As the data controller we have prepared this privacy notice to inform you in accordance with the requirements of the EU General Data Protection Regulation 2016/679 (GDPR) about the nature, scope and purpose of the processing of personal data in relation to the services we offer on our website.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
‘Union’, ‘EU’ or ‘Member State’ means the European Union or a member state of the Union.
Baseler Straße 10
60329 Frankfurt Germany
Telephone: +49 69 244 502 0
Telefax: +49 69 244 502 10
E-Mail: info@id1.de
OBSECOM GmbH
Königstr. 40
70173 Stuttgart Germany
Telephone: 0711 / 4605025-40
Telefax: 0711 / 4605025-49
E-Mail: id1@obsecom.eu
Webseite: https://www.obsecom.eu
We process personal data based on at least one of the following legal bases:
In this privacy policy we refer to the respective legal basis of the individual data processing operations.
We forward personal data to recipients (data processors or other third parties) only to the extent required and only if one of the subsequent conditions are met:
The transfer of personal data to a third country or an international organisation outside the EU or the European Economic Area (EEA) is subject to legal or contractual permission only in accordance with the provisions under Art. 44 et seq. GDPR. Pursuant to Art. 45 GDPR an adequacy decision of the EU commission must be present for the respective country, or appropriate safeguards for data privacy under Art. 46 GDPR, or Binding Corporate Rules under Art. 47 GDPR must exist. In individual cases, a data transfer may be permitted on the basis of an exception under Art. 49 GDPR.
We may use on our website external services provided by organisations based in the USA. If these services are active, personal data is collected in connection with the provision of the relevant service and may be transferred to and stored on servers in the USA. The European Court of Justice considers the USA to have an inadequate level of data protection. When data is transferred to the US, there is a fundamental risk that the US authorities may access and use the data for surveillance and monitoring purposes without notification and without the possibility of a legal remedy.
As a data subject you have the following right:
If you wish to assert the data subject rights mentioned above, you can contact us or our data protection officer at any time using the contact details above.
Unless otherwise provided for in this privacy notice, personal data will be deleted, if this data is no longer necessary in relation to the purposes for which they were collected or otherwise processed and the deletion does not conflict with statutory retention requirements. In addition, we will erase the personal data processed by us in accordance with Art. 17 GDPR on your request, if the conditions provided therein are met. If personal data are required for other lawful purposes, they will not be erased, but their processing will be restricted in accordance with Art. 18 GDPR.
In case of restriction, the data will not be processed for other purposes. This applies, for example, to personal data that must be retained by us for commercial or tax law reasons. For example, data must be kept for 6 years pursuant to Section 257 (1) Nos. 2 and 3 German Commercial Code (HGB) and Section 147 (1) Nos. 2, 3, 5 German Tax Code (AO); data must be kept for 10 years pursuant to Section 257 (1) Nos. 1 and 4 HGB and Section 147 (1) No. 1, 4, 4a AO.
Our website uses cookies. Cookies are small text files that your browser automatically creates and stores on your device (laptop, tablet, smartphone, PC, etc.) when you visit our website. Cookies do no harm to your device, nor do they contain any viruses or other malicious software. The cookie stores information which is created in relation to the specific device you are using. However, this does not mean that we become immediately aware of your identity. Cookies are mainly used to make the website more user-friendly, effective and secure.
For more information on the cookies we use, please refer to our cookie policy at: https://www.informationdesign.io/cookies/
In order to make our website available, we use services provided by hosting companies, such as: Provision of web servers, disk space, database services, and security or maintenance services. Here we, or our hosting providers, process personal data of website visitors based on our legitimate interests in providing efficient and secure access to our website in accordance with Art. 6 (1)(f) GDPR.
By visiting our website or its individual pages, your device’s internet browser automatically sends information to the server of our website. This information is stored in so-called log files by us or our hosting provider and will be deleted after 7 Days at the latest.
The following information is stored:
This data will be used for the following purposes:
The legal basis for data processing is Art. 6 (1)(f) GDPR. Our legitimate interest relates to the data collection purposes mentioned above. Under no circumstances will we use the personal data collected for the purpose of drawing conclusions about a person.
If you contact us using the contact details published on our website (for example, by e-mail) and in this context provide us with personal data, we will use this data to process your request on the basis of Art. 6 (1)(b) GDPR, if your request is related to the performance of a contract or is required to perform pre-contractual action. In all other cases, processing is based on your consent in accordance with Art. 6 (1)(a) GDPR and / or our legitimate interest in the effective processing of requests addressed to us pursuant to Art. 6 (1)(f) GDPR. We will store your personal data until you ask us for deletion, revoke your consent to the storage, or the data are no longer necessary for the purpose for which they were collected (for example, after completion of your request). Mandatory statutory provisions – especially retention periods – remain thereof unaffected.
If you use the contact form, you will be asked to provide your e-mail address, Name and any other contact details, so that we can get in touch with you. Further information can be provided voluntarily. The data processing for the purpose of contacting us and answering your request takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent. All personal data collected in connection with the contact form will be deleted after your request has been processed, unless further storage is required for the documentation of other transactions (for example, subsequent conclusion of a contract).
If you are an existing customer and we have received your e-mail address in connection with the sale of goods or services, we may use your name, e-mail address, your company affiliation if you are interacting on behalf of a company, and the type of goods or services you purchased from us for the direct marketing of our own similar goods or services. This only applies if you have not objected and we clearly and unequivocally have advised you of the possibility of objection at the time of collecting the e-mail address, and every time we use it thereafter. The legal basis of processing is our legitimate interest in direct marketing according to Art. 6 (1)(f) GDPR. We will store the personal data until you object to the processing.
If you would like to receive our newsletter we require your e-mail address, name. The data processing for the purpose of sending the newsletter takes place in accordance with Art. 6 (1)(a) GDPR based on your voluntary consent by means of the so-called double-opt-in procedure. The e-mail address will be used and stored for this purpose until you withdraw your consent or unsubscribe from receiving the newsletter. You can unsubscribe at any time, for example by using the link at the bottom of each newsletter. You can also send your withdrawal/unsubscribe request at any time to the e-mail address given under Clause II.
We embed a so-called counting pixel into our newsletters. A counting pixel is a miniature graphic embedded in the HTML format of the newsletter to allow us an analysis of the reader’s reading behaviour. In this context, we gather information on whether, and at what time, a newsletter was opened by you and which of the links contained in the newsletter were accessed by you. We use this data to generate statistical evaluations of the success or failure of a marketing campaign to optimize the distribution of our newsletters and to better tailor the content of future newsletters to your interests. The collected data will not be passed on to third parties and will be deleted after the statistical evaluation.
We use the Hubspot marketing platform to manage our online marketing activities. The provider is HubSpot, Inc; 25 First Street, Cambridge, MA 02141; USA (hereinafter ‘Hubspot’). Hubspot processes personal data on our behalf for the purpose of website analysis, to send and evaluate the reach of our newsletters and the processing of form inputs (for example, contact form). For this purpose, we transfer information to Hubspot about the use of this website, usage behaviour and, among other things, information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer and time of server request. This data is used to ensure that our website is designed to meet the needs of our customers and is continuously optimised, to measure the success of marketing measures and to create statistical evaluations. For the purpose of sending newsletters, we transfer your e-mail address and, if necessary, other data required for the provision of the newsletter to Hubspot. The legal basis for data processing by Hubspot is our legitimate interest in a demand-driven website and the use of a user-friendly and secure newsletter system in accordance with Art. 6 (1)(f) GDPR. The personal data collected may be stored on servers in the USA. The data transfer to Hubspot is legitimised according to Art. 46 (2)(c) GDPR on the basis of the EU Standard Contractual Clauses. A copy of the Standard Contractual Clauses can be viewed at: https://eur-lex.europa.eu/eli/dec_impl/2021/914. For more information on how Hubspot handles your personal data, please refer to the privacy policy at: https://legal.hubspot.com/de/privacy-policy.
When applying for a job via our web-based recruitment tool, you will be asked to provide personal data, such as your name and contact details, as well as your CV and any other optional application documents. This information will be used to review your application and to contact you. The provider of the recruitment tool is Personio SE & Co. KG, Seidlstraße 3, 80335 Munich, Germany (hereafter “Personio”). Personio processes your personal data on our behalf and solely in accordance with our instructions. Data processing for the purpose of reviewing applications and establishing an employment relationship is carried out under Art. 6(1)(a) GDPR, based on your voluntary consent.
If you give your consent, your application documents will also be considered in connection with other suitable roles. Our recruitment team will then regularly check whether your profile is a good fit for any other vacancies and will get in touch if it is. If we reject your application, but would like to retain your application documents in our talent pool for up to one year to consider you for future job advertisements, we will contact you in advance to ask for your consent. Data will only be stored with your prior express consent, which will be requested by email or post. The legal basis for these purposes is your consent given voluntarily under Art. 6(1)(a) GDPR.
Our website uses media content from the Podomatic platform. Provider is Podomatic Inc.; 10 Cleveland Street; San Francisco; CA 94103; USA (hereinafter “Podomatic”). The purpose is to embed podcasts of the Podomatic platform that relate to the content of our website. This service collects your IP address and any additional data Podomatic may need to provide the content. The information gathered about your use of this website is stored on a server in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Podomatic. If you are logged in to your Podomatic account while you are visiting our website, Podomatic can link your visit of our website directly to your user account. If you do not want Podomatic to be able to associate the data collected on our website with your respective user account, you must first log out of Podomatic. The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR. For more information on how Podomatic processes your personal data, please refer to: https://www.podomatic.com/about/privacy
On our website we refer with hyperlinks to social media profiles in social networks. When you actively click on a link to such a profile, your browser establishes a direct connection with servers of the respective social media network, whereby the provider obtains knowledge of your visit. If you are simultaneously logged in to the respective social network, the provider can assign the visit to the profile to your user account. In this context, personal data may be processed in the USA. For more information on the processing of personal data, please refer to the privacy policy of the respective social media network. The purpose of linking our website to social media profiles is to increase the visibility of our website. Clicking on a social media link takes place on the basis of your voluntary decision in accordance with Art. 6 (1)(a) GDPR. The legal basis for any data transfer to the USA is also your voluntarily given consent according to Art. 49. (1)(a) GDPR.
Provider of the services below is Google Ireland Limited (Register No: 368047), Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter ‘Google’).
The information collected by Google in connection with the provision of the respective services may be transferred to and processed by Google servers in the USA and stored there. Google has joined the EU/US Data Privacy Framework and has committed to abide by European data protection standards, thereby meeting the EU’s requirements for the transfer of personal data to the US under Art. 45 GDPR. Information about Google’s voluntary commitment can be found at https://www.dataprivacyframework.gov/participant/5780.
For more information about the processing of personal data by Google, please refer to Google’s privacy policies at: https://business.safety.google/privacy/ and https://policies.google.com/privacy?hl=en. For information on the use of data for advertising purposes by Google, settings and your right to object please refer to: https://www.google.de/policies/privacy/partners/, https://www.google.de/policies/technologies/ads/, https://adssettings.google.de/.
The legal basis for the use of the following services is your voluntarily given consent according to Art. 6 (1)(a) GDPR. The legal basis for data transfer to the USA is also your voluntarily given consent in accordance with Art. 49 (1)(a) GDPR.
Our website uses Google Analytics. Google Analytics uses cookies. Google Analytics collects information about the visits of website users and analyses their behaviour. This data serves the purpose of developing a user-friendly website design, the continuous optimisation of our services and offers, to measure the success of marketing activities and to create statistical analysis. In this context, pseudonymised user profiles are created and cookies are used. Google Analytics collects information such as browser type / version, operating system, referrer URL (the previously visited page), host name of the accessing computer (IP address) and time of server request. The information generated is transferred to the US and stored on servers owned by Google. The collected user data and event data will be deleted after 14 months. Information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google. Under no circumstances will your IP address be merged with any other data that is kept by Google. The IP address will be anonymised so that assignment is impossible. You can prevent the local storage of cookies by configuring your browser software accordingly. However, be advised that in this case you may not be able to use all the features of this website to the full extent possible. Additionally, in order to prevent Google from collecting and processing the data generated in relation to your use of the website you may download and install the browser plug-in available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en. You can prevent Google from gathering your data by clicking on this link [<a href=’javascript:gaOptout()’>Deactivate Google Analytics</a>] which sets an opt-out cookie on your computer. This cookie ensures that Google Analytics will not collect and store any user data from your browser when visiting this website. Attention: If you delete your cookie cache, this will result in the opt-out cookie being deleted as well. Then you must re-activate the opt-out cookie again.
The legal basis for the use of the following services are our legitimate interests according to Art. 6 (1)(f) GDPR. Our legitimate interests are listed below for each service individually.
Our website uses external typesets provided by Google, so-called web fonts. To do this, your browser loads the required web fonts into your browser cache when you visit the website. If your browser does not support this feature, your computer will use a standard font to display the website. This service collects your IP address, which of our websites you have visited and, if necessary, other data required by Google for the provision of the web fonts. The generated information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
Our website uses Google reCAPTCHA to ensure that the forms provided on our website are used by an actual person and are not abused by bots or automated procedures. We use this service in our legitimate interest in the security of our website and the detection of bot activity. This service collects your IP address and any additional data required by Google for providing the reCAPTCHA service. The collected information about your use of this website is stored on servers in the USA. This information may also be transferred to third parties if required by law or if third parties process this data on behalf of us or Google.
Our website uses Google Tag Manager to manage the website through a single tag management interface. Google Tool Manager only implements tags. This means no cookies are used and no personal data is collected. Google Tag Manager triggers other tags, which may collect data. However, Google Tag Manager does not access this data. If deactivated at the domain or cookie level, it will remain effective for all tracking tags as far as they are implemented with the Google Tag Manager. Our legitimate interests in the use of Google Tag Manager are the efficient maintenance of our website and the central administration of HTML elements