Data protection declaration
A. General data processing conditions on our website
1. Object of this data protection declaration
We, OBO Bettermann Holding GmbH & Co. KG (hereinafter referred to as OBO), thank you for your interest in our website and our offers on our website.
For us, the protection of personal data is a major and important issue. For this reason, we would like to provide you with comprehensive information as to which data is collected when you visit our websites and use the offers there and how we then process or use it. In addition, we would like to inform you about which accompanying protection measures we have made in a technical and organisational regard.
The processing of personal data, such as the name, address, e-mail address or telephone number of an affected person, will always occur in accordance with the valid data protection regulations. Through this data protection declaration, we wish to inform you about the type, scope and purpose of the personal data we collect, use and process, and explain them to you, if you are affected by the data processing.
Although, as the party responsible for the processing of personal data, we have implemented countless technical and organisational measures, Internet-based data transmission can always present security flaws, meaning that absolute protection cannot be guaranteed. We would ask you to take this into account when using our Internet presence.
2. Definitions
This data protection declaration uses terms specified by lawmakers in the General Data Protection Regulations (hereinafter known as the GDPR). You can view the GDPR via the following link:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
The aim of our data protection declaration is to inform you about the processing of your personal data on our website in a simple, clear manner.
3. Name and address of the party responsible for processing
The responsible party in the sense of data protection law is:
OBO Bettermann Holding GmbH & Co. KG
Hüingser Ring 52
58710 Menden,
Germany
Telephone: +49 (0)2373 89-0
Fax: +49 (0)2373 89-238
E-mail: infonoSpam@obo.de
4. Contact data of the data protection officer
OBO Bettermann Holding GmbH & Co. KG
- Data Protection Officer -
Hüingser Ring 52
58710 Menden
Germany
Tel.: +49 (0)2373 89-1351
E-mail: datenschutznoSpam@obo.de
5. Deletion and blocking of personal data/storage period
Should nothing to the contrary be regulated for the processing of the personal data in Chapter B of this data protection declaration, then the data we have saved is deleted when storage is no longer required and no statutory storage obligations contradict the deletion. If the data of the affected person is not deleted because it is required for other legally permitted purposes, its processing will be restricted. This means that the data will be blocked and not used for other purposes. This applies, for example, to data of the affected person, which must be stored for commercial and taxation law reasons.
According to statutory requirements, storage takes place for six years according to § 257 Para. 1 of the German Commercial Code (account books, inventory, opening balances, annual reports, trade letters, booking receipts, etc.) as well as for ten years according to § 147 Para. 1 of the German Revenue Code (books, recordings, storage reports, booking receipts, commercial and business laws, etc.).
6. Rights of the affected person
6.1. Right to confirmation
Each affected person shall have the right to demand a confirmation from the party responsible for processing as to whether their personal data is being processed. Should an affected person make use of this right of confirmation, they can then contact us or our Data Protection Officer at any time.
6.2. Right to be informed
Each person affected by the processing of personal data shall have the right, at any time, to obtain information on the personal data saved on their person at no charge and to obtain a copy of this information. In addition, the affected person shall be able to obtain information about the following:
- The processing purposes;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom personal data has been or is being published, in particular with recipients in third countries or with international organisations;
- If possible, the planned period for which the personal data is saved or ‒ if this is not possible ‒ the criteria for specifying this period;
- The existence of a right to correction or deletion of the personal data affecting them or to limitation of processing by the responsible party or a right of revocation against this processing;
- The existence of a right to complain to a supervisory authority;
- If the personal data is not collected from the affected person: All the available information on the origin of the data;
- The existence of automated decision-making, including profiling according to Article 22 Para. 1 and 4 of the GDPR and ‒ at least in these cases ‒ expressive information on the involved logic and the scope and intended effects of such processing for the affected person.
In addition, the affected person shall have a right to information as to whether personal data was transmitted to a third country or an international organisation. If this is the case, then the affected person shall also have the right to obtain information on the suitable guarantees in conjunction with the transmission.
Should an affected person make use of this right to information, then they can contact us or our Data Protection Officer at any time.
6.3 Right to rectification
Any person affected by the processing of personal data shall have the right to demand immediate correction of incorrect personal data affecting them. In addition, the affected person shall have the right, subject to the purposes of the processing, to completion of incomplete personal data through a supplementary declaration.
Should an affected person make use of this right to correction, then they can contact us or our Data Protection Officer at any time.
6.4 Right to erasure
Each person affected by the processing of personal data shall have the right to demand that the responsible party delete personal data affecting them immediately, should one of the following reasons be applicable and processing not be required:
- The personal data was only collected for such purposes or was processed in such a way for which it is no longer required.
- The affected person shall revoke their permission on which processing is based according to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a of the GDPR and there is no other legal basis for processing.
- The affected person objects to the processing according to Art. 21 Para. 1 of the GDPR and there are no superior, valid reasons for the processing or the affected person objects to the processing in accordance with Art. 21 Para. 2 of the GDPR.
- The personal data was processed illegally.
- The deletion of the personal data is required to fulfil a legal obligation according to the law of the European Union or the member states, to which the responsible party is subject.
- The personal data was collected with reference to offered services of the information society in accordance with Art. 8 Para. 1 of the GDPR.
Should one of the above cases be applicable and an affected person wish to instigate the deletion of personal data saved at OBO, then they can contact our Data Protection Officer or another employee at any time. We will then ensure that the deletion demand is met immediately.
6.5 Right to restriction of processing
Each person affected by the processing of personal data shall have the right to demand that the responsible party restrict processing, should one of the following preconditions be applicable:
- The affected person asserts the incorrectness of the personal data for a period allowing the responsible party to check the correctness of the personal data.
- The processing is improper, the affected person refuses the deletion of the personal data and, instead, demands the limitation of the use of the personal data.
- The responsible party no longer requires the personal data for the purposes of processing, although the affected person requires them to make, assert or defend legal claims.
- The affected person has revoked processing according to Art. 21 Para. 1 of the GDPR and it is not yet clear whether the valid reasons of the responsible party outweigh those of the affected person.
Should one of the above cases occur and an affected person wish to demand the limitation of personal data saved at OBO, then they can contact us or our Data Protection Officer at any time. We will then limit processing.
6.6 Right to data portability
Each person affected by the processing of personal data shall have the right to demand to obtain the personal data provided to the responsible party by the affected person in a structured, standard and machine-readable format. In addition, the affected person has the right to transfer this data to another responsible party without hindrance from the responsible party to whom the personal data was made available, insofar as the processing is based on an authorisation according to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a of the GDPR or a contract according to Art. 6 Para. 1 Letter b of the GDPR and processing takes place using automated methods.
In addition, the affected person will have the right to exert their right to data transfer according to Art. 20 Para. 1 of the GDPR to cause the personal data to be transferred from one responsible party to another responsible party, providing that this is technically feasible and no rights and freedoms of other people are impeded in doing so.
To exert their right to data transfer, the affected person can contact us or our Data Protection Officer at any time.
6.7 Right to object
Any person affected by the processing of personal data shall have the right to object to the processing of personal data affecting them due to Art. 6 Para. 1 Letter e or f of the GDPR, for reasons resulting from their particular situation. This also applies to profiling based on these conditions.
In the case of an objection, OBO will cease to process the personal data unless we can prove essential, legitimate reasons for processing, which are superior to the interests, rights and freedoms of the affected person, or the processing serves to make, exert or defend legal claims.
If OBO processes personal data in order to perform direct marketing, then the affected person has the right, at any time, to object to the processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is connected to such direct marketing. Should the affected person make their objection known to us regarding processing for the purposes of direct marketing, then we will no longer process the personal data for these purposes.
In addition, the affected person has the right to object, for reasons resulting from their particular situation, to processing of personal data connected to them for purposes of scientific or historical research by us or for statistical purposes in accordance with Art. 89 Para. 1 of the GDPR, unless such processing is required to fulfil a task in the public interest.
The affected person can contact us directly to exert their right to object. In addition, the affected person is also able, in connection with the use of the services of the information society, irrespective of the Directive 2002/58/EC, to exert their right to object via automated methods in which technical specifications are used.
6.8 Automated individual decision-making, including profiling
Each person affected by the processing of personal data has the right, as declared by the European Directive and Ordinance authority, not to be subjected to a decision solely made by an automated procedure ‒ including possible profiling ‒ which has a legal impact on them or which impedes them in a similar manner, should the decision
- Not be required to complete or fulfil a contract between the affected person and the responsible party or
- Be permitted due to legal requirements of the European Union or member states to which the responsible party is subject, and these legal requirements contain reasonable measures to protect the rights, freedoms and valid interests of the affected person or
- Occur with the express authorisation of the affected person.
If the decision
- Is required to complete or fulfil a contract between the affected person and the responsible party or
- Takes place with the express permission of the affected person, OBO will take appropriate measures to protect the rights and freedoms and the valid interests of the affected person, which includes at least the right to obtain intervention by a person belonging to the responsible party, to presentation of one’s own opinion and to challenge to the decision.
Should an affected person wish to exert their rights with regards to the automated decision-making, then they can contact us or our Data Protection Officer at any time.
6.9 Right to revoke consent under data protection law
Any person affected by the processing of personal data shall have the right to revoke an authorisation to process personal data affecting them at any time.
Should the affected person wish to exert their right to revoke an authorisation, then they can contact us or our Data Protection Officer at any time.
Each affected person can contact us directly and at any time with regard to any questions and suggestions about data protection.
6.10 Right to lodge a complaint with a data protection supervisory authority
Any person affected by the processing of personal data shall have the right to complain to a data protection supervisory authority about our processing of their personal data.
7. Lawful basis for processing personal data
If the description of the appropriate data processing procedure in Chapter B of this data protection declaration does not state otherwise, then the following regulations shall apply.
Art. 6 I lit. a of the GDPR serves OBO as a legal basis for processing procedures, in which an authorisation must be obtained for a specific processing purpose. If the processing of personal data by ourselves or one of our subsidiaries – whose services and/or products are referenced by the enquiry – is required to fulfil a contract in which the affected person is one of the contractual parties, then the processing shall be based on Art. 6 I lit. b of the GDPR. The same applies to processing procedures required to carry out pre-contractual measures, such as enquiries about our services and products.
If OBO is subject to a legal obligation requiring the processing of personal data, then processing will be based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data may be required to protect essential interests of the affected person or another natural person. In this case, processing takes place based on Art. 6 I lit. d of the GDPR.
Finally, processing procedures may be based on Art. 6 I lit. f of the GDPR. This forms the legal basis of processing operations not included in any of the above legal bases, if the processing is required to protect a valid interest of OBO or a third party, provided that the interests, basic rights and basic freedoms of the affected person do not outweigh this. We are particularly permitted to perform such processing operations, because they were particularly mentioned by the European jurisdiction (cf. Recital 47 Clause 2 of the GDPR).
8. Consideration of legitimate interests
If, in the description of the appropriate data processing operation in Chapter B of this data protection declaration, there are no other stipulations and the processing of personal data is based on Article 6 I lit. f of the GDPR, then our valid interest lies in the execution of our business activity and the connected economic interest.
9. Data protection when using our contact data/option to revoke
If you have used the contact data stated on our website (e.g. our e-mail address or fax number) to make contact with us, then the personal data transmitted by you will only be used for the purpose intended on making contact. If your enquiry does not refer to services and/or products of OBO Bettermann Holding GmbH & Co. KG (OBO), but to those of a subsidiary, this subsidiary will process and answer your enquiry, which is why it must be passed on to them.
If the reason for your making contact is in the interest in our services or products or in the fulfillment of an existing contract with us, then the legal basis is Art. 6 Para. 1 lit. b of the GDPR. In all other cases when contact is made, we have a valid interest in data processing according to Art. 6 Para. 1 lit. f of the GDPR due to the communication initiated by you.
The personal data recorded to answer your enquiry or to carry out the contractual relationship shall be stored until the enquiry is completely processed or until termination of the contractual relationship and later deleted (not before expiry of any guarantee periods), unless we are required to store the data longer in accordance with Article 6 Para. 1 s. 1 lit. c of the GDPR due to storage and documentation duties (from the German Commercial Code, tax and revenue code) or you have approved longer storage in accordance with Art. 6 Para. 1 S. 1 lit. a of the GDPR.
In addition, we would like to maintain contact with you even after the order is processed or the contract is ended and inform you of our services and offers in electronic form ‒ e.g. via the e-mail address you gave us. We base data processing for the purposes of customer retention and care, as well as making contact easier, on a legitimate interest as defined by Art. 6 Para. 1 lit. f of the GDPR, whereby in balancing our interests with your basic rights and freedoms, we also see advantages for you from our maintaining contact, such as the opportunity resulting from timely information about our services and offers to ask us to make an offer on additional building projects or clarify questions directly with our contact partners. You have the right to challenge the data processing occurring on the basis of Art. 6 Para. 1 f of the GDPR and which is not for direct marketing for reasons resulting from your particular situation at any time. In the case of direct marketing, you can challenge the processing at any time without the need to state reasons.
Data that is processed for customer retention or direct contact in accordance with Art. 6 Para. 1 lit f of the GDPR will be processed until the legitimate interest no longer applies and then deleted, but not later than your declaration of objection to processing of the data. Legal retention obligations are also granted with regard to this data.
Recipients of the personal data processed according to this regulation are IT service providers with whom we have appropriate order processing agreements according to Art. 28 of the GDPR, and possibly subsidiaries whose services and/or products are referred to in your enquiry.
10. Data protection during applications and during the application procedure
We collect and process the personal data of applicants for the purposes of carrying out the application procedure and thus due to a pre-contract measure in the sense of Art. 6 Para. 1 lit. b of the GDPR and our valid interest according to Art. 6 Para. 1 lit. f of the GDPR in the hiring of employees.
Processing can also occur in an electronic manner, e.g. if an applicant transfers the appropriate application documents to us via electronic means, e.g. via e-mail or via our contact form. Should we complete an employment contract with an applicant, then the transferred data will be saved for the purposes of handling the employment relationship, subject to statutory requirements. If no employment contract is completed with the party responsible for the processing, then the application documents will be deleted two months after promulgation of the refusal decision, unless deletion is in contravention of other valid interests of the party responsible for the processing. In this area, another valid interest is, for example, the obligation to proof of a procedure according to the General Equal Treatment Act (AGG).
Due to the digitalised collection of the incoming applications, recipients of the processed personal data are our IT service provider (particularly hosts) with whom we have completed appropriate order processing agreements in the sense of Art.28 of the GDPR.
11. Changes to these data protection regulations
OBO reserves the right to change these data protection regulations at any time to be effective in future. A current version is available on the website. Please visit the website regularly and inform yourself about the valid data protection regulations.
B. Special data processing conditions on our website
1. Collection and use of your data
The scope and type of the collection and use of your data differs according to whether you visit our website merely to view information or whether you wish to take advantage of the services we offer, e.g. to complete a contract via the website, and possibly need to register.
2. Information use / collected data / cookies
(1) General information
Cookies cannot execute any programs or transmit viruses to your computer. They are used to make the Internet presence more user-friendly and effective overall.
Our website uses the following types of cookies, whose scope and function are explained below:
- Transient cookies
- Persistent cookies
Transient cookies are deleted automatically when you close the browser. This includes session cookies in particular. These save a so-called Session ID, with which various enquiries by your browser can be assigned to a joint session. This means that your computer can be recognised again when you return to our website. The session cookies are deleted automatically when you log out or close the browser.
Persistent cookies are deleted automatically after a preset period, which differs according to the cookie and can last several years. You can delete the cookies at any time in the security settings of your browser.
(2) Cookies that are absolutely necessary for the operation of the website.
When the website is used solely for information purposes, e.g. if you do not make a booking via our website, for example, or provide us with other information, then we will only collect the personal data that your browser sends to our server. If you wish to view our website, then we collect the following data, which we require for technical reasons in order to present our website to you and to guarantee the stability and security (the legal basis is Art. 6 Para. 1 Sentence 1 lit. f of the GDPR):
- IP address
- Language and version of the browser software.
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/http status code
- Transmitted volume of data
- Website from which the request comes
- Browser
- Operating system and its desktop
The data processed according to Para. 1 of these regulations is saved for the specified purposes for a period of 30 days and then deleted.
(3) Cookies that are not absolutely necessary for the operation of the website.
We only use cookies that are not absolutely necessary for the operation of the website with your express consent. We use the consent tool from Usercentrics GmbH for this purpose. In this context, OBO transmits the personal data (consent data) to Usercentrics GmbH, Sendlingerstr. 7, 80331 Munich, Germany. This takes place within the framework of order processing in accordance with Article 28 of the GDPR. Consent data refers to the following data: date and time of the visit or consent/refusal to consent, device information, anonymised IP address. Data is processed for the purpose of complying with legal obligations (obligation to provide proof according to Art. 7 Para. 1. of the GDPR) and the associated documentation of consents, and therefore on the basis of Art. 6 Para. 1 lit. c of the GDPR. Local storage is used for saving the data.
The consent data is stored for 3 years. The data is stored in the European Union. Additional information on the collected data and contact details can be found at https://usercentrics.com/privacy-policy/
3. Plug-ins and tools
3.1 fonts.com
This is a web typeface service.
Processing company
Monotype Imaging Holdings Inc.
600 Unicorn Park Drive, Woburn, Massachusetts 01801, United States of America
Data processing purposes
This list shows the purposes of data collection and processing. Approval is only valid for the stated purposes. The collected data cannot be used or saved for any purpose other than that listed below.
- Provision of web typefaces
Used technologies
- Cookies
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- IP address
- Browser information
- Referrer URL
- Customer ID
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 s. 1 lit. of the GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The collected user data is saved for up to 30 days from the collection date.
Data recipient
- Monotype Imaging Holdings Inc.
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
Click here to read the data protection regulations of the data processor https://www.monotype.com/legal/privacy-policy
Storage Information
Below, you can see the longest potential duration for storage on a device, as set when using the cookie method of storage and if there are any other methods used.
- Maximum age of cookie storage: -
- Non-cookie storage: No
3.2 Usercentrics Consent Management Platform
This is a consent management service.
Processing company
Usercentrics GmbH
Sendlinger Str. 7, 80331 Munich, Germany
Data processing purposes
This list shows the purposes of data collection and processing. Approval is only valid for the stated purposes. The collected data cannot be used or saved for any purpose other than that listed below.
- Compliance with statutory obligations
- Storage of the consent
Used technologies
- Local storage
- Enable cookies
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Device information
- Browser information
- Anonymised IP address
- Opt-in and opt-out data
- Date and time of the visit
- Request URLs of the website
- Page path of the website
- Geographical location
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 s. 1 lit. c GDPR
Place of processing
European Union (consent database is located in Belgium)
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The consent data (issued consent and revocation of the consent) is stored for three years. A data export occurs after the contract is terminated.
Data recipient
- Usercentrics GmbH
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
datenschutznoSpam@usercentrics.com
Click here to read the data protection regulations of the data processor https://usercentrics.com/privacy-policy/
Storage information
Below, you can see the longest potential duration for storage on a device, as set when using the cookie method of storage and if there are any other methods used.
- Maximum age of cookie storage: -
- Non-cookie storage: No
3.3 Google Tag Manager
This is a tag management system to manage JavaScript and HTML code snippets, using which tracking, analysis, personalisation and marketing performance tags and tools can be implemented.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Functionality
Used technologies
- Pixel
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Aggregated data on tag triggering
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
United States of America
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted 14 days after being recalled.
Data recipient
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor https://policies.google.com/privacy?hl=en
Click here to refuse on all domains of the processing company https://safety.google/privacy/privacy-controls/
Click here to read the cookie directive of the data processor https://www.google.com/intl/de/tagmanager/use-policy.htm
3.4 reCAPTCHA
This is a service that checks whether data entered on a site was entered by a person or by an automated program.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Tracking
- Bot protection
Used technologies
- Cookies
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Browser language
- Browser plugins
- Click path
- Date and time of the visit
- IP address
- User behaviour
- Time spent on a page
- User input
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. f GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted as soon as it is no longer required for processing.
Data recipient
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor https://policies.google.com/privacy?hl=en
Click here to refuse on all domains of the processing company https://safety.google/privacy/privacy-controls/
Click here to read the cookie directive of the data processor https://policies.google.com/technologies/cookies?hl=en
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 19 years, 4 days
This service uses various means to store information on the device of a user, as listed below.
- DIE Is used to register and signal the actions of a user on the website for advertising purposes. Duration: 1 year Type: Cookie Domain: doubleclick.net
- 1P_JAR This cookie contains information on how the end user uses the website and about advertising that the end user may possibly have seen before visiting this website. Duration: 1 month Type: Cookie Domain: google.com
- ANID Used for advertising purposes. Duration: 9 months Type: Cookie Domain: google.com
- CONSENT This cookie contains information on how the end user uses the website and about advertising that the end user may possibly have seen before visiting this website. Duration: 19 years, 4 days Type: Cookie
- NID Used by Google to adapt advertising to your Google search. Duration: 6 months Type: Cookie Domain: google.com
- DV Used by Google Analytics for personalised advertising. Duration: 10 minutes Type: Cookie Domain: google.com
3.5 DoubleClick Ad
This is an advertising service. This service makes it possible to provide relevant advertising for users and to recall campaign reports.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Advertising
- Analysis
- Optimisation
Used technologies
- Cookies
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Browser information
- Click path
- Cookie information
- Date and time of the visit
- Demographic data
- Device code
- Location information
- Hardware/software type
- Internet service provider
- IP address
- Frequency with which the advertising is seen
- Provider domains
- Interaction data
- Views of the page
- Search history
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted as soon as it is no longer required for the processing purposes.
Data recipient
- Google Ireland Limited
- Google LLC
- Alphabet Inc.
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=en
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
United States of America
Click here to read the data protection regulations of the data processor https://policies.google.com/privacy?hl=en
Click here to read the cookie directive of the data processor https://policies.google.com/technologies/cookies?hl=en
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 1 year
This service uses various means to store information on the device of a user, as listed below.
- test_cookie Test the browser setting authorisations in the browser of the user, Duration: 1 day, Type: Cookie, Domain: doubleclick.net
- IDE Contains a randomly generated User ID. Google can use this ID to detect the user on various websites in different domains and display personalised advertising. Duration: 1 year, Type: Cookie, Domain: doubleclick.net
3.6 gstatic.com
This is a domain used by Google to load static contents into a different domain name, in order to reduce bandwidth use and increase the network performance for the end user.
Processing company
Alphabet Inc.
1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, United States of America
Data processing purposes
This list shows the purposes of data collection and processing.
- Reduction of bandwidth use
- Increased network performance
Used technologies
- JavaScript
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Images
- CSS
- JavaScript Code
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 s. 1 lit. f GDPR
Place of processing
United States of America
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
Requirements for CSS assets are stored temporarily for 1 day. Type files are stored for one year. Some information remains intact until it is removed by the user. Other information remains intact, even after a certain period of time has elapsed.
Data recipient
- Alphabet Inc.
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor http://www.google.com/intl/de/policies/privacy/
Click here to refuse on all domains of the processing company https://safety.google/privacy/privacy-controls/
Click here to read the cookie directive of the data processor https://policies.google.com/technologies/cookies?hl=en
3.7 Google Analytics
This is a web analysis service.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Analysis
Used technologies
- Cookies
- Pixel
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- App udates
- Browser information
- Click path
- Date and time of the visit
- Device information
- Downloads
- Flash version
- Location information
- IP address
- JavaScript support
- Visited pages
- Purchasing activity
- Referrer URL
- Use data
- Widget interactions
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The storage period is dependent on the type of data saved. Each customer can specify for how long Google Analytics stores data before it is deleted automatically.
Data recipient
- Alphabet Inc., Google LLC, Google Ireland Limited
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor https://policies.google.com/privacy?hl=en
Click here to refuse on all domains of the processing company https://tools.google.com/dlpage/gaoptout?hl=en
Click here to read the cookie directive of the data processor https://policies.google.com/technologies/cookies?hl=en
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 2 years
This service uses various means to store information on the device of a user, as listed below.
- _ga This is used to differentiate between users. Duration: 2 years,Type: Cookie
- _gid This is used to differentiate between users. Duration: 1 day, Type: Cookie
- _gat This is used to regulate the request rate. Duration: 1 minute, Type: Cookie
- _dc_gtm_xxx This is used to differentiate between users. Duration: 1 minute, Type: Cookie
- _gat_gtag_xxx This is used to differentiate between users. Duration: 1 minute, Type: Cookie
- _gac_xx This contains information on which advert was clicked. Duration: 2 months, 29 days Type: Cookie
- DIE Google can use this ID to recognise the user on various websites and domains and display personalised advertising. Duration: 1 year, Type: Cookie
3.8 Facebook Pixel
This is a track technology offered by Facebook and used by other Facebook services, such as Facebook Customer Audiences.
Processing company
Facebook Ireland Limited
4 Grand Canal Square, Grand Canal Harbour, Dublin, D02, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Advertising
- Analysis
- Marketing
- Retargeting
- Tracking
Used technologies
- Cookies
- Pixel
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- View advertising
- Browser information
- Viewed contents
- Device information
- Geographical location
- Interaction with advertising, services and products
- IP address
- Marketing information
- Non-confidential user-defined data
- Pixel ID
- Referrer URL
- Success of marketing campaigns
- Use data
- User behaviour
- Facebook user ID
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted as soon as it is no longer required for the processing purposes.
Data recipient
- Facebook Inc.
- Facebook Ireland Limited
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://www.facebook.com/help/contact/540977946302970
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor https://www.facebook.com/privacy/explanation
Click here to refuse on all domains of the processing company https://www.facebook.com/ads/preferences/
Click here to read the cookie directive of the data processor https://www.facebook.com/policies/cookies
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 1 year
Saved information
This service uses various means to store information on the device of a user, as listed below.
- _fbp, act, c_user, datr, fr, m_pixel_ration, pl, presence, sb, spin, wd, xs,
Cookie from Facebook for website analysis, advertisement targeting and advertisement measurement.
Duration: 1 year Type: Cookie Domain: facebook.com
3.9 LinkedIn Insight Tag
This is a conversion tracking and retargeting service.
Processing company
LinkedIn Ireland Unlimited Company
Wilton Place, Dublin 2, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Analysis
- Marketing
- Retargeting
Used technologies
- Cookies
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Browser information
- Device information
- IP address
- Referrer URL
- Timestamp
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
United States of America, Singapore
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted after 90 days.
Data recipient
- LinkedIn Ireland Unlimited Company
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://www.linkedin.com/help/linkedin/ask/TSO-DPO
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Singapore, United States of America
Click here to read the data protection regulations of the data processorhttps://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com
Click here to refuse on all domains of the processing companyhttps://www.linkedin.com/legal/privacy-policy?src=li-other&veh=www.linkedin.com
Click here to read the cookie directive of the data processorhttps://www.linkedin.com/legal/cookie_policy?src=li-other&veh=www.linkedin.com
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 6 months
Saved information
This service uses various means to store information on the device of a user, as listed below.
- LinkedIn Insight
This technology allows the placing of personalised advertising on LinkedIn for visitors to our website. Duration: 6 months, type: cookie
3.10 YouTube Video
This is a video player service.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Display videos
Used technologies
- Cookies (if the "Privacy Enhanced" mode is not activated)
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Device information
- IP address
- Referrer URL
- Viewed videos
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted as soon as it is no longer required for the processing purposes.
Data recipient
- Alphabet Inc.
- Google LLC
- Google Ireland Limited
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/contact/general_privacy_form
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor https://policies.google.com/privacy?hl=en
Click here to refuse on all domains of the processing company https://safety.google/privacy/privacy-controls/
Click here to read the cookie directive of the data processor https://policies.google.com/technologies/cookies?hl=en
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 10 years, 2 days
The videos are all embedded in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos is the data listed below transmitted. We have no influence on this data transmission.
By visiting the website, YouTube receives the information that you have opened the corresponding subpage of our website. In addition, the data named under B Point 2.1 of this data protection declaration is transmitted. This takes place independently of whether YouTube makes a user account available, via which you are logged in, or whether there is no user account. If you are logged into Google, then your data will be allocated directly to your account. If you do not want the allocation to your YouTube profile, then you must log out before activating the button. YouTube saves your data as a use profile and uses it for purposes of publicity, market research and/or the requirement-orientated design of its website. Such an evaluation particularly takes place (even for users who are not logged in) for the provision of requirement-orientated publicity and to inform other users of the social network of your activities on our website. You have a right to revoke the formation of these user profiles, although you must make your claim to YouTube.
This service uses various means to store information on the device of a user, as listed below.
- PREF This cookie saves your settings and other information, in particular the preferred language, how many search results are to be displayed on your page and whether the Google SafeSearch filter is to be activated. Duration: 10 years, 2 days, type: cookie
- VISITOR_INFO1_LIVE This cookie measures your bandwidth, in order to determine whether you are to receive the new or old player interface. Duration: 6 months, type: cookie
- use_hitbox This cookie increases the counter for "Views" in the YouTube video. Duration: session type: cookie
- YSC Saves the video player settings of the user using an embedded YouTube video. Duration: session type: cookie
3.11 Google Maps
This is a web mapping service.
Processing company
Google Ireland Limited
Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland
Data processing purposes
This list shows the purposes of data collection and processing.
- Display maps
Used technologies
- Cookies
Collected data
This list contains all the (personal) data collected by or through the use of this service.
- Date and time of the visit
- Location information
- IP address
- URL
- Use data
Basic legal principles
The following section names the required basic legal principles for processing data
- Art. 6 Para. 1 S. 1 lit. a GDPR
Place of processing
European Union
Storage period
The storage period is the period of time in which the collected data is saved for processing. The data must be deleted as soon as it is no longer required for the stated processing purposes.
The data is deleted as soon as it is no longer required for the processing purposes.
Data recipient
- Google Ireland Limited
- Google LLC
- Alphabet Inc
Data protection officer of the processing company
Below, you can find the e-mail address of the data protection officer of the processing company.
https://support.google.com/policies/troubleshooter/7575787?hl=en
Forwarding to third countries
This service can forward the collected data to another country. Please note that this service can transmit data to outside the European Union and the European Economic Area and into a country which does not offer a suitable level of data protection. If the data is transmitted to the USA, then there is the risk that your data could be processed by US authorities for control and surveillance purposes, without any legal redress options being available to you. Below, you will find a list of countries to which the data is transmitted. This may be the case for various purposes, e.g. for saving and processing.
Worldwide
Click here to read the data protection regulations of the data processor http://www.google.com/intl/de/policies/privacy/
Click here to refuse on all domains of the processing company https://safety.google/privacy/privacy-controls/
Click here to read the cookie directive of the data processor https://policies.google.com/technologies/cookies?hl=en
Storage information
Below, you can see the longest potential storage period on a device, which was specified for the use of the cookie storage method and when other methods are used.
- Maximum age of cookie storage: 6 months
This service uses various means to store information on the device of a user, as listed below.
- NID This cookie saves information on the user settings and information for Google Maps. Duration: 6 months, type: cookie
4. Use of functions and offers on our website
If you take advantage of services offered on our website, such as chargeable bookings in our online shop or subscription to our newsletter, then it will be necessary for you to state other personal data. Refer to the regulations below for individual details.
4.1 Contact form
(1) With the voluntary use of our contact forms, you will be asked to state your company, first name and surname, and your e-mail address, where these are marked as mandatory information. You also have the option to provide additional information as needed to optimise your personal accessibility and addressability, e.g. telephone number, profession and the reason for your enquiry/contact or your message.
(2) When you send your enquiry, we save the IP address you have used and the login time. The purpose of this procedure is to be able to prove your enquiry and, if necessary, to clarify possible abuse of your personal data.
(3) The legal basis for the processing of your personal data is, first, the authorisation expressly given by you according to Art.
6 Para. 1 lit. a of the GDPR. Moreover, data processing enables us to answer the initiated enquiry and thus also (pre-) contractual purposes as defined by Art.
6 Para. 1 lit. b of the GDPR. Further, data processing takes place on the basis of our legitimate interest in accordance with Art.
6 Para. 1 lit. f of the GDPR in answering your enquiry regarding our services and offers and proof of possible abuse of the e-mail address used for it. To the extent that mandatory information and voluntary information are differentiated, mandatory information as defined by Art.
5 Para. 1 lit. c, Art.
25 of the GDPR is only such data that would typically be transmitted through other enquiry paths – e.g. through the e-mail signature of the enquirer – and for which experience has shown that this data (see Paragraph 2) is necessary for answering the enquiry. For example, we typically need this data to
- Assign the enquirer to the correct sales region;
- Assign the enquirer to the correct salesperson;
- Purposefully invite the enquirer to trade fairs, seminars, etc.;
- Send the enquirer certificates for participation in seminars;
- Be able to send the enquirer printed material;
- Supply the enquirer with material/samples, etc.;
- Recommend local wholesalers to the enquirer.
(4) Voluntary information, such as your profession or the background of your enquiry, help us serve you as best we can without having to ask for more information, as we provide different products and information for different professional categories, for example. A legitimate interest in accordance with Art.
6 Para. 1 lit. f of the GDPR finally consists of using the data you provided to be able to contact you later for the purposes of (potential) customer service and to inform you of our offers and services.
(5) We will erase the data you provided as soon as their storage is no longer required for the above-named purposes. If you have revoked your authorisation for data processing, which is possible at any time with future effect but does not affect data processing up to the time of the revocation, and/or objected to data processing as a legitimate interest (Art.
6 Para. 1 lit. f of the GDPR), we will erase the data without delay. This does not apply only if, and to the extent that, another legal reason (e.g. that of pre- and post-contractual fulfillment from Art.
6 Para. 1 lit. b of the GDPR) justifies further processing or legal requirements to maintain the data prevent immediate deletion (Art.
6 Para. 1 lit. c of the GDPR).
(6) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies) with whom we have appropriate order processing agreements according to Art.
28 of the GDPR, and possibly subsidiaries whose services and/or products are referred to in your enquiry. If these subsidiary companies are in a third country, then we shall only forward your data if they have completed EU standard contractual clauses with us.
4.2 Newsletter (OBO News)
(1) With your authorisation and subject to provision of your e-mail address, you will be able to subscribe to our newsletter, through which we will inform you of our current interesting offers, services and products, as well as news from our company and additional current OBO topics. Only your e-mail address is mandatory for subscription to the newsletter. Alternatively, or additionally, you can request OBO News via a checkbox, which is specially tailored to your interests/requirements. With the voluntary use of this request, you will be asked to state your first name and surname, the postal address of your company, your customer group and your e-mail address, where these are marked as mandatory information. You also have the option to provide additional information as needed to optimise your personal accessibility and addressability (e.g. telephone number).
(2) We use the so-called double opt-in method for subscription to our newsletter. This means that, after you have registered, we will send an e-mail to the stated e-mail address, in which we ask for your confirmation that you wish to subscribe to the newsletter. If you do not confirm your subscription within 72 hours, your information will be blocked and deleted automatically. In addition, we save the IP address you have used and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify possible abuse of your personal data. After you confirm your ordering of the newsletter, we will save the data you have provided in accordance with Para. 2 for the purpose of sending the newsletter and identify possible misuse of your e-mail address.
(4) The legal basis for the processing of your personal data is, first, the authorisation expressly given by you in accordance with Art.
6 Para. 1 lit. a of the GDPR and, with regard to the data processed according to Para. 2, our legitimate interest in accordance with Art.
6 Para. 1 lit. f of the GDPR to identify possible misuse of the e-mail address used for it.
(5) You can revoke your authorisation for sending the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking the link available in each newsletter e-mail or sending an e-mail to info@obo.de or through a message to the contact data specified in the imprint.
(6) To send the newsletter, your e-mail address will only be saved for length of the desired subscription. We will delete the other data saved according to Para.
1 of the GDPR after a period of max. one month after you unsubscribe.
(7) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies) with whom we have appropriate order processing agreements according to Art. 28 of the GDPR.
(8) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies) with whom we have appropriate order processing agreements according to Art. 28 of the GDPR and possible subsidiary companies who carry out the sending of the newsletter. If these subsidiary companies are in a third country, then we shall only forward your data if they have completed EU standard contractual clauses with us.
4.3 OBO Construct
(1) Through our website, we offer our customers, employees and potential new customers, as well as contract partners, the opportunity to use our OBO Construct software in different application levels. It is available as download or as web application. If you download and/or use our software, you have to make a corresponding contract for use with us, even though use is free of charge.
To download the software, information about the user must be stored beforehand in the download form. This information is in particular master data, meaning the name, address and e-mail address of the user, which we need to be able to identify and contact the user as a contract partner, if necessary (Art. 6 Para. 1 lit. b of the GDPR). The user’s profession is also requested so we can assign the users of the respective products to various occupational areas and align the products on the occupational categories that use the software the most. This data processing thus is in our legitimate interest (Art.
6 Para. 1 lit. f of the GDPR). Further, data processing also takes place in accordance with Art.
6 Para. 1 lit. a of the GDPR based on your consent, as you are completely free to use the software offered at no charge and to provide your data to obtain it.
Besides the option to download software, with some OBO Construct products (e.g. OBO Construct for underfloor systems and OBO Construct for earthing systems) we offer you the option to register oneself for use of the software and create a password for later logins. In the registration, the same data is requested as through the previously described download form for the same processing purposes, so it is referred to first. Your e-mail address is also collected in order to complete the registration process, as you must confirm your registration through a link in the e-mail to activate the account. Further, your e-mail address is required so we can store and allocate your configurations for you. With your e-mail address and the password, you can log in as a user and see all your projects and configurations.
As soon as you have an account, you can create any number of projects. The only required fields are the project name and order date. The date is preset to the current date whilst the project name is preset with the name “New project”. Here, you can create a project directly without providing additional information on the project itself. But you also have the option to change the project name and update other project-related information (such as project abbreviation, project number, customer number, customer name, customer address). The data you created in these actions is stored on our server and can be requested by the respective user (that is, you) only through use of the stored password.
Processing of the above-mentioned data is done in accordance with your consent granted in the registration procedure in accordance with Art.
6 Para. 1 lit. a of the GDPR as well as for fulfilling the contract in accordance with Art.
6 Para. 1 lit. b of the GDPR. Moreover, we have a legitimate interest as defined in Art.
6 Para. 1 lit f of the GDPR to make available to our (potential and/or former) customers as well as our employees and contract partners a practical software, tailored to their needs, which must be continuously optimised. Use of the software must be analysed to be able to continuously optimise it. Software use in web applications is analysed with Google Analytics (see B 3 above for this and for the opportunities to object). Your personal data stored in the project is not accessed for this.
In order to fulfil the contract (Art.
6 Para. 1 lit. b of the GDPR), and also in our legitimate interest (Art.
6 Para. 1 lit f of the GDPR) it is required that we can contact you through the contact data you stored, so we can ask for feedback on the software used and/or make contact with you to obtain recommendations for improvement or inform you of new opportunities for the already used application or sensible extensions/other applications.
(2) We shall not forward your personal data to third parties outside the contractual relationship, except for the software developers we assigned, without your express agreement or a legal basis for doing so. We will pass your contact data to the assigned software developers, so they can provide you with the necessary technical information and updates of the software you use. We would like to point out that this is order data processing in accordance with Art. 28 of the GDPR. The affected software developers have made a contractual obligation to us to comply with the data protection conditions required by law.
(3) After contractual completion, your data shall be blocked for further use. After expiry of the taxation and commercial law requirements, this data shall be deleted unless you have expressly agreed to their continued use. Data that is processed for customer retention or direct contact in accordance with Art.
6 Para. 1 lit f of the GDPR will be processed until the legitimate interest no longer applies and then deleted, but not later than your declaration of objection to the processing of the data. Legal retention obligations are also granted with regard to this data.
(4) With provision of the software via an app store, the information provided by the provider of the app store on the handling of your data should also be taken into account. Only the providers of the app stores shall be responsible for the use of this data.
4.4 Seminars
You can also register for seminars via the OBO website. The legal basis for these registrations is Art. 6 Para. 1 S. 1 lit. b of the GDPR. Here, data collection takes place for the purposes of the execution of the appropriate seminar, to issue attendance certificates as well as copies for statistical evaluation and payment processing. For this, we collect data in the categories “Identification data”, “Invoicing data”, “Contractual data” and, possibly, “Performance data” (for further training events). The data is made available to any service provider or co-organisation charged with the organisation and execution of the event or the speaker of the event. Transmission of the data to third countries is not planned. The storage periods result from the basic legal principles. With regard to invoices, this is ten years.
4.5. Online seminars
GoToWebinar
For the registration and execution of online seminars, we used the "GoToWebinar" tool of LogMeIn Ireland Unlimited Company, The Reflector, 10 Hanover Quay, Dublin 2, D0R573, Republic of Ireland. This takes place within the framework of order processing in accordance with Article 28 of the GDPR. The use of GoToWebinar causes various items of personal data to be collected, which are saved on the servers of GoToWebinar.
The saving of the data can also take place in a third country which does not have the European data protection standard.
For more detailed information, please refer to the data protection information of LogMeIn.
www.logmein.com/de/legal/privacy
We will only use your login data (forename, surname, e-mail address, municipality, postcode and company name) when you have issued your consent to us.
4.6 Google Maps
This website uses Google Maps to depict interactive maps and prepare route descriptions. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. This service shows you our location and makes it easier to find us, if desired. This represents a legitimate interest as defined in Art. 6 Para. 1 lit. f of the GDPR.
Through the use of Google Maps, information about your use of our website, including your IP address and the (start) address entered into the route planner function, is transmitted to a Google server in the USA. When you call up one of our Internet websites that contains Google Maps, your browser makes a direct connection to Google’s servers. The map contents are transmitted by Google directly to your browser, and from there included in the website. We therefore have no influence on the extent of the data collected by Google in this way. To the best of our knowledge, this includes at least the following data:
- Date and time of the visit to the website involved;
- Internet address or URL of the called-up website;
- IP address together with the starting address entered in the route planner.
This takes place independently of whether Google makes available a user account through which you are logged in, or whether there is no user account. If you are logged into Google, then your data will be allocated directly to your account. If you do not want the allocation to your Google profile, then you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place particularly in accordance with Art. 6 Para. 1 lit. f of the GDPR based on the legitimate interests of Google in showing personalised advertising, market research and/or needs-based design of its website.
You have a right to object to formation of these user profiles, although you must contact Google directly to do so. Please read Google’s privacy policy at https://www.google.com/policies/privacy. The opt-out option should be accessible via the following link: www.google.com/settings/ads/.
Google LLC, with headquarters in the USA, is certified for the US-European Privacy Shield data protection convention, which ensures compliance with the data protection level applicable in the EU according to the (criticised) opinion of the EU Commission.
If you do not agree to future transmission of your data to Google through the use of Google Maps, you also have the possibility to completely deactivate the web service of Google Maps by switching off the JavaScript application in your browser. Google Maps, and with it the map display on this Internet page, can then no longer be used.
You will find the terms of use of Google at https://policies.google.com/terms?hl=en, and the additional terms of use for Google Maps at https://www.google.com/intl/en/help/terms_maps/. You will find detailed information on data protection in connection with the use of Google Maps on Google’s website (Google Privacy Policy): http://www.google.com/intl/en/policies/privacy/
Through the use of our website, you declare your agreement to Google using the data collected from you through the Google Maps route planner in the way described above and for the purpose described above.
4.7 Downloading OBO BIM data / Downloading a plug-in for automatic downloading of BIM data
OBO gives you the opportunity to download BIM data directly from the OBO website. You also have the option of downloading a plug-in for Autodesk Revit from our website. This gives you direct access to the BIM library and allows you to place the systems directly into Revit via the configurator.
To download the BIM data and use the plug-in, you need to register.
We ask you to provide the following data when registering: e-mail address, surname, first name, company, city, country, company type and function within the company. These are mandatory fields and are indicated as such. We require this information to provide you with targeted information, if you have consented to this. The legal basis for this is Article 6 Para. 1 lit a GDPR.
Optionally, you can provide us with your salutation and telephone number so that we can contact you in the event of enquiries.
After the registration process, we will send you an e-mail, with which you can confirm your registration (double opt-in). Only after this confirmation is the registration process complete.
After successfully registering, you can download the BIM data and the Autodesk Revit plug-in from our website.
If you do not wish to register, please contact our BIM@OBO team at bim@obo.de. We will then be happy to send you the BIM data required for your project.
If you would like us to inform you about new developments and updates at BIM@OBO, you can give us your consent.
The legal basis for this is Article 6 Para. 1 lit. a GDPR. You can revoke your consent at any time by sending an e-mail to bimnoSpam@obo.de.
5. Security measures
We take organisational, contractual and technical security measures according to the state of the art, in order to ensure that the data protection regulations are complied with and that the data we process is protected against random or intentional manipulations, loss, destruction or access by unauthorised persons. The security measures particularly include encrypted transmission of data between your browser and our server.
C. Special features of data processing via social networks
No social plug-ins are used on our website. We only maintain links to various social media services.
Social media platforms process your personal data when you access our specific channels.
The legal basis for the processing of your personal data results from a legitimate interest (Art. 6 Para. 1 lit f) of the GDPR. The legitimate interest is the communication with interested parties and customers active there, to answer queries and provide information about our products. If you have been requested to consent to the described processing by the provider of the respective social media platform, the legal basis is Art. 6 Para. 1 lit a of the GDPR.
Please refer to the data protection information of the individual service provider regarding which personal data is collected by the service provider and information about your options for opting out and your data protection rights. We refer you to the following links of the platform providers.
User data may be processed in third countries (countries outside the European Economic Area “EEA”). With regard to US providers that are certified under the Privacy Shield, we would like to point out that they have committed to complying with the EU data protection standards. However, this may still entail some risks for users, e.g. the enforcement of user rights could be made more difficult.
You can find additional information at the following links of the individual platform provider.
Generally, data is processed for market research and advertising purposes. They can be used, for example, to create user profiles based on user behaviour and the resulting interests of the users. These user profiles may be used to display advertisements both inside and outside these platforms, which are presumed to correspond to the users’ interests.
For this purpose, cookies containing information about the users’ behaviour and interests are stored on the users’ computers.
A detailed description of the individual processing and opt-out options can be found at the following links of the individual platform providers.
In the case of requests for information and enforcement of user rights, we point out that these can be most effectively asserted with the service providers. Only the providers have access to the user data and can take appropriate action or provide information. However, should you still require assistance, please do not hesitate to contact us.
Comment function
You can comment on the content we publish on the OBO Bettermann social media channels. Personal data is collected when you click the “Send comment” button. The exact details of this personal data, as well as further data protection information, can be found in the data protection declaration of the individual service provider. Your comment will be published with your username on the relevant social media profile.
If you “like” our social media channels or subscribe to updates, personal data is collected about you. You can find out which data is collected by reading the data protection declaration of the individual platform provider.
The basis is an agreement on joint processing pursuant to Article 26 of the GDPR.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and OBO Bettermann Holding GmbH & Co. KG are jointly responsible for processing your data on our fan page.
Privacy policy: https://www.facebook.com/about/privacy/ and https://facebook.com/privacy/explanation
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Your behaviour in relation to our fan page is recorded using the “Page Insights” service. The analyses we can view do not allow us to analyse usage behaviour of individual people. We can only see aggregated data (e.g. number of hits, likes, followers, region of origin, age group, sex).
Additional information at: https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/terms/information_about_page_insights_data.
Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA) – privacy policy: https://twitter.com/en/privacy,
Opt-out: https://twitter.com/personalization,
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
Google YouTube
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy policy/opt-out: https://policies.google.com/privacy,
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Xing (XING AG, Dammtorstrasse 29‒32, 20354 Hamburg, Germany)
Privacy policy/opt-out: https://privacy.xing.com/en/privacy-policy
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) –
privacy policy https://www.linkedin.com/legal/privacy-policy,
opt-out: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out,
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy/opt-out: http://instagram.com/about/legal/privacy/