Privacy Policy

Privacy policy of geobra Brandstätter Stiftung & Co. KG


Last update: Juli 2022

We welcome you to our website and are pleased about your interest in our company. We take the protection of your personal data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementation laws applicable to us. With the help of this privacy policy, we would like to inform you comprehensively about the processing of your personal data by Geobra Brandstätter Stiftung & Co. KG and of your rights.

Personal data means the information that makes it possible to identify a natural person. This includes, in particular, your name, date of birth, address, telephone number and email address but also your IP address.

Data are anonymous if no personal reference to the user can be established.


Controller and Data Protection Officer

Address (summonable address of the company):
geobra Brandstätter Stiftung & Co. KG
Brandstätterstraße 2 - 10
90513 Zirndorf

Contact information:
Phone: +49 (0) 911 9666-0
Fax: +49 (0) 911 9666-1120

Contact details of the Data Protection Officer:


Your rights as the data subject

First of all, we would like to inform you about your rights as the data subject. These rights are set out in Art. 15 - 22 EU GDPR. This includes:

·       1. The right to information (Art. 15 EU GDPR),

·       2. The right to erasure (Art. 17 EU GDPR),

·       3. The right to correction (Art. 16 EU GDPR),

·       4. The right to data portability (Art. 20 EU GDPR),

·       5. The right to restrict data processing (Art. 18 EU GDPR),

·       6. The right to object to data processing (Art. 21 EU GDPR).

To exercise these rights, please contact us at: The same applies if you have any questions about data processing in our company or wish to revoke any consent you have given. You also have a right to lodge a complaint with a data protection supervisory authority.


Rights of objection

Please note the following in connection with your rights of objection:

If we process your personal data for the purpose of direct advertising, you have the right to object to this data processing at any time without giving reasons. This also applies to profiling, insofar as it is related to direct advertising.

If you object to processing for direct advertising purposes, we will no longer process your personal data for these purposes. The objection is free of charge and can be made informally, if possible to:

In the event that we process your data to protect legitimate interests, you can object to this processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions.

We will then no longer process your personal data unless we can prove compelling reasons for processing worthy of protection that outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims.


Purposes and legal bases of data processing

When processing your personal data, the provisions of the EU GDPR and all other applicable data protection regulations are observed. The legal basis for data processing is derived in particular from Art. 6 EU GDPR.
We use your data for business initiation, to fulfil contractual and legal obligations, to implement the contractual relationship, to offer products and services and to strengthen the customer relationship, which may also include analyses for marketing purposes and direct advertising.
Your consent also constitutes a permission under data protection law. Here we inform you about the purposes of data processing and your right of withdrawal. Should your consent also refer to the processing of special categories of personal data, we will expressly point this out in the consent declaration.
Processing of special categories of personal data in the sense of Art. 9 para. 1 EU GDPR is only carried out if this is necessary due to legal provisions and there is no reason to assume that your legitimate interest in excluding processing outweighs your legitimate interest in protection.


Transfer to third parties

We will only pass on your data to third parties within the framework of the legal regulations or with the appropriate consent. Otherwise the data will not be passed on to third parties, unless we are obliged to do so by mandatory legal provisions (passing on to external bodies such as supervisory authorities or law enforcement agencies).


Recipients of the data / categories of recipients

Within our company, we ensure that only those persons receive your data who need it to fulfil contractual and legal obligations.
In many cases, service providers support our specialist departments in fulfilling their tasks. These service providers support our specialist departments, for example in credit checks, data analysis, newsletter dispatch, etc. The necessary data protection agreements have been concluded with all service providers.
To process shipping orders with UPS, the name, address, telephone number, and email address of the recipient are recorded. This information is passed to UPS for the purpose of shipping this order. After the data has been transferred, the recipient receives a shipment confirmation email from UPS with tracking information.


Data Transmission to Third Countries/Intention of Data Transmission to Third Countries


We do not transfer your personal data to any service provider or group company outside the European Economic Area.


Data storage duration

We store your data for as long as they are needed for the respective processing purpose. Please note that numerous retention periods require that data continue to be (must be) stored. This concerns in particular commercial or tax retention obligations (e.g. German Commercial Code, Tax Code, etc.). Provided that there are no further storage obligations, the data are routinely deleted after the purpose has been achieved.

In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use evidence within the scope of legal limitation periods, which can be up to thirty years; the regular limitation period is three years.


Secure transfer of your data

In order to protect the data stored with us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons in the best possible way, we use appropriate technical and organisational security measures. The security levels are continuously reviewed in cooperation with security experts and adapted to new security standards.
The data exchange from and to our website is always encrypted. We offer HTTPS as the transfer protocol for our website, in each case using the latest encryption protocols.
In addition, we offer our users content encryption as part of the contact forms. Only we can decrypt these data. It is also possible to use alternative means of communication (e.g. by post).


Obligation to provide the data

Various personal data are necessary for the establishment, execution and termination of the debt relationship and the fulfilment of the contractual and legal obligations associated therewith. The same applies to the use of our website and the various functions it provides.
We have summarised details of this for you in the above point. In certain cases data must also be collected or made available due to legal regulations. Please note that it is not possible to process your enquiry or perform the underlying contractual relationship without providing these data.


Categories, sources and origin of data

Which data we process is determined by the respective context: This depends on whether you place an order online, for example, or enter an inquiry in our contact form.
Please note that we may also provide information for special processing situations separately in a suitable place, e.g. in case of a contact request.

When you visit our website, we collect and process the following data:
1. Name of the internet service provider
2. Information about the website from which you visit us
3. Web browser and operating system used
4. The IP address assigned by your internet service provider
5. Requested files, transferred data volume, downloads/file export
6. Information about the web pages that you access on our website including date and time
7. We process further data via cookies and tools, see here: 

Visit to our website (Art. 6 para. 1 f) EU GDPR) and the following points

When you establish contact, we collect and process the following data:
1. Name, first name
2. Address
3. Email address
4. Salutation
5. Information about requests and interests


Visit to our website (Art. 6 para. 1 f) EU GDPR)

When our website is called up, the following data are automatically recorded by our web server: Name of your internet service provider, information about the website from which you are visiting us, the web browser and operating system used, the IP address assigned by your internet service provider, files requested, data volume transferred, downloads/file exports and information about the websites you visit from our website, including date and time.
This data processing is technically necessary so that the contents of our website can be delivered to your end device. Your IP address must therefore also necessarily be collected and stored for the duration of the respective session. The same applies to other data whose processing is necessary for the correct display of our website. The storage of data in the so-called log files also serves to further optimise the site, to ensure its functionality, to guarantee the security of our applications and for legal protection (e.g. recognition and defence of attacks on our website).
The legal basis for this data processing and temporary data storage is our legitimate interest as a website operator (Art. 6 para. 1 f) EU GDPR).
The storage period of the data is limited and deletion takes place as soon as the data no longer need to be kept for processing purposes. In the case of the survey for the correct display of our website, this is the case after the end of the session. When the data are stored in log files, the data are deleted or made anonymous after 37 days.


Web tracking procedure Matomo (Art. 6 para. 1 lit. a EU GDPR, § 25 para. 1 TTDSG)

Our website uses Matomo (InnoCraft Ltd (NZBN 6106769), headquartered in: 7 Waterloo Quay PO625, 6140 Wellington, New Zealand), which is a web analytics service. Matomo uses so-called ‘cookies’, which are text files that are stored on your computer. We use the collected data for statistical analysis of user behaviour for the purpose of optimising the functionality and stability of the website and for marketing purposes. For this purpose, the usage information generated by the cookie (including your shortened IP address) is transmitted to Matomo servers and stored briefly for usage analysis purposes. The information generated by the cookie about your use of this website is stored exclusively on European servers. The legal basis for the use of Matomo is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) GDPR, § 25 para. 1 TTDSG. We have enabled the IP anonymisation function on this website. This will remove the last 2 bytes from your IP address. You can refuse the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this you may not be able to use the full functionality of this website.


If you do not agree to the storage and evaluation of this data from your visit, you can revoke your consent to the storage and use by clicking here.

A further option for revoking your consent is available at:


Further information and Matomo’s applicable data protection regulations can be found at


Automated case-by-case decisions

We do not make decisions based solely on automated processing.


Information about privacy in social media

The company geobra Brandstätter Stiftung & Co. KG maintains various appearances in „social median“in order to communicate with the users registered there and to inform them about our services.
We wish to point out that you are responsible for your use of these platforms and their included features. This applies in particular to your specific usage behaviour on these platforms. This is especially the case if you use interactive features (e.g. commenting, sharing, rating).
With regard to the processing of your personal data, however, we have a shared responsibility with Facebook towards all existing customers, prospective customers and users. We are aware of this responsibility and the protection of your data is important to us. Unfortunately, we are unable to fully meet our responsibilities in this context because Facebook does not provide us with the necessary transparency and the information required to fulfil the above-mentioned information obligations. Nevertheless, we strive to take all necessary measures to protect your data.
We further point out that when you use these platforms, your data may be processed outside the European Union. Please note that in the case of data transfer to so-called third countries outside the EU (e.g. USA), there may not be a level of protection there that complies with the EU Data Protection Regulation. It may therefore be possible for security authorities to access your data without you having any legal protection against this.
In addition, your usage and user-related information may be processed for market-research and promotional purposes. For example, user profiles may be generated on the basis of your usage behaviour and associated interests. This makes it possible to activate ads both within and outside these platforms. As a general rule, cookies are stored on your device for this purpose. Regardless of this, the usage profiles may also be used to store data that is not collected directly from your device (especially if you are a member of the respective platforms and are logged in to them).
In addition, as the provider of this information service, we do not collect and process data resulting from your use of our service.
Our processing of users' personal data is based on our legitimate interest in effectively informing and communicating with users in accordance with. Art. 6 (1f) GDPR. If you are asked to consent to data processing by the respective providers (e.g. by checking a box or clicking on a button), the legal basis for the processing is Art. 6 (1a) and Art. 7 GDPR.

Right of objection
If you are a member of a social network and do not want the network to collect information about you via our website, or to link it to your stored membership data on the respective network, you must

log out of the respective network before visiting our website
delete the existing cookies stored on your device and
close and reopen your browser.

The next time you log in, however, you will be recognised by the network again as a specific user.
For a detailed description of the respective processing and your right of objection (opt-out), please refer to the provider's information via the links below.
Should you wish to submit requests for information or to assert your rights as a data subject, we wish to point out that you should contact the providers directly. This is because only the providers have access to users' data and can respond directly to your requests and provide information. However, should you still need assistance, then please feel free to contact us.

Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) – Datenschutzerklärung:,



Google / YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) – Datenschutzerklärung:,


Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Datenschutzerklärung/


Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – Datenschutzerklärung:,



Notice regarding copyright law and artists' rights

Should you wish to publish images, texts, plans, videos, music, etc. on our website, please be aware that you may be required to assign all associated usage rights to the network, which could ultimately have legal consequences for you if you are not the author or rights holder.


Online offers for children

Persons under 16 years of age may not transfer any personal data to us or submit a declaration of consent without the consent of a parent or guardian. We encourage parents and guardians to actively participate in their children's online activities and interests.


Links to other providers

Our website also contains - clearly visible - links to the websites of other companies. As far as links to websites of other providers are available, we have no influence on their contents. Therefore, no guarantee and liability can be assumed for these contents. The respective provider or operator of these sites is always responsible for the contents of these sites.

The linked pages were checked for possible legal violations and recognisable infringements at the time of linking. Illegal contents were not recognisable at the time of linking. A permanent control of the contents of the linked pages is not reasonable without concrete evidence of a violation of the law. If we become aware of any infringements, such links will be removed immediately.