Privacy Policy

Social Media Accounts of GELITA AG

This privacy notice applies to GELITA AG’s presence on the following social media platforms: Facebook, Instagram, TikTok, YouTube (including Shorts) and LinkedIn.

Last updated: July 2025

I. Introduction

GELITA AG uses social media platforms to present itself as an appealing employer and to offer a glimpse into the everyday work of its trainees and employees. We also use social media for marketing purposes. Protecting your personal data is of the utmost importance to us. This privacy notice is intended to let you know how your personal data will be processed in connection with our social media accounts, as well as the scope and purposes of our data processing.

Please note that you are responsible for the way in which you use each social media platform and engage with its functions – especially interactive features such as comments, shares and likes. The social media providers themselves will generally process your data for market research and advertising purposes, in order to create user profiles and display personalized advertisements. We have only limited control over how these providers process data. You can find our legal notice on each of our social media pages.

II. Controller of data processing

The controller according to the General Data Protection Regulation (GDPR) and other applicable data protection laws is:

GELITA AG, Uferstraße 7, 69412 Eberbach, Germany

Email: [email protected]

III. Contact details of the data protection officer

You can contact our data protection officer at:

GELITA AG, Data Protection Officer, Uferstraße 7, 69412 Eberbach, Germany

Email: [email protected] 

IV. Purposes and legal basis of data processing

We will process your personal data on our social media pages for the following purposes:

  • Employer branding und talent acquisition: enhancing our appeal as an employer by offering a glimpse into our everyday work, sharing interviews with trainees and presenting some of our team events, projects and departments   
  • Communication und interaction: responding to your inquiries, comments and messages
  • Public relations and brand development: increasing awareness and enhancing the public image of GELITA AG
  • Sales and marketing: providing information about our product features and benefits 

We will process your data in accordance with point (f) of Art. 6 (1) GDPR; we have a legitimate interest in promoting our company and communicating with interested parties and the general public. The above purposes are aligned with our legitimate interest in data processing.

V. Categories of data

We will process the following categories of personal data:

  • Interaction data: your comments, likes, shares and direct messages sent via our social media pages   
  • Platform-specific data: data collected by social media providers and shared with us in anonymized form as “Insights” (e.g. page views, reach, interactions). We do not have direct access to the underlying raw data

VI. Joint controllers with social media providers

We share responsibility for certain areas of data processing with the respective social media providers, acting as joint controllers under Art. 26 GDPR. This applies in particular to the collection and analysis of usage data (e.g. Page Insights, event data).   

  • Facebook (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland): We act as joint controllers with Meta for the processing of data related to “Page Insights”. The essential terms of our “Page Insights Controller Addendum” can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.
  • Instagram (Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland): We act as joint controllers with Meta for the processing of data related to “Page Insights”. The essential terms of our “Page Insights Controller Addendum” can be found here: https://www.facebook.com/legal/terms/page_controller_addendum.   
  • TikTok (TikTok Technology Limited, The Sorting Office, Ropemaker Place Dublin 2, Dublin, D02 HD23, Ireland): We act as joint controllers with TikTok for the processing of “event data”. The relevant joint controller agreement is outlined in Part B of the “Jurisdiction Specific Terms”: https://ads.tiktok.com/i18n/official/policy/jurisdiction-specific-terms.
  • LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland): We act as joint controllers with LinkedIn for the processing of data related to “Page Insights”. The relevant joint controller agreement under Art. 26 GDPR can be found here: https://legal.linkedin.com/pages-joint-controller-addendum.
  • YouTube (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland):
    Google provides us with aggregated data on the use of our YouTube channels (“YouTube Analytics”). While we have not entered into a joint controller agreement with Google under Art. 26 GDPR, Google can be assumed to act as an independent controller. Further information on Google’s data processing practices can be found in its privacy policy: https://policies.google.com/privacy.

VII. Recipients of data and transfers to third countries

When you use social media platforms, your data may become accessible around the world. The platform providers (Meta, TikTok, Google, LinkedIn) have their headquarters or significant operational units in third countries, in particular in the United States and, in the case of TikTok, in Singapore. This means that your personal data may be transferred to those third countries.   

For data transfers to the United States, the platform providers rely on the EU-US Data Privacy Framework (DPF), provided they are certified under it. Meta Platforms, Inc. (Facebook, Instagram), TikTok Inc., LinkedIn Corporation and Google LLC (YouTube) are certified under the EU-US DPF. If the DPF is not applicable or does not provide an adequate legal basis for certain processing activities, Standard Contractual Clauses (SCCs) may be used as an alternative safeguard.   

Please note that some third countries may not ensure a level of data protection equivalent to that in the EU. In particular, US authorities may gain access to transferred data under certain circumstances.   

VIII. Retention period

We will store your personal data on our social media pages for as long as necessary to fulfill the purposes outlined above.

IX. Your rights as a data subject

You have the right to request access to the personal data we hold about you at any time (Art. 15 GDPR). If the relevant legal conditions are met, you also have the following rights:   

  • Right to rectification (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to object to processing (Art. 21 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Right to withdraw consent (Art. 7 (3) GDPR): If data processing is based on your consent, you have the right to withdraw your consent at any time with future effect. If you withdraw your consent, this will have no bearing on the lawfulness of any data processing carried out up to that point.

You may exercise your rights at any time by contacting us or our data protection officer (see contact details above).

X. Right to lodge a complaint with the supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data constitutes a breach of the GDPR. The competent supervisory authority for our organization is the State Commissioner for Data Protection and Freedom of Information in Baden-Württemberg.