically and legally required data, the provision of data by the user is voluntary.

3. Website Services: Processing Purposes, Recipients and Storage Period

3.1 Notes

The processing of personal data is carried out by the controller and the recipients listed below. In addition, data is only transferred to third parties if the user has consented or if the controller is obliged or authorized to do so due to legal requirements or a court or official order.

Processing by the controller takes place for the storage period stated below, otherwise as long as necessary to fulfill the respective purpose or in accordance with the applicable statutory retention periods. If storage of personal data is no longer required, in particular after expiry of statutory retention periods or upon reaching statutory deletion deadlines, the data will be deleted.

3.2 Technically or Legally Required Data for Providing the Website

Processing purposes and legal basis: This website uses cookies and other attributes and processes log files to ensure the technically and legally secure operation of the website (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). The following data is logged:

  • Date and time of access to this website (timestamp),
  • IP address and hostname of the accessing computer,
  • Website from which this website was accessed and websites accessed via this website,
  • Visited pages of this website,
  • Amount of data transferred,
  • Notification whether access to this website was technically successful,
  • Information about the operating system, browser type and its version, as well as
  • Cookie content (query string).

Recipients: The website is hosted by a data processor commissioned by the controller within the meaning of Article 28 GDPR.

Storage period: Log files are stored for as long as necessary for lawful evaluation. If there are concrete indications of unlawful use of the website, server log files may be evaluated in accordance with applicable legal requirements. The consent status regarding cookies is stored for one year, and other cookies are stored for the duration of the visit to this website and then automatically deleted.

3.3 Leadinfo

Processing purposes and legal basis: This website uses the lead generation service Leadinfo provided by Leadinfo B.V., Rotterdam, Netherlands, for the purpose of identifying company visits to the website for analysis and marketing purposes (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR). When accessing the website, the service recognizes companies based on IP addresses and displays publicly available information such as company names or business addresses. In addition, the service sets two first-party cookies to analyze user behavior on the website and processes domains from form entries to correlate IP addresses with companies and improve its services.

Further information on how Leadinfo handles user data can be found at https://www.leadinfo.com/de/rechtliches/dsgvo/. The option to opt out of Leadinfo can be found at https://www.leadinfo.com/de/opt-out.

Recipients: Leadinfo B.V., Rotterdam, Netherlands

Storage period: The data is stored for the duration of the visit to this website and then automatically deleted.

3.4 Google

Processing purposes and legal basis: This website uses Google Analytics (GA) and Google Tag Manager (GTM) provided by Google Ireland Limited, Dublin, Ireland, for the purpose of collecting and analyzing user behavior (page views, time spent, origin) through GA (consent pursuant to Art. 6 para. 1 lit. a GDPR in conjunction with Section 25 para. 1 TDDDG) and for the centralized management and deployment of tracking and marketing tags through GTM (legitimate interest in simplified management of website scripts pursuant to Art. 6 para. 1 lit. f GDPR).

Consent given may be revoked at any time informally with effect for the future.

According to Google, GA4 includes IP anonymization, whereby Google shortens the IP address; no direct personal profiles are created, but pseudonymous user IDs are used. Further information on how Google handles user data can be found in its privacy policy at https://policies.google.com/privacy.

GTM itself does not store personal data in cookies but triggers other tags that may collect data. The user’s IP address is technically transmitted to Google to establish the connection.

Recipients: Google Ireland Limited, Dublin, Ireland

Storage period: Event data linked to cookies is automatically deleted after 14 months (GA). GTM does not permanently store user data.

3.5 YouTube

Processing purposes and legal basis: This website uses the YouTube video portal provided by Google Ireland Limited, Dublin, Ireland, to present online content in a user-friendly and appealing manner and to provide information about the company. When accessing a webpage equipped with a YouTube video, a connection to YouTube servers is established. The YouTube server must be informed of technical data and which website was accessed. Videos are only loaded after active user consent. In this context, personal data is transmitted to and processed by YouTube.

If the user is logged into their YouTube account while visiting the website, YouTube and Google may assign browsing behavior directly to the user’s personal profile in accordance with their privacy policies. This can be prevented by logging out of the YouTube account beforehand.

Further information on how YouTube handles user data can be found in its privacy policy at https://policies.google.com/privacy.

Recipients: Google Ireland Limited, Dublin, Ireland

Storage period: The data is stored for the duration of the visit to this website and then automatically deleted.

3.10 Hosting, Security & Technical Services

3.10.1 Provision of the Website & Server Log Files

3.10.1.1 What data is processed and for what purpose?

Each time our website is accessed, our system automatically collects data that your browser transmits to our server (server log files). This includes:

  • IP address,
  • Date and time of the request,
  • Time zone difference,
  • Content of the request (specific page),
  • Access status/HTTP status code,
  • Amount of data transferred,
  • Website from which the request originates (referrer),
  • Browser,
  • Operating system and its interface

The purpose is to ensure stability, security, and error analysis.

3.10.1.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. f GDPR (Our legitimate interest in the secure provision and protection against attacks).

3.10.1.3 Are there additional recipients?

The recipient is our hosting service provider, who acts as a data processor on our behalf:
wpengine.com

3.10.1.4 How long is the data stored?

Log files are generally deleted or anonymized unless security-related retention (e.g., attack detection) is necessary.

3.10.2 Cloudflare (CDN & Security)

3.10.2.1 What data is processed and for what purpose?

We use the content delivery network (CDN) and security functions of Cloudflare. The data traffic of your request is routed via Cloudflare servers to shorten loading times and defend against attacks (DDoS). Cloudflare sets cookies (e.g., __cf_bm, cf_clearance) to distinguish legitimate users from bots (bot detection).

3.10.2.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. f GDPR (Our legitimate interest in the security, performance, and availability of the website).

3.10.2.3 Are there additional recipients?

Cloudflare, Inc., 101 Townsend St, San Francisco, CA 94107, USA.
Transfer basis: Cloudflare is certified under the EU-U.S. Data Privacy Framework (DPF).
Privacy policy:

https://www.cloudflare.com/privacypolicy/

3.10.2.4 How long is the data stored?

Log data is generally stored by Cloudflare for less than 24 hours. Cookies have varying lifetimes (e.g., cf_clearance up to 1 year) but can be deleted in the browser.

3.10.3 WPMU DEV Defender (Security Plugin)

3.10.3.1 What data is processed and for what purpose?

The plugin “Defender” protects our website against brute-force attacks. It stores IP addresses in the event of failed login attempts and sets cookies (wpdef_lockout_…) to determine whether a user has been blocked.

3.10.3.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. f GDPR (Our legitimate interest in preventing unauthorized access).

3.10.3.3 Are there additional recipients?

Incsub, LLC (operator of WPMU DEV), USA. We have concluded a data processing agreement.
Privacy policy:

https://wpmudev.com/privacy-policy/

3.10.3.4 How long is the data stored?

IP addresses of blocked users are stored until the block is lifted or manually deleted.

3.10.4 Cookie Consent (CookieYes)

3.10.4.1 What data is processed and for what purpose?

We use the tool “CookieYes” to obtain your consent for the storage of certain cookies and to document this in compliance with data protection regulations. Stored data includes: your anonymized IP address, date/time of consent, user agent (browser), consent status (accepted/rejected), and a random consent ID.

3.10.4.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. c GDPR (Fulfillment of a legal obligation to document consent). Storage in the browser is carried out in accordance with § 25 para. 2 no. 2 TDDDG.

3.10.4.3 Are there additional recipients?

CookieYes Limited, 3 Warren Yard, Wolverton Mill, Milton Keynes, MK12 5NW, United Kingdom (EU adequacy decision in place).
Privacy policy:

https://www.cookieyes.com/privacy-policy/

3.10.4.4 How long is the data stored?

Your consent data is stored for 1 year so that we do not have to ask you again immediately on future visits.

3.11 Contact & Communication

3.11.1 Contact Form & Email

3.11.1.1 What data is processed and for what purpose?

If you contact us, we process the data you provide (name, email address, message text, and, if applicable, telephone number).
The purpose of processing is to handle and respond to your inquiry.

3.11.1.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. b GDPR (if the inquiry relates to a contract), otherwise Art. 6 para. 1 lit. f GDPR (legitimate interest in communicating with customers/prospective customers).

3.11.1.3 Are there additional recipients?

Our email host / web host (data processor).

3.11.1.4 How long is the data stored?

We delete the data as soon as it is no longer necessary to achieve the purpose, unless statutory retention obligations apply (e.g., 6 or 10 years for business correspondence).

3.12 Marketing & Newsletter (Brevo)

3.12.1 Brevo (formerly Sendinblue)

3.12.1.1 What data is processed and for what purpose?

We use Brevo for marketing automation and newsletters. If you register or interact, your email address, IP address, and usage data (open rates, clicks) are processed. On the website, Brevo sets cookies (sib_cuid) to recognize visitors and personalize marketing activities.

3.12.1.2 On what legal basis is this data processed?
  • Newsletter distribution: Art. 6 para. 1 lit. a GDPR (consent).
  • Website tracking (sib_cuid): Art. 6 para. 1 lit. a GDPR (consent via cookie banner).
3.12.1.3 Are there additional recipients?

Sendinblue GmbH, Köpenicker Str. 126, 10997 Berlin (subsidiary of Sendinblue SAS, France).
Privacy policy:

https://www.brevo.com/de/legal/privacypolicy/

3.12.1.4 How long is the data stored?

Until you withdraw your consent (unsubscribe from the newsletter) or until cookies are deleted in your browser (default cookie duration: 6 months).

3.13 Analysis & Statistics

3.13.1 Web Analytics with Matomo Cloud

3.13.1.1 What data is processed and for what purpose?

We use the software “Matomo Cloud” to analyze website usage. The service provider is InnoCraft Ltd., 7 Waterloo Quay PO Box 625, 6140 Wellington, New Zealand. Matomo is configured so that no tracking cookies are stored on your device. Instead, technical information such as your IP address (automatically anonymized/truncated), browser type, referrer URL, and usage times are recorded to create anonymous statistical profiles. The data is stored on InnoCraft servers (generally within the EU, e.g., Frankfurt).

3.13.1.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. f GDPR (Our legitimate interest in statistical analysis and optimization of the website). Since the IP address is immediately anonymized and no cookies are set, our interest prevails.

3.13.1.3 Are there additional recipients?

The recipient of the data is InnoCraft Ltd., New Zealand.
Third-country transfer: An adequacy decision of the EU Commission exists for New Zealand (Art. 45 GDPR), confirming an adequate level of data protection.
Privacy policy of the provider:

https://matomo.org/matomo-cloud-privacy-policy/

3.13.1.4 How long is the data stored?

The anonymized data is deleted as soon as it is no longer required for our analysis purposes (configurable, e.g., after 24 months).

3.13.2 Google Tag Manager (GTM)

3.13.2.1 What data is processed and for what purpose?

Google Tag Manager (GTM) itself does not store personal data in cookies. However, it triggers other tags (e.g., Analytics) that may collect data. Your IP address is technically transmitted to Google to establish the connection.

3.13.2.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. f GDPR (Legitimate interest in simplified management of website scripts).

3.13.2.3 Are there additional recipients?

Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Privacy policy:

https://policies.google.com/privacy

3.13.2.4 How long is the data stored?

GTM itself does not permanently store user data.

3.13.3 Google Analytics 4 (GA4)

3.13.3.1 What data is processed and for what purpose?

Collection and analysis of user behavior (page views, duration of stay, origin). We use GA4 with IP anonymization; your IP address is shortened by Google. No direct personal profiles are created; pseudonymous user IDs are used instead.

3.13.3.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. a GDPR (consent) in conjunction with § 25 para. 1 TDDDG.

3.13.3.3 Are there additional recipients?

Google Ireland Limited, Ireland
Privacy policy:

https://policies.google.com/privacy

3.13.3.4 How long is the data stored?

Event data linked to cookies is automatically deleted after 14 months.

3.13.4 Hotjar

3.13.4.1 What data is processed and for what purpose?

Hotjar enables us to visually analyze user behavior (mouse movements, clicks, scroll depth) (heatmaps, session recordings) and collect feedback. IP addresses are processed only in anonymized form.

3.13.4.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. a GDPR (consent).

3.13.4.3 Are there additional recipients?

Hotjar Ltd., Dragonara Business Centre, Dragonara Road, Paceville St Julian’s STJ 3141, Malta (EU).
Privacy policy:

https://www.hotjar.com/legal/policies/privacy

3.13.4.4 How long is the data stored?

The data is stored for a maximum of 365 days.

3.13.5 Zuko Form Analytics

3.13.5.1 What data is processed and for what purpose?

Zuko analyzes interactions with our online forms (e.g., at which field users abandon the form). Timestamps, field interactions, and technical device data are recorded. IP addresses are anonymized.

3.13.5.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. a GDPR (consent).

3.13.5.3 Are there additional recipients?

Zuko Analytics (Formisimo Ltd), Manchester, UK (secure third country due to adequacy decision).
Privacy policy:

https://www.zuko.io/privacy-policy

3.13.5.4 How long is the data stored?

Session cookies are deleted at the end of the session or after a defined period of one year for visitor IDs.

3.14 Advertising & Remarketing

3.14.1 Google Ads (Remarketing / Conversion Tracking)

3.14.1.1 What data is processed and for what purpose?

We use Google Ads to place advertisements in Google search results and within the advertising network. If you have given your consent, we use remarketing to show you personalized advertising based on your previous visits to our website. Cookies or comparable technologies are used for this purpose.

3.14.1.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. a GDPR (consent).

3.14.1.3 Are there additional recipients?

Google Ireland Limited, Ireland
Privacy policy:

https://policies.google.com/privacy

3.14.1.4 How long is the data stored?

Cookies generally expire after 30 to 90 days (depending on configuration up to 18 months for remarketing lists). You can disable personalized advertising in your Google settings.

3.15 Fonts (Web Fonts)

3.15.1 Bunny Fonts (Standard)

3.15.1.1 What data is processed and for what purpose?

To ensure uniform display of fonts, we load “Bunny Fonts.” The fonts are loaded from servers within the EU. Your IP address is technically transmitted to the provider but, according to the provider, is not stored or used for tracking.

3.15.1.2 On what legal basis is this data processed?

Art. 6 para. 1 lit. f GDPR (Legitimate interest in uniform and privacy-friendly presentation).

3.15.1.3 Are there additional recipients?

BunnyWay d.o.o., Cesta komandanta Staneta 4A, 1215 Medvode, Slovenia (EU).
Privacy policy:

https://bunny.net/privacy/

3.15.1.4 How long is the data stored?

No personal data (logs) is stored permanently.

3.15.2 Google Fonts (via third parties)

3.15.2.1 What data is processed and for what purpose?

When using certain integrated services (e.g., Google reCAPTCHA, Google Maps, or marketing tools), fonts may be loaded from Google servers. In this process, your IP address is transmitted to Google.

3.15.2.2 On what legal basis is this data processed?

Since the loading of these fonts is technically inseparable from the services for which you have given consent (e.g., marketing), processing is based on Art. 6 para. 1 lit. a GDPR (consent).

3.15.2.3 Are there additional recipients?

Google Ireland Limited, Ireland / Google LLC, USA.
Privacy policy:

https://policies.google.com/privacy

3.15.2.4 How long is the data stored?

See section on Google Analytics/Ads. According to Google, web font requests are stored separately but are not linked to other Google services for profiling.

4. Social Media

Processing purposes and legal basis: The controller uses and links to social networks in order to inform users about the company, its services, and open positions, as well as to take note of and respond to communications that users voluntarily submit directly to the controller via the respective service (legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR).

Within the context of postings, personal data may be processed insofar as the controller has obtained the consent of the data subject for this purpose (Art. 6 para. 1 lit. a GDPR). The data subject may withdraw their consent at any time with future effect by notifying the controller informally.

The controller currently uses and links to the following services:

  • YouTube provided by Google Ireland Limited, Dublin, Ireland,
  • Facebook and Instagram provided by Meta Platforms Ireland Limited, Dublin, Ireland,
  • LinkedIn provided by LinkedIn Ireland Unlimited Company, Dublin, Ireland,
  • XING provided by New Work SE, Hamburg, Germany

The controller points out that users access the websites of the above-mentioned providers at their own responsibility, use their applications, or register with them independently. The terms of use and privacy policies of the respective provider apply. Information on which data the respective provider processes and for which purposes can be found in the respective privacy policy. The controller has no influence on the content and scope of the data collected by the respective provider.

5. Transfer to Third Countries

Gossen Metrawatt GmbH does not transfer data to third countries outside the EU unless the requirements pursuant to Article 44 et seq. GDPR are fulfilled.

6. Rights

6.1 Subject to conflicting statutory restrictions and exceptions, the data subject whose personal data is being processed has the following rights vis-à-vis the controller:

  • Right to confirmation and access (Art. 15 GDPR),
  • Right to rectification (Art. 16 GDPR),
  • Right to erasure (Art. 17 GDPR),
  • Right to restriction of processing (Art. 18 GDPR),
  • Right to data portability (Art. 20 GDPR),
  • Right to object (Art. 21 GDPR),
  • Right to withdraw consent under data protection law (Art. 7 para. 3 GDPR),
  • Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 GDPR)

6.2 Without prejudice to any other administrative or judicial remedy, every data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work, or the place of the alleged infringement, if the data subject considers that the processing of personal data relating to them infringes the GDPR (Art. 77 para. 1 GDPR).

Accordingly, the data subject may at any time contact the controller with concerns, questions, or a complaint:

Gossen Metrawatt GmbH
Südwestpark 15
90449 Nuremberg
Germany
Tel.: +49 911 8602-0
Fax: +49 911 8602-669
E-Mail: info@gossenmetrawatt.com,

the Data Protection Officer (see section 1 above), or a data protection supervisory authority. The data protection supervisory authority responsible for Gossen Metrawatt GmbH is:

Bavarian State Office for Data Protection Supervision (BayLDA)
Promenade 18
P.O. Box 1349
91504 Ansbach
Germany
Tel.: +49 981 180093-0
Fax: +49 981 180093-800
E-Mail: poststelle@lda.bayern.de
Internet: www.lda.bayern.de

A list of all German data protection supervisory authorities can be found at:
https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

A list of all data protection supervisory authorities of the EEA states can be found at:
https://edpb.europa.eu/about-edpb/about-edpb/members_de.

The Swiss data protection supervisory authority can be reached at:
https://www.edoeb.admin.ch/edoeb/de/home.html.

Further information on data protection at Gossen Metrawatt GmbH and the other group companies can also be found in the Data Protection Policy of GMC-Instruments GmbH.

Nuremberg, 22.01.2026 (V03)
Gossen Metrawatt GmbH