With the following information, we would like to give you an overview of the processing of your personal data on this website and your rights under the applicable data protection laws.
1.1 Applicable Data Protection Laws
GLS/NXT is a business unit of GLS IT Services GmbH (hereinafter referred to as “GLS/NXT”, “we” or “us”) and processes your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR), the Federal Data Protection Act (BDSG) and the Telecommunications Telemedia Data Protection Act (TTDSG).
GLS/NXT protects your personal data from loss and misuse by taking appropriate technical and organisational security measures. We reserve the right to improve these security and data protection measures if necessary.
If you send us an e-mail, it runs through the servers of the respective providers on the Internet, over which we have no influence. Therefore, it may be that the e-mail is transmitted unencrypted between these servers, so that it is basically readable by third parties.
1.3 Contact details of the controller and the data protection officer
The person responsible pursuant to Art. 4 para. 7 GDPR or provider of tele media according to § 2 TTDSG for data processing is:
GLS IT Services GmbH
GLS Germany-Str. 1-7
Phone +49 (0) 6677 646 907 000
You can contact our company data protection officer at:
GLS IT Services GmbH
attn. Data Protection Officer
GLS Germany-Str. 1-7
1.4 Personal data
Personal data is information about personal or factual circumstances of a specific or identifiable natural person (data subject). This includes data such as name, address, telephone number and e-mail address.
Information that cannot be associated with an identified or identifiable natural person – such as anonymized or aggregated data about several persons – is not personal data.
1.5 Legal basis for data processing
The processing of personal data is lawful if one of the following legal bases applies:
Consent (Art. 6 para. 1 lit. a) GDPR):
The processing of personal data for one or more of the purposes mentioned is lawful if you have given us your prior consent to do so. A given consent can be revoked at any time with effect for the future. The revocation does not affect the lawfulness of the processing carried out until the revocation. This also applies to the revocation of declarations of consent that were given to us before the GDPR came into force, i.e. before 25 May 2018.
For the fulfilment of contractual obligations or for the implementation of pre-contractual measures (Art. 6 para. 1 lit. b) DSGVO):
In order to be able to fulfil our contractual obligations towards you or to initiate a contract, we also process personal data. The purposes of data processing result from the respective contract (e.g. purchase contract).
Due to legal requirements (Art. 6 para. 1 lit. c) GDPR):
GLS/NXT is subject to legal obligations, such as commercial and tax retention regulations in accordance with the German Commercial Code (HGB) and the German Fiscal Code (AO).
Legitimate interest (Art. 6 para. 1 lit. f) GDPR):
If necessary, we process your data to protect our legitimate interests (e.g. to ensure IT security and IT operations).
1.6 Data transfer, recipients and third country transfer
Within GLS/NXT, access to your data is granted to those departments that need it to fulfil contractual and legal obligations. Service providers and vicarious agents used by GLS/NXT may also receive data for these purposes, provided that they comply with the applicable legal provisions.
The parties who may receive your personal data include group and carefully selected non-group service providers who are contractually obliged to provide services on behalf of GLS/NXT. GLS/NXT has concluded corresponding data protection agreements with these parties.
We only transmit your personal data to other recipients if this is required by law, if you have consented or if we are otherwise authorized to pass it on. If one of these conditions is met, public bodies (e.g. law enforcement authorities), among others, may receive personal data.
Personal data will only be transferred to a country outside the EU (third country) if this is expressly pointed out in the context of the respective service or if the commissioned service provider is based in a third country and the legal requirements for this are also met. In this case, we base the third country transfer on one of the following legal instruments:
Adequacy decision of the EU Commission for the respective third country
Agreement on EU standard contractual clauses and, if necessary, additional measures
Binding intra-group data protection rules
An exception under Art. 49 GDPR
Please note that due to American laws such as the Cloud Act, American authorities, such as intelligence agencies, may have access to personal data (such as IP addresses) that are inevitably exchanged with providers in the USA when a service is integrated.
1.7 Storage period and deletion
GLS/NXT stores personal data in accordance with statutory data processing regulations and in compliance with statutory retention periods for as long as it is necessary for the respective purpose. We determine the duration of the storage of the data in accordance with the following requirements:
Operational requirements: The retention period required for the handling of operational processes.
Legal requirements: Retention periods under commercial and tax law, which result, for example, from the German Commercial Code (HGB) and the German Fiscal Code (AO).
After expiry of the defined retention period, the data will be deleted or destroyed. Detailed information on the retention period for certain processing can be found in the following sections.
2 Information for applicants
You can apply for vacancies at GLS/NXT via our website. This is done by clicking on the “Apply now!” button. If you click on the button, you can send an e-mail to express your interest in working for GLS/NXT.
In the event of contact / application, we process the data that you provide to us in the course of the application.
The processing of your applicant data is carried out for the purpose of initiating an employment contract with you (Art. 6 (1) (b) GDPR). In addition, we process your personal data to protect legitimate interests (Art. 6. para. 1 lit. f DSGVO) for statistical purposes (reports) in anonymized or aggregated form.
If the application process does not lead to a takeover, your data will be automatically deleted after 6 months; unless statutory provisions (e.g. burden of proof under the General Equal Treatment Act) require a longer retention period. The legal basis for this is Art. 6 (1) (f) GDPR and §24 (1) and (2) BDSG.
If an employment relationship is established as a result of the application, we will continue to process the personal data for as long as is necessary for the performance of the contract (employment contract); The legal basis is Art. 6 (1) (b) GDPR.
To support the application process, we use the services of Sonic Technologies GmbH, Elisabeth-Selbert-Str. 7, 34225 Baunatal, Germany. We have concluded an order processing agreement with this provider in accordance with Art. 28 GDPR in order to ensure compliance with data protection regulations.
3 Website glsnxt.com
3.1 Logging of IP addresses
Each time a user accesses the website, data is stored in a log file. In detail, the following data set is temporarily stored:
Date and time of access
IP address or DNS name of the requesting computer
Accessed page (URL)
HTTP response code
Operating system with version
Browser with version
The temporary storage of this data is necessary to enable the delivery of the website to your device and to ensure the functionality of the website. With the help of this anonymized data, we also gain statistical insights into the use of the website. In addition, we collect the data in order to be able to trace and prevent unauthorized access to the web server and the misuse of the websites and to secure our information technology systems.
For the operation of the LinkedIn Page (https://www.linkedin.com/company/gls-nxt ), we use the technical platform and services of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland (“LinkedIn”).
LinkedIn Page analytics provides insights into the performance of our LinkedIn page to assess trends based on data and time periods. In the case of the analysis data (e.g. follower and visitor numbers) are only aggregated data that do not allow any conclusions to be drawn about individuals.
Competent supervisory authority for LinkedIn
Irish Data Protection Commission
21 Fitzwilliam Square South
5 Rights of data subjects
As a data subject, you have the right to:
to obtain information as to whether your personal data is being processed and the right of access to this data (right of access by the data subject pursuant to Art. 15 GDPR)
to request the rectification of inaccurate personal data concerning you (right of rectification pursuant to Art. 16 GDPR)
to request the deletion of your personal data (right of deletion in accordance with Art. 17 GDPR)
to request the restriction of processing (right of restriction of processing pursuant to Art. 18 GDPR)
to receive the personal data that you have provided to us (right of data portability pursuant to Art. 20 GDPR)
to object, on grounds relating to your particular situation, to the processing of personal data concerning you, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. (Right of objection pursuant to Art. 21 GDPR)
With regard to the right to information and the right to deletion, the restrictions according to §§ 34 and 35 BDSG apply.
If the deletion is contrary to statutory retention periods, the data can only be deleted after the prescribed retention period has expired.
5.2 Revocation of consent
You can revoke your consent to the processing of personal data at any time. The revocation of consent is only effective for the future and does not affect the legality of the data processed until the revocation.
5.3 Exercise of rights
If you wish to exercise your rights as a data subject or withdraw your explicit consent, please send a message to firstname.lastname@example.org explaining which right you wish to exercise so that we can take the further steps necessary to exercise your rights. Please note, however, that we may require proof of identity to protect your personal information from unauthorized access or modification.
5.4 Right to lodge a complaint with a supervisory authority
If you believe that the processing of your personal data violates data protection regulations, please let us know your concerns. In such cases, however, you also have the right to lodge a complaint with a supervisory authority (Art. 77 GDPR in conjunction with § 19 BDSG).
Competent supervisory authority:
The Hessian Commissioner for Data Protection and Freedom of Information
Post box 3163
This policy was last updated on 12/06/2023.