Privacy information

The type, scope and purposes of the data processing as well as the legal basis therefor and the rights of data subjects are outlined below. This pertains to the personal data of visitors, users, interested parties and customers (contractual partners) of Glorit Bausysteme GmbH, Gloritstraße 2, 2301 Groß-Enzersdorf.

When the term "company" is used below, this refers to the named company, insofar as it is responsible under data protection and privacy laws. The data subject(s) are the aforementioned visitors, users, interested parties and customers.

(a) General

The company collects personal data provided by data subjects, namely

  • when visiting and using the website,
  • when making an enquiry (even in the case of independent agents and brokers) or when being contacted by our representatives,
  • when submitting an application as an employee or independent agent,
  • when (otherwise) establishing contact (e.g. using the contact form or by email).

The categories of data that may be collected are as follows: Name, age, date of birth, address, economic status. Which (additional) data is collected in detail can be seen from the respective entry forms or from the queries by the employees of the company and/or by the self-employed independent agents. Any and all data disclosed by the applicant when making an application may be processed.

(b) Name and contact details of the controller

Glorit Bausysteme GmbH
Gloritstraße 2
2301 Groß-Enzersdorf
T +43 2249 7090

The company has not appointed a data protection officer.

(c) Processing purposes and legal bases

The personal data of data subjects are processed for the following purposes:

  • Initiation
  • and performance of business concerning the planning and construction of houses and apartments,
  • the former also in cooperation with independent agents as well as
  • the fulfilment of all associated processes such as invoicing, administration, accounting, etc.
  • Sending information and advertising as well as
  • recruitment of employees or independent agents in cases where applications are submitted.

The legal bases for processing are

  • the performance of the contract or the implementation of pre-contractual measures that are carried out at the request of the data subject (consulting, preparation of offers, etc);
  • the same applies if the contract is concluded with a legal entity for the performance of which personal data also needs to be processed (contact person).
  • the pre-contractual measures at the request of the data subject
  • the legitimate interest of the company (Art. 6 para. 1 lit. b and f GDPR), provided that no health data or any other sensitive data is affected,
  • the fulfilment of legal documentation and transmission obligations, in particular in the field of taxation, duties, and data protection, as well as
  • consent (as described below).

We base the lawfulness of processing data on a legitimate interest in the following cases:

  • when the company initiates business transactions,
  • to provide customers with sufficient information about the products and services offered or arranged by the company, as well as about events, promotions etc., i.e. advertising. This also includes that the data is transferred to processors for this purpose if so required to implement these or other marketing measures, statistical evaluations, etc.,
  • for internal management within the group, provided the company belongs to or is affiliated with such a group,
  • for processing by processors (e.g. external accounting),
  • to obtain information about credit ratings,
  • to prevent fraud or unlawful use of the website. Apart from the latter case, the data automatically collected and stored by the provider on the web server (e.g. browser used, operating system, referring site, IP address, time) are not evaluated and are not assigned to a specific person. If comments are made or form fields completed, the data entered and their IP addresses are stored so as to enable prosecution if content is illegal.

In the following cases, the legal basis for processing is the declaration of consent given by the data subject:

  • By registering or consenting to receive a newsletter and other advertising, the data subject agrees that the data required for this purpose or separately communicated by the data subject may be used for newsletters and other advertising to be sent on a regular basis.
  • When publishing postings on the company’s Facebook page, the data subject agrees that the postings may be published by the company, e.g. on a so-called "social wall".
  • Being included on a list of participants at events and presentations, together with the list being handed out to participants and the data provided therein being further processed, is also done on the basis of consent provided by the data subjects.

Consent can be revoked (also individually) at any time by sending a message to the contact option described above under lit b. Revocation is just as easy if registration is possible online, e.g. by checking the relevant box.
Revoking consent does not render any processing carried out up to that point inadmissible (revocation is not retroactive).
Insofar as the processing is based on the legitimate interest of the company (see above), the data subject has the right to object here pursuant to Art. 21 GDPR. Please see the separate explanation at the end of this privacy policy.

(d) Necessity

Personal data needs to be provided to the company to conclude and perform the contract. Failure to provide said data would result in the company not being able to act and therefore not being able to conclude a contract.
Personal data is needed for newsletters and other advertising to be sent, otherwise the newsletter could not be sent. A lack of consent has no effect on the company’s ability to take action or on the subsequent conclusion of the contract, meaning that this is not expressly required.

Providing personal data is required when publishing posts on the company’s Facebook page, otherwise making such posts would not be possible. Non-provision has no effect on the company’s ability to take action or on the subsequent conclusion of the contract, meaning that this is not expressly required.

Providing personal data, along with it being handed out to participants and the data provided therein being further processed, is required to participate in events and presentations. Failure to provide said data would result in not being able to participate. Non-provision has no effect on the company’s ability to take action or on the subsequent conclusion of the contract, meaning that this is not expressly required.

(e) Recipients of the data

The personal data of the data subject will not, as a general rule, be disclosed to recipients other than the company (i.e. to other natural persons or legal entities, authorities, institutions or other bodies) (but please refer to the notes in points j, k, and l).

This does not include

  • any independent agents appointed (for contacting the interested party, advising the latter through the agent, etc.);
    any third parties named by the data subject (e.g. architects or professionals);
  • authorities that may receive personal data in the context of a specific inquiry under EU or Austrian law; such data has to be processed by the authorities in question in accordance with the applicable laws on data protection;
  • processors who process the personal data on behalf of the company (e.g. printers for sending newsletters; the credit institution commissioned to process payments).

The Company does not intend to transfer the personal data to a third country or to an international organisation.

(f) Updating / origin of the data

The data of interested parties and customers is largely updated from direct feedback or notifications made by the interested parties and customers to the company.

The data generally originates from the interested parties or customers themselves or from independent agents commissioned by the company. Information that is (also) publicly available (e.g. professional and trade directories) is used by way of exception. The categories of data that may thereby be collected, depending on availability, are as follows: Name, age, date of birth, address, economic status or payment history. Information about the latter may also be available from creditor protection associations and credit agencies.

(g) Duration of the data storage

Personal data is stored

  • until it is no longer required for the purposes for which it was collected or otherwise processed;
  • in the case of processing on the basis of a declaration of consent, until the data subject revokes their consent and there is no other legal basis for further processing (Art. 17 para. 1 lit b GDPR);
  • in any case for as long as the storage is necessary to fulfil a legal obligation (e.g. statutory retention obligations) or to assert, exercise, or defend any legal claims by the company.


(h) Rights of the data subject

Pursuant to Art. 15 GDPR, the data subject has the right to request confirmation from the controller – once it has proved their identity – as to whether personal data relating to them are being processed. If this is the case, the data subject shall further have a right

  • to information about this personal data and
  • to the information referred to in Art. 15 para. 1 GDPR, such as the categories of personal data and other information (note: this corresponds to the information contained in this statement).

The data subject has the right to obtain from the controller without delay the rectification of inaccurate personal data concerning them (right to rectification under Art. 16 GDPR).

The data subject has a right to erasure ("right to be forgotten") of personal data concerning them under the conditions of Art. 17; e.g.

  • if the data is no longer necessary in relation to the purposes for which they were collected or otherwise processed, or
  • if it was processed unlawfully, or
  • if the data subject withdraws consent on which the processing is based.

If the company made public the personal data to be erased, the following obligation exists under Art. 17 para. 2 GDPR:
Reasonable measures must be taken to inform other controllers of the erasures to be made, taking into account the available technology and the costs of implementation incurred thereby. This concerns controllers who process the personal data. They must be informed that the data subject has requested the erasure of all links to, copies and replications of said personal data.

The right to erasure does not exist, however,

  • if there is no reason for erasure (i.e. none of the above reasons apply) or
  • where the exemptions set out in Art. 17 para. 3 GDPR apply, e.g. where processing is necessary to comply with a legal obligation under EU or Austrian law (e.g. statutory retention obligations), or to assert, exercise, or defend legal claims.

The data subject has the right to restriction of processing pursuant to Art. 18 GDPR, e.g.

  • if the data subject contests the accuracy of the data processed,
  • the processing is unlawful, or
  • there is a dispute between the company and the data subject as to whether there is a right to erasure. In this case, the company will store the data in question but not process it in any other way.

If the data subject requests erasure, restriction of processing or objects (see the information at the end of this privacy policy), they will be informed immediately about the measures taken or the reasons which, from the company’s point of view, prevent implementation.

Pursuant to Art. 20 GDPR, the data subject has the right to receive the personal data concerning them that they have provided to the company in a structured, commonly used and machine-readable format. However, this only applies if the processing is carried out with the help of automated procedures.

They furthermore have the right to transmit this data to another controller. The controller to whom the personal data has been provided must not hinder them in doing so (right to data portability). They have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

(i) Right to lodge a complaint with a supervisory authority

The data subject has the right to lodge a complaint with the data protection authority if they consider that the processing of personal data relating to them infringes the GDPR or Section 1 or Article 2 1st Chapter of the Data Protection Act [Datenschutzgesetz, DSG] as amended by the Data Protection Amendment Act 2018.

(j) Cookies

Cookies are small files that allow this website to store specific information related to the user on the visitor’s computer while the website is being visited. Cookies help to determine the frequency of use and the number of users of the website as well as to design offers conveniently and efficiently.

The company uses session cookies, which are only temporarily stored for the duration of the use of the website, and permanent cookies used to record information about visitors who repeatedly access the website. The purpose of the use of these cookies is to be able to offer an optimal user guidance as well as to recognise visitors and to be able to present a website that is as attractive as possible along with interesting content in the event of repeated use. The content of a permanent cookie is limited to an identification number. Name, IP address etc. are not stored. Individual profiling of usage behaviour does not take place.
The company's offers can also be used without cookies.

By changing the browser settings, the storage of cookies can be deactivated or restricted to certain websites. The browser can also be set to notify the user as soon as a cookie is sent. Cookies can be deleted from the PC’s hard disk at any time. Please note that the website can then only be used to a limited extent.

(k) Use of Google Analytics

This website uses Google Analytics, a web analytics service provided by Google, Inc ("Google"). Google Analytics uses cookies (see point [j]). In this respect, the company relies on an overriding legitimate interest in compiling website access statistics in a cost-efficient and simple manner (Art. 6 para. 1 lit f GDPR).

The information generated by the cookie about the use of this website is usually transmitted to a Google server in the U.S. and stored there. In the event that IP anonymisation is activated on this website, however, Google’s IP address will be truncated beforehand within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the U.S: and truncated there.

Google will use this information on behalf of the operator of this website for the purpose of evaluating the use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator. However, the IP address transmitted by the browser as part of Google Analytics will not be merged with other Google data.

As described under point (j), there is the option of preventing the storage of cookies by making the appropriate changes to the browser settings; however, we would like to point out that in this case it may not be possible to use all the functions of this website to their full extent.
In addition, the collection of the data generated by the cookie and related to the use of the website (incl. the IP address) to Google as well as the processing of this data by Google can be prevented by downloading and installing the browser plugin under the following link (

You can find more information on terms of use and data protection at or under

On this website, Google Analytics has been extended to include the code “gat._anonymizeIp();” to ensure anonymised collection of IP addresses (known as IP masking).

(l) Google Maps

The Google Maps API service is used on the microsites. This is a service provided by Google, Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. This will transmit at least the following data to Google, Inc.: IP address, time of the visit to the website, screen resolution of the visitor, URL of the website (referrer), the identifier of the browser (user agent) and search terms. The data transfer takes place irrespective of whether a user account exists at Google via which the user is logged in or whether no user account exists. If the user is logged in, this data is directly assigned to the account.

If the user does not want this data to be assigned to the profile, they must log out before activating the button. Google, Inc. stores this data as usage profiles and uses it for the purposes of advertising, market research and/or designing its website to meet user needs. The user has a right to object to the creation of these user profiles, and must contact Google Inc. to exercise this right.
Further information on the purpose and scope of data collection and processing by Google, Inc. is available at By using the Google Maps service, the user consents to the processing of data by Google, Inc. There is no processing of the data concerned by the controller.

(m) Google Remarketing

This website uses Google Remarketing, a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to present interest-based advertisements to visitors of our website. In this, cookies (text files) are stored on your computer by your browser. These make it possible to remember you as a website visitor when visiting websites that belong to Google’s advertising network. On such websites, you may then be presented with advertisements that relate to content that you have previously accessed on other websites that you have visited. Google does not collect any personal data during this process.
You can also deactivate the installation of cookies by Google Remarketing by changing the appropriate settings under

(n) Facebook

The company uses a "Facebook pixel" from the social network Facebook Inc. ("Facebook"). The Facebook pixel makes it possible to track the behaviour of users after they have clicked on a Facebook ad. The Facebook Pixel enables the company to understand how the company’s advertising is received on Facebook and, if necessary, take steps to optimise this. The relevant data is collected by Facebook and stored via cookies.

If you would like to deactivate the cookie storage for Facebook, please change your browser settings. Please consult the help menu of your browser to find out how to do this.

The data collected remains anonymous and does not provide any information about the identity of the user. Facebook stores and processes the data for its own advertising purposes in accordance with the Facebook Privacy Policy (

More information about the Facebook pixel:

Go to the settings for advertisements on Facebook:

More information about Facebook’s privacy policy:

Separate information pursuant to Art. 21 para. 4 GDPR:
As the processing is based on the legitimate interest of the company, the data subject has the right to object pursuant to Art. 21 para. 1 GDPR. However, this only applies if there are reasons for this that arise from the specific situation. It would not be sufficient for the data subject to simply not want storage and other their data to be otherwise processed. They must instead outline personal reasons why – unlike other customers and users – it is unreasonable for their personal data to be processed (further). If this is done, the personal data may only be further processed in two cases:

  • the company demonstrates compelling grounds worth being protected for the processing which override the interests, rights and freedoms of the data subject, or
  • the processing is done for asserting, exercising, or defending legal claims.

The data subject also has the right to object to the processing of personal data concerning them for the purposes of direct marketing, pursuant to Art. 21 para. 2 GDPR. The data subject may also object only to the processing of individual categories of data concerning them, e.g. the use of their email address for advertising purposes.

Last updated: 5 September 2019