The OWH SE i.L. (hereinafter referred to as OWH), is pleased that you are visiting our website. Data protection and data security are very important to us. We would therefore like to inform you at this point which personal data we collect when you visit our website and for what purposes it is used.
§1 Data Controller and Scope
The controller according to the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection acts of the Member States, as well as other data protection regulations, is:
§2 Data Protection Officer
The (external) Data Protection Officer is:
Dr. Karsten Kinast, LL.M.
KINAST Rechtsanwaltsgesellschaft mbH
§3 Principles of Processing Personal Data
Personal data is any information relating to an identified or identifiable natural person. This includes, for example, information such as your name, age, address, telephone number, date of birth, e-mail address, IP address or user behaviour. Information that cannot (or only with a disproportionate effort) referred to your person, e.g. by anonymizing the information, is not personal data. The processing of personal data (e.g. collection, retrieval, use, storage or transmission) always requires a legal basis. Processed personal data will be deleted as soon as the purpose of the processing has been achieved and there are no longer any legally required retention obligations. If we process your personal data for the provision of certain services, we will inform you below about the specific processes, the scope and purpose of the data processing, the legal basis for the processing and the respective retention period.
§4 Data Processing
Provision and Use of the Website
a. Scope and Purpose of the Processing
When you access and use our website, we only collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the retrieved file
- The website from which access is made (referrer URL)
- The used browser and, if applicable, the operating system of your computer as well as the name of your access provider
b. Legal Basis
Art. 6 para. 1 lit. f GDPR serves as the legal basis for the data processing. The processing of the mentioned data is necessary for the provision of our services and thus serves the protection of a legitimate interest of our company.
c. Data Deletion and Storage Time
The data subject’s personal data are deleted or restricted as soon as the purpose of the processing is fulfilled. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, there is no possibility of objection for the user. Further storage may take place in individual cases if this is required by law.
§5 Third Party Transfers
We only share your personal information with third parties if:
- you have given your express consent pursuant to Art. 6 para. 1 lit. a GDPR,
- it is legally permissible and necessary for the fulfilment of a contractual relationship with you pursuant to Art. 6 para. 1 lit. b GDPR,
- there is a legal obligation to pass on the data in accordance with Art. 6 para. 1 lit. c GDPR,
- the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data.
In addition, we use external service providers as part of the administration of the website and the associated data processing on the basis of a data processing agreement (Art. 28 GDPR).
a. Scope and Purpose of Processing
Various types of cookies are used on our website, the types and functions are explained in more detail below.
Our website uses transient cookies that are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. This allows various requests from your browser to be assigned to a common session and enables us to recognize your terminal device during subsequent website visits within a session.
These cookies are required for technical reasons so that you can visit our website and use functions offered by us. This refers, for example, to the following applications: Banner element to communicate cookie usage, and element to inform visitors about using an outdated browser. In addition, these cookies contribute to a safe and compliant use of the website.
b. Legal Basis
Due to the described purposes of use (see §6 a.), the legal basis for the use of technically necessary cookies is Art. 6 para. 1 lit. f GDPR.
c. Storage Time
As soon as the data transmitted by the cookies is no longer necessary for the purposes described above, this information will be deleted. Further storage may take place in individual cases if this is required by law.
d. Browser Settings
Most browsers are already set to accept cookies by default. However, you can change your browser settings so that it only accepts certain cookies or no cookies at all. However, we would like to point out that you may no longer be able to use all the functions of our website if cookies are disabled by your browser settings on our website. You can also use your browser settings to delete cookies already stored in your browser. Furthermore, it is possible to set your browser so that it informs you before cookies are stored. Since the different browsers may differ in their respective functions, we ask you to use the respective help menu of your browser for the setting options. If you would like a comprehensive overview of all third-party access to your Internet browser, we recommend that you install specially developed plug-ins.
Our website contains hyperlinks to websites of other providers. When you activate these hyperlinks, you will be directed directly to the other providers’ website. You will recognize this when the URL is changed. We cannot assume any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations. Please refer to these websites for information about how these companies handle your personal data.
§8 Your Rights as a Data Subject
The GDPR gives you the following rights as a data subject of a processing of personal data:
- According to Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right of complaint, the origin of your data if it has not been collected by us, about a transfer to third countries or international organizations and about the existence of automated decision-making, including profiling, and, if applicable, meaningful information about its details.
- According to Art. 16 GDPR, you can immediately request the rectification of incorrect or the completion of your personal data stored by us.
- According to Art. 17 GDPR, you can request the erasure of your personal data stored by us, unless the processing is to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend yourself of legal claims is required.
- According to Art. 18 GDPR, you may request the restriction of the processing of your personal data if you dispute the accuracy of the data, the processing is unlawful, we no longer need the data and you object to their deletion because you need them for the assertion, exercise or defense of legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing in accordance with Art. 21 GDPR.
- According to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, common and machine-readable format or you can request the transfer to another person responsible.
- According to Art. 7 para. 3 GDPR, you can withdraw your once given consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future.
- According to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our company headquarters.
§10 Data Security and Security Measures
To prevent manipulation, loss or misuse of your data stored with us, we take extensive technical and organizational security precautions that are regularly reviewed and adapted to technological progress. These include, among other things, the use of recognized encryption methods (SSL or TLS). However, we would like to point out that, due to the structure of the Internet, it is possible that the rules of data protection and the above-mentioned security measures are not observed by other persons or institutions not within our sphere of responsibility. In particular, data disclosed in unencrypted form – e.g. if this is done by e-mail – can be read by third parties. We have no technical influence on this. It is the user’s responsibility to protect the data he or she provides against misuse by encrypting it or in any other way.