Privacy & Security

General note and mandatory information

September 2022

Naming of the responsible body

Responsible according to Art. 4 No. 7 EU Data Protection Basic Regulation (DSGVO) is:
G&H Banking Software AG
Hohenzollerndamm 150
14199 Berlin

You can reach our data protection officer at:
Further contact information can be found in the imprint.

How do we collect your data?

On the one hand, your data is collected by you providing it to us. This can be, for example, data that you transmit to us by e-mail. Other data is collected automatically by our IT system when you visit the website. This is mainly technical data (e.g. Internet browser, operating system or time of page view).

What do we use your data for?

We collect some of the data to ensure error-free provision of the website. Other data may be used to analyze your user behavior. We use data that we collect in the context of a job advertisement in order to be able to carry out the selection process. The data you provide will be processed for the purpose of processing your application and, if an employment relationship is established, also for the purpose of implementing the employment relationship. We process other data for processing inquiries that you send to us, e.g. by e-mail.

What rights do you have regarding your data?

You have the following rights regarding the personal data concerning you:

  • Right to information according to Art. 15 DSGVO
  • Right to rectification according to Art. 16 DSGVO
  • Right to erasure according to Art. 17 DSGVO
  • Right to restriction of processing according to Art. 18 DSGVO
  • Right to data portability according to Art. 20 DSGVO

To assert your rights, please contact us at the above contact details of our data protection officer.

Right of objection

Insofar as we base our data processing on a legitimate interest pursuant to Art. 6 (1) sentence 1 lit. f DSGVO, you have the right to lodge a justified objection to the processing of your personal data in question at any time. If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims (objection pursuant to Art. 21 (1) DSGVO).

If your personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling, insofar as it is related to such direct marketing. If you object, your personal data will subsequently no longer be used for the purpose of direct marketing (objection pursuant to Article 21 (2) DSGVO).

The objection is free of charge and can be made form-free, if possible to the e-mail address

Revocation of your consent to data processing

If data processing is based on your consent, you as the data subject have the right to revoke your consent at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.
You can address your revocation to the contact details above.

Right to submit a complaint to the responsible supervisory authority

You also have the right to submit a complaint to the data protection supervisory authority responsible for us if you believe that we are not processing your personal data lawfully.

The supervisory authority responsible for us is the Berlin Commissioner for Data Protection and Freedom of Information, Friedrichstr. 219, 10969 Berlin. Phone: +49 30 13889-0. E-mail:

Data collection when visiting our website

SSL or TLS encryption

For security reasons and to protect the transmission of confidential content that you send to us as site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.


We have entrusted an external service provider (Strato) with the hosting of our website. The cooperation takes place on the basis of a contract processing agreement pursuant to Art. 28 DSGVO. The service provider has at least potentially the possibility to access personal data. Such access is not intended, but cannot be ruled out in individual cases.

Usage data

When you access and use our website for purely informational purposes, our system automatically collects data and information that your browser transmits to our server (usage data). These are:

  • Pages visited on our domainDate and time of the server request
  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • IP address
  • Amount of data transferred in each case

The data is temporarily stored in the log files of our system. There is no consolidation of this data with other data sources.

The processing of this technically necessary information is done to provide the website and to ensure the security of our information technology systems. In these purposes also lies our legitimate interest in data processing according to Art. 6 para. 1 lit. f DSGVO (legitimate interest).

The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. In the case of storage of the data in log files, this is the case after one month at the latest, insofar as no retention for evidentiary purposes is required. In this case, the data is exempt from deletion in whole or in part until the incident has been clarified.

The collection of data for the provision of the website and the storage of the data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection on the part of the website user.

Website tracking with etracker

To analyze and optimize our website, we use the etracker service of the provider etracker GmbH (Germany). We do not use cookies for web analysis by default.

The data generated with etracker is processed on our behalf by etracker exclusively in Germany. etracker has been independently audited, certified and awarded the ePrivacyseal data protection seal of approval.

Data processing is carried out on the basis of the legal provisions of Art. 6 (1) lit. f DSGVO (legitimate interest). Our legitimate interest is the analysis and optimization of our web presence. The data that possibly allow a reference to an individual person, such as the IP address, login or device identifiers, are anonymized or pseudonymized as soon as possible. No other use, combination with other data or transfer to third parties takes place.

You may object to the aforementioned data processing at any time. The objection has no adverse consequences.

You can find more information about data protection at etracker here.

Storage of data on your device

Our website uses cookies and cookie-like technologies, hereinafter referred to as “cookies”.

Some functions of our website cannot be offered without the use of cookies (technically necessary cookies, essential cookies). The legal basis for the use of technically necessary cookies (“essential”) is Section 25 (2) No. 2 TTDSG. Insofar as personal data is processed with these cookies, the legal basis is our legitimate interest pursuant to Art. 6 para. 1 lit. f) DSGVO. Our legitimate interest is to provide you with our website and offers as well as to set cookies according to your preferences.

In addition, we use cookies that are not technically necessary. The legal basis for the use of these cookies is Section 25 (1) TTDSG. Insofar as personal data is processed with these cookies, the legal basis is your consent pursuant to Art. 6 para. 1 lit. a) DSGVO.

To obtain your consent, we use the cookie consent banner service “Cookiebot” of Usercentrics A/S. For the purpose of obtaining and documenting your consent, Cookiebot in turn sets cookies itself. These are technically necessary according to § 25 para. 2 no. 2 TTDSG, the data processing is based on our legitimate interests for the above purposes according to Art. 6 para. 1 lit. f) DSGVO.

By means of selection via the slider in the cookie consent banner, you can decide for yourself which non-technical cookies you would like to allow. You can revoke your consent at any time. You can do this by making the appropriate settings in the consent banner.


Third party services

Google Ads and conversion tracking

We use the online advertising program “Google Ads” and, as part of Google Ads, conversion tracking. Google conversion tracking is an analysis service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”). When you click on an ad placed by Google, a cookie for conversion tracking is stored on your computer. These cookies lose their validity after 30 days. If you visit certain web pages on our website and the cookie has not yet expired, Google and we can recognize that you clicked on the ad and were redirected to this page. Each Google Ads customer receives a different cookie. Thus, there is no way that cookies can be tracked across Ads customers’ websites. The information obtained using the conversion cookie is used to create conversion statistics for us. This tells us the total number of users who clicked on our ad and were redirected to a page tagged with a conversion tracking tag. However, we do not receive any information with which users can be personally identified.

The legal basis for the processing is your consent pursuant to Section 25 (1) TTDSG in conjunction with. Art. 6 para. 1 lit. a) DSGVO.

The data collected through the use of conversion tracking may also be transmitted to so-called unsafe third countries, in particular to the USA. For these cases, we have concluded an order processing agreement with Google Limited, including standard contractual clauses, in order to legitimize the data transfer pursuant to Art. 46 (2) lit. c) DSGVO.

Further information as well as Google’s privacy policy can be found at:,

Requests by e-mail, telephone or fax

You have the option of contacting us via the e-mail addresses, telephone and fax numbers provided on our website. If you contact us in this way, all resulting personal data will be stored by us for the purpose of processing your request and used to contact you. Your information may be stored in our customer relationship management system (“CRM system”). In this context, the data will not be passed on to third parties. The data will be used exclusively for processing your inquiry.

The legal basis for the processing of the data is Art. 6 para. 1 lit. f) DSGVO (legitimate interests). The data processing serves to protect the legitimate interest for the effective processing of the inquiries directed to us as well as the processing of business relations with our B2B partners.

The data you provide us with will remain with us until you request us to delete it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request)…. Mandatory legal provisions – in particular legal storage obligations – remain unaffected.

You can object to the processing of your data by sending an e-mail to In such a case, communication with you cannot be continued. All personal data stored in the course of contacting you will be deleted in this case, provided that there are no legal retention obligations to the contrary.

Meetings and project work with MS Teams

Online meetings, video conferences and location-independent project work (“digital meetings”) with customers, partners and other external persons are conducted at G&H Bankensoftware AG (“G&H”) using the tool “Microsoft Teams”. Microsoft Teams is a service of Microsoft Ireland Operations Limited:

Microsoft’s privacy policy can be found here.

When using Microsoft Teams, various types of data are processed. The scope of the data also depends on the data you provide before or during participation in a digital meeting. The following personal data is subject to processing:

  • User details: e.g. display name, email address, profile picture.
  • Meeting metadata: e.g., date, time, meeting ID, phone numbers, location.
  • Text, audio and video data: you may have the option of using the chat function in a digital meeting. To this extent, the text entries you make are processed in order to display them in the digital meeting. In order to enable the display of video and the playback of audio, the data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly during the meeting. You can turn off or mute the camera or microphone yourself at any time via the Microsoft Teams applications.
  • As part of project work, it is possible to share project content in various file formats (e.g. Word, PDF) and make it visible to all members of the respective team.
  • There is generally no recording of digital meetings. If we want to record online meetings, we will transparently communicate this to you in advance and ask for your consent. The fact of recording will also be displayed to you in the Teams app or in the web browser view.

Which data is processed by Microsoft Teams in detail for which purpose and with which storage period can be found here.

If the collected data has a personal reference, the processing is based on legitimate interests (Art. 6 para. 1 p. 1 lit. f) DSGVO). Our legitimate interest here is to maintain location-independent communication. Furthermore, the legal basis for data processing when conducting digital meetings is Art. 6 (1) p. 1 lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships with end customers.

The Microsoft Teams provider (and its subcontracted processors) necessarily obtains knowledge of the aforementioned data insofar as this is provided for under our order processing agreement with Microsoft Teams. Here at Microsoft, you can learn more about the provider’s handling of the data. Personal data processed in connection with participation in digital meetings will not be disclosed by us to third parties unless it is intended for disclosure.

As a matter of principle, data processing takes place within the EU. However, we cannot rule out the possibility that personal data may be transferred to the USA and processed there by Microsoft.

In the event that data transfers do occur, we have concluded an order processing agreement with Microsoft Ireland Operations Limited based in Ireland in accordance with Art. 28 DSGVO. In the event that Microsoft Ireland Operations Limited forwards the data received to further service providers based in unsafe third countries (esp. Microsoft Corporation based in the USA), Microsoft Ireland Operations Limited concludes the necessary standard contractual clauses pursuant to Art. 46 para. 2 lit. c) DSGVO with these service providers. These contracts are then considered an appropriate guarantee and thus the legal basis for the data transfer.”

Your data will be processed during the execution of the digital meeting…. The deletion of some data already takes place after the end of the meeting. Details of the user, meeting metadata and content such as meetings, chats, shared files are deleted by Microsoft after 30 days. Any legal retention obligations remain unaffected.

You can object to the processing of your data by sending an e-mail to In such a case, communication with you cannot be continued. All personal data stored in the course of contacting you will be deleted in this case, provided that there are no legal retention obligations to the contrary.

Information for applicants

Here we inform you about how we process your personal data when you apply for a position advertised by us or on your own initiative. You provide us with your personal data voluntarily as part of the application process. However, the provision of personal data is necessary for the processing of your application or the conclusion of a contract for employment with us. This means that if you do not provide us with personal data when applying, we cannot enter into an employment relationship with you.

We process all data that you provide to us through your application, e.g. contact data, cover letter, resume, references. In addition, we also process all other data related to your application (e.g. correspondence or notes in the context of job interviews). If you provide us with them, we may also process special categories of personal data (e.g. health data). We may also obtain the above data about you from other sources. This may be the case if we involve temporary employment agencies, recruitment agencies or employment agencies in the application process. You have provided your data there yourself. If applicable, we also obtain data from professional networks (e.g. XING, LinkedIn), provided you have made them public there.

We process your personal data in order to be able to carry out the selection process. The data you provide will be processed for the purpose of processing your application and, if an employment relationship is established, also for the purpose of implementing the employment relationship. For this purpose, your data will be processed internally by the HR department and, if necessary, transmitted to involved persons (e.g. department heads). For the administration of applications and personnel data we use the software “Personio” of Personio GmbH & Co. KG. Personio potentially has access to the data processed in the system and therefore acts as an order processor for us and is thus subject to our instructions. A corresponding contract for order processing has been concluded.

The legal basis for this is Art. 88 DSGVO in conjunction with. § Section 26 (1) BDSG and, in the event that special categories of personal data are processed, Section 22 (1) b BDSG. Furthermore, we may process personal data about you insofar as this is necessary to defend asserted legal claims against us arising from the application process. The legal basis for this is Art. 6 para. 1 lit. f) DSGVO (legitimate interest). The legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

We store your personal data for as long as this is necessary for the decision on your application. If an employment relationship between you and us is not established, your data will be deleted after six months following the end of the application process. If you assert legal claims against us, the data will be retained for the purpose of providing evidence beyond the six months until the matter has been concluded.

If no employment relationship is established, but you have given us permission to continue storing your data (“applicant pool”), we will store your data until you revoke your permission, but for no longer than 12 months.

If an employment relationship is established between you and us, we may further process the personal data already received from you for the purposes of the employment relationship in accordance with Section 26 (1) BDSG.