Data protection - g-c-s.com

Privacy policy / obligation to provide information

Version 1.0, status 04/2025

For us as the responsible company (“controller”, “we”, “us”), the secure processing and confidentiality of personal data is a high priority. Personal data is collected, stored and used in compliance with data protection regulations, in particular the General Data Protection Regulation (“GDPR”) and all national regulations.

Below you will find more detailed information about the data processing we carry out:

1. responsible person

Grid Connect Solutions GmbH
Gewerbeallee 15d,
4221 Steyregg
E-mail: office@g-c-s.com
Phone: +43 732 641065 – 10

2. data protection coordinator

We are not legally obliged to appoint a data protection officer. Nevertheless, as data protection is very important to us, we have a data protection coordinator. You can reach him under:

Grid Connect Solutions GmbH
Gewerbeallee 15d,
4221 Steyregg
E-mail: dataprotection@ske-holding.com
Phone: +43 732 641065 – 10

3. rights of data subjects / right of objection and revocation / right of appeal

3.1. You have the following rights vis-à-vis us with regard to your personal data:

Right to information (Art 15 GDPR),
Right to rectification (Art 16 GDPR) or erasure (Art 17 GDPR),
Restriction of processing (Art 18 GDPR),
Right to data portability (Art 20 GDPR),
Right to object to processing (Art 21 GDPR).

Right to objectIf the processing of your personal data is based on a balancing of interests (Art. 6 para. 1 lit. f GDPR: legitimate interests), you have the right to object to the processing at any time for reasons arising from your particular situation. When exercising your right to object, we ask you to explain your reasons why we should not process your personal data as we have done. We will examine the situation and either discontinue or adapt the data processing or show you our compelling reasons worthy of protection and continue the data processing. We will also continue the data processing if it serves the assertion, exercise or defense of legal claims.

You can object to data processing for the purposes of direct advertising and data analysis at any time. In this case, we will stop processing the data.

Right of revocationIf you have given us your consent to process your personal data, you can withdraw your consent at any time. Your revocation does not affect the legality of the data processing carried out until the revocation.

To exercise these rights, you must inform us in person, by telephone or in writing:

Grid Connect Solutions GmbH
Gewerbeallee 15d, 4221 Steyregg
Phone: +43 732 641065 – 10
E-mail: office@g-c-s.com or dataprotection@ske-holding.com
Please note that we can only provide you with information if you can identify yourself.

3.2 If you are of the opinion that the data processing violates applicable data protection law or that we violate your data protection claims, you also have the right to lodge a complaint with the supervisory authority in the member state of your place of residence, your place of work or the place of the alleged violation. If you wish to lodge your complaint with the supervisory authority in Austria, please address it to

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna

4. information about the processing of your personal data

4.1. Website visit

Purpose: If our website is only used for information purposes (no registration and no transmission of other information), personal data is collected which is transmitted from your browser to our server. This is technically necessary in order to display our website to you and to ensure the stability and security of the website.
Legal basis: legitimate interest (Art 6 para 1 lit f GDPR), § 165 para 3 TKG 2021
Affected persons: Website visitors, interested parties, customers and suppliers
The following data is processed: IP address, date and time of the request, time zone difference to GMT, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, requesting website, browser, operating system and interface, language and version of the browser software
Storage period: As long as you use our website.
Recipients/recipient categories: Processor

Transfer to third countries under data protection law: USA (see point 4.1.1)

4.1.1. Content Delivery Network (CDN)

This website uses the Content Delivery Network (CDN) of Cloudflare Germany GmbH, Rosental 7, c/o Mindspace, 80331 Munich, Germany (Cloudflare), a subsidiary of Cloudflare Inc, 101 Townsend Street, San Francisco, USA, to achieve a secure and high speed in the presentation of the website. A Content Delivery Network (CDN) consists of data centers that can deliver website content to users at high speed due to their worldwide distribution. Each time the website is accessed, the content is retrieved from the data center closest to the location of the accessing user. For this purpose, personal data may be processed in Cloudflare’s server log files. When our website is accessed from Europe, our settings have been made in such a way that a server located in Austria is preferred.

Purpose: Fast display of the website by referring the user to the data center closest to the user.
Legal basis: Legitimate interest (Art 6 para 1 lit f GDPR), § 165 para 3 TKG 2021.
Affected persons: Website visitors, interested parties, customers, suppliers.
The following data is processed: IP address, date and time of the request, time zone difference to GMT, content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, requesting website, browser, operating system and interface, language and version of the browser software.
Storage period: As long as you use our website.
Recipients/recipient categories: Processor.
Transfer to third countries under data protection law: USA

Companies that have successfully completed the Data Privacy Framework Program are considered to have an adequate level of security in accordance with the provisions of the EU-US and Swiss-US Data Privacy Frameworks. It is permissible under data protection law to transfer information to these companies within the framework of the Data Privacy Framework.

Cloudflare Inc, the parent company of Cloudflare Germany GmbH, has committed to complying with the requirements of the EU-US and Swiss-US Data Privacy Frameworks by becoming certified for the Data Privacy Framework Program. Information on participation can be found under the search term “Cloudflare Inc.” here: https://www.dataprivacyframework.gov/s/participant-search.

Cloudflare has also implemented contractual compliance measures for international data transfers. These apply to all global activities where Cloudflare processes personal data of natural persons in the EU. These measures are based on the EU Standard Contractual Clauses (SCCs). Further information can be found at: https://www.cloudflare.com/cloudflare_customer_SCCs-German.pdf

4.2. Electronic contact requests via the website

PurposeProcessing of contact requests via e-mail or the website contact form.
Legal basis: Performance of a contract, necessary for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b GDPR), legitimate interest (Art. 6 para. 1 lit. f GDPR), Section 165 para. 3 TKG 2021
Data subjects: Users of our contact form, including website visitors, interested parties, customers, suppliers
The following data is processed: Master data, content data of the request
Storage period: Until the request has been answered. If statutory retention obligations exist, processing will be restricted until then.
Recipients/recipient categories: Processor

4.3. Cookies/web analysis service

This website uses different types of cookies. All cookies used are described in detail in our cookie banner. You can change your cookie settings or withdraw your consent at any time by activating the gray icon on the left-hand side of the screen. This allows you to customize the settings and control which cookies you want to allow or disallow.

Purpose: To improve the user experience; increase the performance of the website, analysis, provision of individualized content and personalized advertising. Cookies help us to store your preferences and make recurring visits more efficient.
Legal basis: Section 165 (3) TKG 2021
Affected persons: Website visitors, interested parties, suppliers, customers
The following data is processed: IP address
Storage duration: see cookie banner
Recipients/recipient categories: Processor (web host)

4.3.1 Google Analytics

Data protection and opt-out options for Google Analytics

The GCS websites use Google Analytics, a web analysis service of Google Inc (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookies about your use of this website is usually transmitted to a Google server in the USA and stored there. However, if IP anonymization is activated on this website, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and shortened there in exceptional cases. Google will use this information on behalf of the operator of this website for the purpose of evaluating your use of the website, compiling reports on website activity for us as the website operator and providing other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

The storage of cookies can be prevented by setting the browser software accordingly; however, please note that in this case you may not be able to use all functions of this website to their full extent. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading and installing the following browser plug-in: http://tools.google.com/dlpage/gaoptout?hl=de

You can find more information on terms of use and data protection athttp://www.google.com/analytics/terms/de.html at http://www.google.com/intl/de/analytics/privacyoverview.html.

The Google tracking codes on this website use the _anonymizeIp() function, which means that IP addresses are only processed in abbreviated form so that direct personal references can be ruled out.

4.4. Customer management, accounting, logistics and bookkeeping

Purpose: Processing of personal data in the context of any business relationship with customers and suppliers as part of a business activity, including systematic recording of all business transactions relating to income and expenditure.
Legal basis: Consent (Art 6 para 1 lit a GDPR), performance of a contract, necessary for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR), compliance with a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular the defense, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR), explicit consent (Art 9 para 2 lit a GDPR).
Persons affected: Customers and suppliers
Storage period: Until the end of the business relationship or until the expiry of the guarantee, warranty, limitation and statutory retention periods applicable to the client (in particular BAO); in addition, until the end of any legal disputes in which the data is required as evidence.
Recipients/recipient categories: Tax office, courts and authorities, suppliers, debt collection agencies for debt recovery, banks involved in the payment to the data subject or third parties, legal representatives, chartered accountants, payroll accountants.

The provision of your personal data is necessary for the fulfillment of the contract or the implementation of pre-contractual measures. Without this data, we cannot conclude a contract with you.

4.5. Customer service and marketing for own purposes

Purpose: Processing of own or purchased customer and prospective customer data for the initiation of business relating to the company’s own range of products or services and for the implementation of advertising measures and newsletter distribution; customer relationship management.
Legal basis: Consent (Art 6 para 1 lit a GDPR), performance of a contract, necessary for the implementation of pre-contractual measures (Art 6 para 1 lit b GDPR), compliance with a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular the defense, exercise and assertion of legal claims (Art 6 para 1 lit f GDPR)
The following data is processed for sending the newsletter via our website: Master data
Storage period: The data may be stored until the end of the third year after the last contact with the client, unless longer contractual or statutory retention periods exist.
Recipients/recipient categories: Company of the analysis service/service provider

4.6. Applicant management

Purpose: Use and record-keeping of personal data provided by applicants, if this data has been provided by the data subject.
Legal basis: Consent (Art 6 para 1 lit a GDPR), explicit consent (Art 9 para 2 lit a GDPR) as well as assertion, exercise and defense of legal claims (Art 9 para 2 lit f GDPR) and legitimate interest (Art 6 para 1 lit f GDPR; Art 10 GDPR in conjunction with § 4 para 3 Z 2 DSG)
Storage period: Applicant data will be deleted immediately after the advertised position has been filled or after expiry of the entitlement period under the Equal Treatment Act (7 months), unless consent has been given to keep records. Unsolicited applications will be kept on file for the intended purpose until revoked by the person concerned.
Recipients/recipient categories: Applicant data will not be passed on to third parties. For the joint processing of applicant data, see point Error! Reference source could not be found. .

4.7. Data protection management

Purpose: Management of data protection processes at the controller to comply with the EU General Data Protection Regulation (GDPR), in particular the maintenance of the register of processing activities and the documentation of the exercise of data subjects’ rights. As part of the controller’s data protection management, employees are recorded as contact persons for certain applications and progress in the fulfillment of tasks is documented. When implementing data subject rights, the associated correspondence with the data subject is stored in accordance with legal requirements and requests with content data are processed. In addition, reports on data protection incidents and the persons involved are also recorded as part of data protection management.
Data subjects: Persons who assert their rights as data subjects under data protection law
Legal basis: Compliance with a legal obligation (Article 6(1)(c) GDPR); legitimate interest of the controller or a third party, in particular the defense, exercise or assertion of legal claims (Article 6(1)(f) GDPR).
The following data is processed: Title/academic degree; first and last name; e-mail address, telephone number or other information required for delivery; resulting from electronic communication technologies; address; content data of the request and processing; function/role; assigned applications at the controller and notifications to the DPO.
Storage period: The storage period is 3 years from the last processing or transmission, and beyond that for as long as is necessary to carry out procedures that have already been initiated
Recipients/recipient categories: Courts and authorities; legal representatives, chartered accountants, payroll accountants; affiliated companies.

4.8. Whistleblower system

Purpose: Processing of information in connection with possible or suspected violations of the law
Affected parties: person providing the information; person affected by the information and named in the information, other persons (witnesses or persons providing information)
The following data is processed: Master data of the whistleblower, e-mail address, telephone number, insofar as these are disclosed in the report and the personal data of the person named in the report, data on potentially punishable acts by courts and administrative authorities (content data of the report)
Legal basis: legitimate interest, in particular processing for the establishment, exercise and defense of legal claims (Art 6 para 1 lit f GDPR), processing for the establishment, exercise and defense of legal claims (Art 9 para 2 lit f GDPR)
Storage period: 5 years, log data 3 years from the last time the notice was used.
Recipients/recipient categories: Lawyers, authorities and courts. For joint processing in the whistleblower system, see point Error! Reference source could not be found.

5. information on data transfers to third countries or international organizations

The data processed by us will not be transferred to recipients in third countries or international organizations.

6. joint processing activities

6.1. Companies involved in the joint processing:

SKE Holding GmbH, HNE Logistik GmbH, Creative Minds Agency GmbH, SKE Engineering Ltd, SKE Solar Inverters S.R.L., Grid Connect Solutions GmbH.

6.2. Cross-group processing in the whistleblower system

Purpose: Cross-group processing of information in connection with possible or suspected legal violations
Affected parties: person providing the information; person affected by the information and named in the information, other persons (witnesses or persons providing information)
The following data is processed: Master data of the whistleblower, e-mail address, telephone number, insofar as these are disclosed in the report and the personal data of the person named in the report, data on potentially punishable acts by courts and administrative authorities (content data of the report)
Legal basis: legitimate interest, in particular processing for the establishment, exercise and defense of legal claims (Art 6 para 1 lit f GDPR), processing for the establishment, exercise and defense of legal claims (Art 9 para 2 lit f GDPR)
Storage period: 5 years, log data 3 years from the last time the notice was used.

6.3. Cross-group processing in applicant management

Purpose: Best possible consideration of applicant qualifications for various positions within the company group
Persons concerned: Applicants, interested parties for an advertised position
The following data is processed: Master data (first and last name), contact details (e-mail address, address, telephone number) and all other relevant information provided in the application process
Legal bases Consent (Art 6 para 1 lit a GDPR), explicit consent (Art 9 para 2 lit a GDPR) as well as assertion, exercise and defense of legal claims (Art 9 para 2 lit f GDPR) and legitimate interest (Art 6 para 1 lit f GDPR; Art 10 GDPR in conjunction with § 4 para 3 Z 2 DSG)
Storage period: Applicant data will be deleted immediately after the advertised position has been filled or after expiry of the entitlement period under the Equal Treatment Act (7 months), unless consent has been given to keep records. Unsolicited applications will be kept on file for the intended purpose until revoked by the person concerned.

6.4. Group-wide services

Purpose: Group-wide support services within the group of companies in the areas of human resources, IT and law to optimize processes, infrastructure and improve internal workflows.
Affected parties: Employees, applicants, suppliers, service providers
The following data is processed: Master data, salary data, work and employment permits, qualifications, CVs, content data of inquiries, billing, payment and booking data, judicial and official settlements.
Legal basis: Consent (Art 6 para 1 lit a GDPR), explicit consent (Art 9 para 2 lit a GDPR), compliance with a legal obligation (Art 6 para 1 lit c GDPR), legitimate interest, in particular processing for the establishment, exercise or defense of legal claims (Art 6 para 1 lit f GDPR; Art 10 GDPR in conjunction with Section 4 para 3 no. 2 FADP), processing for the establishment, exercise or defense of legal claims (Art 9 para 2 lit f GDPR)

6.5. Contact point for affected persons

If you have any questions about your rights or data processing, you can contact the contact point for data subjects: Grid Connect Solutions GmbH, Gewerbeallee 15d, 4221 Steyregg, phone: +43 732 641065 – 10, e-mail: office@g-c-s.com or dataprotection@ske-holding.com.

6.6. Lead supervisory authority

The joint controllers have appointed the Austrian Data Protection Authority (Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at) as the lead supervisory authority.

7. change management

The current version of this privacy policy is available on our website. If you have any questions about an earlier version, please contact the office named in point 2.