Select Page

Privacy policy

We take the protection of your personal data very seriously. Therefore, we would like to inform you with this privacy policy about the nature, scope and purpose of the personal data collected, used and processed by us. In addition, we would like to inform you of the rights to which you are entitled.

We would like to point out that data transmission on the Internet (e.g. communication by e-mail) can have security gaps. Complete protection of the data against access by third parties is not possible.

1. person in charge

The responsible party within the meaning of Art. 4 No. 7 DSGVO, other data protection laws applicable in the Federal Republic of Germany and the Member States of the European Union and other provisions of a data protection nature is:

GAIN Software GmbH
Gruber Street 6
96185 Schönbrunn

Managing Director: Peter Schmitt

E-mail address:
Telephone number: 09549 98 11 91

2. data protection officer

The responsible party has appointed as data protection officer:

Data Protection Lotsen UG i.G.
z. Hd. Jean-Pierre Thull,
Bleach Street 77A
33608 Bielefeld

E-mail address:
Phone number: 0521 98 90 18 26

Any person affected by the processing of personal data by the data controller may contact the data protection officer directly at any time and with any questions or suggestions regarding data protection.

3. scope of the processing of personal data

As a matter of principle, we process personal data of the users of these pages only to the extent that this is necessary for the provision of a functional website as well as our contents and services. The use of our website is usually possible without providing personal data.

Insofar as personal data (e.g. name, address, e-mail addresses and telephone numbers) are used, in particular, for the purposes of data processing, this shall not apply. in the case of your contact with us, the transmission to us – as far as possible – on a voluntary basis.

4. legal basis for the processing of personal data

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 Sentence 1 lit. a EU General Data Protection Regulation (GDPR) as the legal basis for the processing based on this consent.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 Sentence 1 lit. b DSGVO as the legal basis. This justification further applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as personal data must be collected and/or processed due to legal requirements or in the public interest, Art. 6 para. 1 Sentence 1 lit. c or lit. e DSGVO as the legal basis.

If the processing is necessary to protect a legitimate interest of the WIFU Foundation as controller, of WIFU or of another third party, and if the interests, fundamental rights and freedoms of the data subjects do not override the legitimate interest, Art. 6 para. 1 Sentence 1 lit. f DSGVO as the legal basis for the processing.

5. duration of storage

The personal data of data subjects will be deleted or blocked as soon as the purpose of storage ceases to apply. In addition, storage may take place if this has been provided for by the European or national legislator in Union regulations, laws or other provisions to which the controller is subject. Data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need to continue storing the data for the conclusion or fulfillment of a contract.

6. disclosure of data

Your personal data will not be transferred to third parties for purposes other than those listed below.

Your personal data will only be passed on to third parties if you have given your express consent, if there is a legal obligation to do so, or in accordance with Art. 6 Para. 1 lit. b DSGVO is necessary for the processing of contractual relationships with you.

7. server log files

When you visit our pages, the browser used on your terminal device automatically sends information to the server used for our website. These are stored in so-called server log files. The data stored are in particular. um:

– IP address of the terminal device you are using
– Date and time of the server request
– Referrer-Url (identifier of the previously visited website)
– Browser type and version
– Operating system used

This data cannot be assigned to specific persons. The IP address is anonymized after collection. This data is not merged with other data sources. This storage takes place on the legal basis of Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the improvement, stability, functionality and security of our website.

We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use. The data is deleted after seven days, unless further storage is required for evidence purposes. Otherwise, the data is exempt from deletion in whole or in part until final clarification of an incident.

8. SSL or TSL encryption

This site uses SSL or TSL encryption for security reasons. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

You can recognize an encrypted connection by the fact that the browser address bar changes from “http://” to “https://” and by the lock symbol in your browser bar.

9. contact form

A contact form is available on our website, which can be used for electronic contact. If a user takes advantage of this option, the data entered in the input mask will be transmitted to us and stored. These data are:

– Your name
– Name of your company
– Your email address
– Your phone number
– Your request

At the time of sending the message, the IP address of the user and the date and time of transmission of the contact data are also stored.

For the processing of the data, your consent is obtained during the submission process and reference is made to this privacy policy. Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored.

The processing of personal data from the input mask or an e-mail from you serves us solely to process the contact. The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.

The legal basis for the processing of the data, if the user has given his consent, is Art. 6 para. 1 lit. a GDPR. The legal basis for the processing of data transmitted in the course of sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact aims at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

10. web analysis

On our website, we use a procedure to create anonymous statistics about the use of our website by using Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google). We do not use cookies or similar technologies and only transmit anonymized data to Google.

The web analysis enables us to statistically evaluate the use of this website by the users (e.g. time of use, page views, duration of stay, operating systems used, clicks). It is carried out on the basis of our legitimate interest according to. Art. 6 para. 1 lit. f DGVO in the demand-oriented design and continuous optimization of our websites.

The IP address of your end device is anonymized by us and a non-resolvable, unique hash value (client ID) is generated from it. A recognition of the website visitor beyond our website is therefore neither possible for Google nor for us. Google has no possibility to link the transmitted data with other data from you.

Google stores and processes the data for statistical analysis by Google Analytics on servers in the USA. Based on the existing legal provisions in the U.S., the ECJ found that the level of protection for personal data in the U.S. cannot be considered comparable to that under the scope of the European GDPR. In this case, a transfer of personal data is only permissible in accordance with Art. 46 DSGVO if suitable guarantees are provided.

However, due to the selected procedure, no personal data is transmitted by us to Google. If, contrary to our assessment, this should be assessed differently, a transfer to the USA would still be permissible in accordance with the recommendations 01/2020 of the EDPB due to the existence of suitable guarantees, since Google has included the standard data protection clauses issued by the EU Commission in its contracts ( and the transmitted client ID is the result of an encryption that cannot be resolved by Google as the data recipient.

10.1 OptOut

You can object to the collection and processing of your usage data for web analytics purposes by clicking on the following link: OptOut Web Analytics. An opt-out cookie is set that prevents the collection of your data during future visits to this website in your current browser. In case of deletion of this cookie, you would have to declare your objection again.

10.2 Shared responsibility

Taking into account the case law of the ECJ and in the opinion of the DSK, Google and the controller, as Google Analytics users, are to be considered jointly responsible for the data processing within the scope of Google Analytics. There is a corresponding agreement between the responsible party and Google on joint responsibility in accordance with the German Data Protection Act. Art. 26 DSGVO, which you can access at Information about what data is collected by Google, what it is used for, and what rights you have can be found at

11. your rights

You have the right to obtain from the controller information about your personal data processed by the controller and further information about the processing carried out in relation to your personal data.

Furthermore, you have the following rights with regard to the personal data concerning you

– a right to rectification,
– a right to deletion,
– a right to restriction of processing,
– a right to object to the processing,
– a right to data portability and
– a right of appeal to a supervisory authority.

In the event that you have given your consent to the processing of your personal data in accordance with Art. 6 para. 1 Sentence 1 lit. a in conjunction with. Art. 4 No. 11 DSGVO, you have the right to revoke this consent at any time.

If you wish to exercise any of the aforementioned rights, please contact the data controller directly at its contact details provided above( or our data protection officer(

The responsible party is obliged to comply with your asserted right, unless there are justifiable reasons to the contrary. In addition, he may only comply with your request if he has been able to identify you unambiguously as the data subject of his processing of personal data.

You can exercise your right of complaint against the supervisory authority responsible for the person in charge. Their contact details are:

The State Representative
for Data Protection and Freedom of Information NRW (LDI)
Cavalry Street 24
40213 Düsseldorf,

Tel.: +49 (0) 211 – 384240