The G+D logo on blue background

Privacy Policy

Giesecke+Devrient GmbH Privacy Policy

Giesecke+Devrient GmbH, Prinzregentenstr. 161, 81677 Munich, Germany (“G+D”, “we” or “us”) would like to welcome you on its website located at Your privacy and the protection of your personal data are of utmost importance to us. Therefore, this Privacy Policy explains how we safeguard your privacy when you share your personal information with us via the website. If you are located outside the European Union or European Economic Area, the access to and use of the website by you implies your full acceptance with the Privacy Policy, as far as legally required due to laws applicable to your location.

Contact details of the Group Data Privacy Officers

Giesecke+Devrient GmbH
Group Data Privacy Officer
Prinzregentenstraße 161
81677 Munich

Personal Data

“Personal data” is any information that can identify or make an individual identifiable. This includes, for example, your first and last name, title, company, postal address, email address, telephone number, mobile number, username and password, and any information you may provide in free text fields or in other messages you send to us.

Processing of Personal Data

We process your personal data for the following purposes depending on the nature of your interaction with our Website: We may respond to your inquiries for customer relationship management purposes, send you newsletters or other marketing materials if you have consented accordingly, or customize our website as explained in our Cookie Policy. In case you have provided your marketing consent for the benefit of another Giesecke+Devrient Group company, this Privacy Policy applies accordingly in this respect.

When you download software that we offer, we may also collect information required for authentication purposes. When you register for a congress or an event, we will collect information required for your admittance to and organization of such events. Furthermore, your browser transmits your IP address automatically when you are visiting our Website. We will use your personal data only to the extent necessary for the purpose for which it was collected and will retain it for these purposes or as required by applicable law and then delete it. As far as possible, we will attempt to use only anonymous information or pseudonyms if the use of personal data is not required. Any personal data collected may be stored in a data filling system for which G+D is the data controller.

Data Transfer to Third Parties

Your personal data is not shared with any third parties unless you have consented to such transfer or this is permitted by applicable law, for example, where this is required for the performance of a contract with you. In case of an inquiry by you which relates to subsidiaries of the G+D Group (“Group Companies”) residing in other countries, this inquiry along with the information required to respond to you will be forwarded to the relevant Group Company. Such Group Companies may be located outside your country of residence, including countries outside the European Union (“EU”) or European Economic Area (“EEA”). You can view a list of the Group Companies at the end of this page.

In addition, we may use service providers located in countries outside the EU or EEA, who act as data processors on our behalf. Please note that G+D has taken appropriate measures with all its Group Companies in order to secure an adequate level of data protection in line with the applicable requirements. In particular, the transfer of personal data among group companies is subject to binding data protection regulations pursuant to Article 47 GDPR (Binding Corporate Rules). Further information on this can be found here.

(Re)Marketing Services by Google

(Re)Marketing services (“marketing services”) is a service provided by Google. Marketing services allow us to display more targeted advertising to potentially interested parties. When users are shown advertisements for products in which they have already shown interest, this is referred to as remarketing. This is made possible through the use of (re)marketing tags when you access our website, and other websites on which marketing services are active. These tags create cookies, if you have given us your consent, which are text files that are stored on your end device and which allow your use of the website to be analyzed.

Your data will be processed in connection with marketing services in pseudonymized form. From the perspective of Google, advertisements are therefore not delivered to a specific person, but rather to specific – anonymized – cookie-holders. This is not the case if you, as a user, agree anything to the contrary and have given Google your consent accordingly. Otherwise, all data will be transmitted to Google’s servers in the USA in an anonymized form and manner, and stored there.

We use the “Google Ads” advertising application (formerly Google AdWords) in connection with marketing services. Google Ads generates what are known as conversion cookies for Ads customers. Our Cookie Policy provides further details on the individual cookies used in this respect.

Google Maps

Google Maps is a Google service that allows enables us to display interactive maps on our website. The legal basis for using Google Maps is point (f) of Article 6(1) GDPR. We use Google Maps to allow enable visitors to find our companies easily, including any locations mentioned on our website (e.g., for events, trade shows, etc.). This constitutes our legitimate interest in accordance with point (f) of Article 6(1) GDPR.
If you visit our website, in which contains there is an embedded map from Google Maps, you consent to the following personal data being shared with Google: Your IP address, time and date of access request, subpages visited, the browser used to access the site and its version, your operating system, and other data contained specified in the Google Privacy Policy. Please see the link below for more information.
If you are also logged in to your Google user account at the same time as visiting our website, these data will be associated with your Google account. If you do not wish this to take place, you have tomust log out of your Google user account before visiting the subpages in question. Google may use the data for marketing, market research, and personalized advertising. 

LinkedIn Insight Tag

We also use the LinkedIn Insight Tag in our online content, on the basis of our legitimate interests with regard to the analysis, optimization and economic operation of our online content and for the purposes of same. The LinkedIn Insight Tag is a piece of lightweight JavaScript code that we add to our website to allow for in-depth campaign reporting and in order to access valuable information about our users. This allows us to track conversions, retarget visitors to our website and view additional information about our ads. The LinkedIn Insight Tag makes it possible to collect data about visits to our website including URL, referrer URL, IP address, device and browser properties, time stamp and pages accessed. These data are encrypted and anonymized within seven days, and the anonymized data are deleted within 90 days. This allows us to track the actions of users after they have seen or clicked on a Linkedin ad.

However, these data are stored and processed by LinkedIn. We will provide you with information about this to the best of our knowledge. LinkedIn can associate these data with your LinkedIn account and may also use them for its own advertising purposes in accordance with the LinkedIn Privacy Policy. LinkedIn members can control the use of their personal data for advertising purposes in their account settings.

You can prevent the collection of your data via the LinkedIn tag by clicking the link below. This will allow you to install an opt-out cookie which prevents your data from being collected when you visit this website in the future. [Install opt-out cookie].


Cookies are small text files that websites save onto your computer via your web browser. Cookies serve different purposes. Please refer to our Cookie Policy for further details on how we use cookies and how to opt out.

Children's Privacy

G+D recognises the need to adequately protect the privacy of children and/or users who are under the age of 18 (“minors”). Our website is not intended for minors. G+D does not target its website to minors and does not knowingly collect personal data from minors without parental or guardian consent.


G+D uses technical and organizational security measures, in particular access, availability and input controls including encryption methods and means of protection of media utilizing personal data, as well as the assignment of qualified personnel which is responsible for the security of personal data, to ensure that the personal data you provide cannot be undermined by unauthorised, accidental or deliberate manipulation, damage, loss, deletion, or unauthorized access, processing or disclosure. Our security measures are continually upgraded and adjusted in line with the current state of knowledge. Due to the nature of the Internet, a transmission of information may be not always be completely secure. Hence, we cannot ensure the security of your personal data during a transfer over the internet to our website. Once we have received your personal data, however, we will use the appropriate technical and organizational measures to protect your personal data.

Links to other websites

Our website may contain links to other websites which are not owned or operated by G+D. G+D has no control over and is neither responsible for the content nor for privacy practices of such websites. Please note the privacy policy and terms of use on the respective websites.

Social Media

If you wish, you may follow us on Facebook and other third-party social media platforms (e.g. LinkedIn, Twitter). Should you choose to do so, we will process the respective personal data you provide us with, or which the respective platform operator provides us with in relation to you. Pursuant to Article 26 GDPR, we and the platform operator are joint controllers with regard to these personal data. You can control your own privacy settings within the framework of the social media platform.

Our processing of your personal data in connection with our social media content is based on our legitimate interests in accordance with Article 6(1) point f of the GDPR. For technical reasons, we need to process certain personal data in order to provide our social media content (e.g. IP address; personal data you have provided to the respective platform operator or to us).

We use service providers to provide our social media content. The data transmitted to us in connection with our social media content are also automatically transmitted to the respective social media platform operator.

Contact Possibility, Data Protection Rights

If you have any questions, comments or complaints about this Privacy Policy please refer to us. Our contact information can be found above in this Privacy Policy. We will aim to respond to you as soon as possible, however, if your inquiry requires more detailed consideration, we will acknowledge receipt of your complaint and we may ask you to provide further information about your inquiry and the outcome you are seeking. If you are required to duly sign your request and sent it to us due to the laws applicable to your location, we will inform you accordingly.

Irrespective of this, you are entitled to the following rights in accordance with the applicable data protection law and if the legal requirements are met:

  • Right of access to your personal data stored by us (Article 15 GDPR);
  • Right to rectification of inaccurate or incomplete personal data concerning you stored by us (Article 16 GDPR);
  • Right to erasure of your personal data stored by us, e.g. if there is no longer a legitimate business purpose for processing in accordance with applicable law and statutory storage obligations do not require further storage (Article 17 GDPR);
  • Right to restriction of processing if the accuracy of the personal data is contested by you or the processing is unlawful (Article 18 GDPR);
  • Right to data portability, i.e. the right to receive the personal data concerning you, which you have provided us with in a structured, commonly used and machine-readable format (Article 20 GDPR);
  • Right to withdraw granted consent (Article 7 GDPR);
  • Right to object to the processing of your personal data insofar as such processing is carried out based on point (e) or (f) of Article 6(1) GDPR (Article 21 GDPR);
  • Right to lodge a complaint with a supervisory authority (Article 77 GDPR); a list of the data protection authorities in Germany can be found under the following link:

The supervisory authority responsible for G+D headquarters in Munich is the State Office for Data Protection Supervision in Bavaria (

You can contact us at any time to enforce your privacy rights. In addition, we would like to inform you that G+D has implemented a whistleblowing tool (BKMS system) which is available 24/7 worldwide to enable all G+D employees and others to report potential compliance violations. The tool can be accessed via the following link:

List of privacy contacts by country

Transparency Information in accordance with the GDPR

Summary of Giesecke+Devrient Group’s Binding Corporate Rules

Flyer Binding Corporate Rules (BCR)

Statement of Principles on Corporate Data Privacy

Additional information on video surveillance

Changes to this Privacy Policy

We reserve the right to amend or update this Privacy Policy at any time in order to reflect our then current handling of personal data. Any such amendments or updates will be posted on this site.

Last update: Version 1.5. vom 03. Dezember 2019

Effective date: May 22, 2018