Privacy Policy for the website of GfaW Gesellschaft für angewandte Wirtschaftsethik UG

  1. Scope

The protection of personal data is very important to us. With the following notes on data protection, we want to bring you closer to what personal data we process for what purposes while you use our Internet service.

The following information applies to all content of the above-mentioned website (hereinafter "Offer" / "Website").

The legal basis for data protection can be found in the EU General Data Protection Regulation (DSGVO) and in the EU's national implementing regulations, in Germany in the Federal Data Protection Act (BDSG).

  1. Definitions

Personal data

"Personal Data" means any information relating to an identified or identifiable natural person.


"Processing" means any process performed with or without the aid of automated procedures or any such series of procedures relating to personal data.

  1. Types of personal data

Access data

Access data is data about every access to the server where our website is located. The access data includes, IP address of the access device, date and time of the request, time zone difference to the Greenwich Mean Time (GMT), content of the request (concrete page), access status / HTTP status code, each transmitted amount of data, site from which the request comes, browser, operating system and its interface, language and version of the browser software.


In addition to the aforementioned data, cookies are stored on your access device when you use our website. Cookies are small text files that are stored in the browser you are using and that provide certain information to the entity that sets the cookie (here, through us or through third parties).

Message data

If you contact us via our website or register for our newsletter, we will process the personal data that you provide to us (for example, first and last name, e-mail address).

  1. Purposes of processing

Access data

Our hosting providers process the access data on our behalf and on our instructions for the operation, accessibility, maintenance and optimization of our website as well as for security reasons for fraud and abuse control. The legal basis for the processing is Art. 6 para. 1 sentence 1 f DSGVO. For processing of the IP address by third parties, see paragraph 6.


Cookies serve for the usability of our website and thus for the users. On the other hand, they serve to collect the statistical data of the website usage and to analyze them in order to improve our offers. Cookies are not used to run programs or to load viruses onto your computer. With regard to the use of cookies by third-party providers, we refer to section 6. The legal basis for the use of cookies is Article 6 (1) sentence 1 f DSGVO.

Users can influence the use of cookies. Most browsers have an option that limits or completely prevents cookies from being stored. However, it is pointed out that the use and especially the usability of our website are restricted without cookies.

Message data

If you provide us with personal data via our website, the purpose of the data processing depends on your request. We will use your personal data to process your request (legal basis is Art. 6 para. 1 sentence 1 f DSGVO). For newsletter delivery see section 7.

  1. Categories of recipients of personal data

Hosting provider

The data mentioned in Section 3 are processed by our hosting providers on our behalf and on our instructions for the operation, accessibility, maintenance and optimization of our website as well as for fraud and fraud control reasons. If you communicate with us via e-mail, your e-mails and the personal data communicated therein will be stored on our servers on the servers of our hosting providers (legal basis is Art. 6 para. 1 sentence 1 a, f DSGVO).

IT service

Our IT service providers receive access to the data specified in Section 3 on our behalf and on our instructions, provided this is necessary for technical reasons and for website optimization, system maintenance and maintenance (legal basis is Art. 6 para. 1 sentence 1 f DSGVO).

Integration of services and contents of third parties

Regarding the integration of third party services and content on our website and the related data transfers, see paragraph 6.

Other recipients

A transfer to other third parties is otherwise only in the following cases:

- if necessary for the assertion, exercise or defense of legal claims and there is no reason to assume that you have a predominant legitimate interest in failure to disclose your data (legal basis is Art. 6 para 1 sentence 1 f DSGVO);

- We are required by law to disclose in connection with government inquiries, court orders or legal proceedings.

  1. Integration of services and content of third parties


We integrate services of other companies within the website in order to make our offer more attractive to you and to optimize it continuously (legal basis is Art. 6 para. 1 sentence 1 a, f DSGVO).


Google Analytics


This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses so-called "cookies", text files that are stored on your computer and that allow an analysis of the use of the website by you. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. However, in the event of activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website usage and internet usage to the website operator. The IP address provided by Google Analytics as part of Google Analytics will not be merged with other Google data. You can prevent the storage of cookies by a corresponding setting of your browser software; however, please note that if you do this, you may not be able to use all the features of this website to the fullest extent possible. You may also prevent the collection by Google of the data generated by the cookie and related to your use of the website (including your IP address) as well as the processing of this data by Google by using the browser plug-in available under the following link. in download and install:

This website uses Google Analytics with the extension "anonymizeIp ()". As a result, IP addresses are processed shortened, a person-relatedness can be excluded. Insofar as the data collected about you is assigned a personal reference, it will be immediately excluded and the personal data will be deleted immediately.

We use Google Analytics to analyze and regularly improve the use of our website. With the statistics we can improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is Art. 6 para. 1 sentence 1 f DSGVO.

For the exceptional cases in which Personal Information is transferred to the US, Google has submitted to the EU-US Privacy Shield, Framework.


Third Party Information: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland.

User Conditions:,

Privacy policy:


Google fonts


This website uses so-called web fonts, which are provided by Google. When a page is called up, your browser loads the required web fonts into your browser cache so that fonts are displayed correctly. To do this, the browser you use connects to Google's servers. Google receives in this way the information that your website was called up via your IP address. The legal basis for the data processing is Art. 6 para. 1 sentence 1 f DSGVO. Our legitimate interest in collecting data results from the fact that we require the use of web fonts for the simplified and optimized presentation of our website.

For more information about Google's privacy policy, please visit: /. There you will also find information about how long Google stores data. Google has submitted to the EU-US Privacy Shield, Framework.




We have included YouTube videos in our website, which are stored on and are directly playable from our website. These are all included in the "extended privacy mode", i.e. that you do not transfer data about you as a user to YouTube if you are not playing the videos. Only when you play the videos, the following data will be transmitted. We have no influence on this data transfer.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, the IP address of the access device and information about the video are transmitted. This happens regardless of whether YouTube provides a user account that you are logged in to, or if there is no user account. When you're logged in to Google, your data will be assigned directly to your account. If you do not wish to associate with your profile on YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for purposes of advertising, market research and / or custom design of its website. Such an evaluation is done in particular (even for users who are not logged in) to provide appropriate advertising and to inform other users of the social network about their activities on our website. You have a right to object to the creation of these User Profiles, and you must be directed to YouTube to use them.

The legal basis is Art. 6 para. 1 sentence 1 f DSGVO. By using YouTube we can improve our offer and make it more interesting for you as a user. The legal basis for the use of YouTube is Art. 6 para. 1 sentence 1 f DSGVO.

For more information on the purpose and scope of your data collection and processing through YouTube, please read the privacy policy. You'll also get more information about your rights and privacy settings here: Google also processes your personal information in the US and has submitted to the EU-US Privacy Shield, Framework.


Newsletter service


For our newsletter dispatch we use the service SendinBlue by the service provider SendinBlue SAS - Politique de confidentialité, 55, rue d'Amsterdam 75008 Paris, France. This will transfer your personal information (e-mail address, IP address) to a company based in the EU for the purpose of sending. The legal basis for the use of the service is Article 6 (1) (f) GDPR. Our legitimate interest results from the fact that we need the use for the purpose of the direct advertisement and optimization of our offers. Further information can be found under paragraph 7.


Links to social networks


On our website you will find links to the social networks Facebook, Twitter, Instagram. These can be recognized by the respective logo of the social network at the bottom of our page. Follow the links, you can reach our company presence in the respective networks. By clicking on the respective logo, a connection to the servers of the relevant network is established. In this case, the following information is transmitted to the network in question, although a transmission to the US can take place:

- Information about our site visit (domain address, date, time)

- IP address

- Device recognition for mobile devices

- Information about the browser used and the operating system.

If you are logged in to the social network, the social network may associate the aforementioned information with your existing account and, if necessary, display targeted advertising for you and use it to generate usage and analysis data or display targeted advertising. We recommend that you log out regularly after using a social network, as this will prevent you from being assigned to your profile.

For more information on the purpose and scope of the data collection and its processing through the social networks, please refer to the privacy statements of these providers. There you will also find further information about your rights and settings options for the protection of your privacy.

  1. Newsletter


If you agree, we will inform you at regular intervals about news about our certification standards and services. You can register via our website for our newsletter. If you want to receive information, we need a valid e-mail address from you. To register for our newsletter the so-called double-opt-in-procedure is used. This means that after registering, you will be sent an e-mail to the e-mail address specified in which you will be asked to confirm that you wish to receive the newsletter. By subscribing to the newsletter, your e-mail address, the IP address used and the time of registration and confirmation will be saved. The purpose of the procedure is to prove your registration and, if necessary, to inform you about possible misuse of your personal data. The legal basis for this is Art. 6 para. 1 sentence 1 f DSGVO. The legal basis for sending out the newsletter is Article 6 (1) sentence 1 a DSGVO.

You can revoke your consent to the sending of the newsletter at any time and unsubscribe from the newsletter. You can declare the cancellation by clicking on the link provided in each newsletter e-mail, by e-mail or by post. We point out that a revocation does not affect the legality of the processing granted until the revocation (no retroactive effect of the revocation).

If you subscribe to the newsletter, you give us the following consent, which we will reproduce here for your information only:

"I confirm that I am 16 years old and I agree that the GfaW Gesellschaft für angewandte Wirtschaftsethik mbH, Waldisstrasse 24, 37242 Bad Sooden-Allendorf, uses my e-mail address given to me at regular intervals news about their certification standards and services. I can revoke my consent at any time by unsubscribing in the newsletter, by e-mail to or by post with effect for the future ".


We point out that when sending the newsletter, we evaluate your user behavior on our website and in the newsletter. For this evaluation, the emails sent contain tracking pixels, which are linked with your email address and IP address for the evaluation. The data are collected exclusively pseudonymised, the data on user behavior are therefore not linked to your other personal data, a direct personal reference is excluded. With the data obtained in this way, we create a user profile to tailor the newsletter to your individual interests. In doing so, we record when you read our newsletter, which links you click in these and from that infer your personal interests. We link this data with actions you have taken on our website.

You can object to this tracking at any time by clicking on the separate link provided in each e-mail or informing us via another contact path. The information will be stored as long as you have subscribed to the newsletter. After logging out, we store the data purely statistically and anonymously. The legal basis for the use of the tracking pixel is Art. 6 para. 1 sentence 1 f DSGVO. We use this to optimize our offers and make them more interesting for you.

  1. Data provision

You are not required to provide personal information when you visit our website, however, the detection of the IP address of your computer is automatically during the visit. With regard to the use of cookies, we refer to numbers 4 and 6.

  1. Duration of processing

Access data

The access data is stored continuously for the operation of our website and for security purposes (for example, to investigate abusive or fraudulent activities).

Cookies and IP addresses

Own cookies are stored for a maximum of 90 days. If third-party cookies are set and IP addresses are processed, we have no influence on the duration of the processing. See section 6 for links to third-party privacy policies. There you can find out about the duration of the processing.


If you unsubscribe from our newsletter, we will no longer send you any newsletters; for this purpose you will be entered in a so-called blacklist. However, we will continue to store your first and last name and your e-mail address in order to prove that you have once registered for our newsletter.

Message data

We will store the other information provided by you as long as we will need it for the processing of your request, provided that this data is not subject to longer tax and commercial retention periods (these are between 6-10 years). In any case, storage takes place until the end of statutory limitation periods for claims for damages.

  1. Right of objection

You have the right to object to the personal data processed on the basis of Art. 6 (1) sentence 1 f DSGVO at any time, provided that there are reasons for the contradiction arising from your particular situation. However, your personal data will be processed further if there are compelling legitimate reasons to process the data that outweighs the interests, rights and freedoms of your person, or if the processing is for the purpose of asserting, exercising or defending legal claims. If we process personal data from you in order to operate direct mail, you have the right to object to the processing of your personal data for the purpose of such advertising at any time without having to give reasons (Art. 21 GDPR).

  1. Other Affected Rights

In case of granted consent, you have the right to revoke this. This will stop the processing of data based on your consent. We point out that a revocation does not affect the legality of the processing granted until the revocation (no retroactive effect of the revocation).

You have the right to obtain information free of charge from the DSGVO on request about your personal data concerning you. In the context of the information, we will explain the data processing and provide you with an overview of the data stored about your person (Art. 15 GDPR).

Furthermore, in accordance with the GDPR, you are entitled to a correction if stored data should be incorrect or no longer up-to-date (Art. 16 DSGVO). Furthermore, you may request the deletion of your data. If the deletion is not possible due to legal regulations exceptionally, the data will be blocked, so that they may only be processed for this legal purpose (Article 17 GDPR).

You also have the right to restrict your data, especially if you believe that the data we have stored is incorrect (Art. 18 GDPR). You also have the right to transfer your personal data (Art. 20 GDPR).

You also have the right to complain to the Data Protection Inspectorate responsible for us in justified cases (Art. 77 DSGVO).

You can assert your rights under the GDPR by e-mail or in writing. Our contact details are below:

  1. Contact details

Responsible body:

GfaW Gesellschaft für angewandte Wirtschaftsethik mbH, Waldisstrasse 24, 37242 Bad Sooden-Allendorf, legally represented: Sophie von Lilienfeld-Toal, Telefon: +49 (0)5652 587809, E-Mail:

Data Protection Authority:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit, Prof. Dr. Michael Ronellenfitsch, Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Telefon: 0611-1408 0, Telefax: 0611-1408 611

  1. Change of privacy policy

We reserve the right to change this Privacy Policy, e.g. if the legal or regulatory requirements or contents of our website change.