Stand: 21.07.2018

Privacy

Data protection statement

The protection of your privacy is very important to us. We therefore proceed according to the statutory regulations of the European and German data protection legislation in all operations of data processing (e.g. collecting, processing and transmission).

The following statement gives you an overview of which of your data is asked for on our websites, how this data is used and forwarded, in which way you can find out about the information given to us and which security measures we take to protect your data.

Content

  1. Who is your contact (controller) for your data protection concerns?
  2. Which data do we need from you for the use of our websites? Which data is collected and stored during use?
  3. How is my data used, and possibly forwarded to third parties, and for what purpose is this carried out?
  4. Linking to social networks
  5. What security measures have we taken to protect your data?
  6. Advertising by e-mail (e.g. E-mail newsletter)
  7. Newsletter Tracking
  8. A cookie is stored on your computer when you use our websites. What does this mean?
  9. Rights of data subjects
  10. Changes to this data protection statement

 

Who is your contact (controller) for your data protection concerns?

Controller as defined in the data protection regulations for all data processing procedures carried out via our websites is:

mbo Osswald GmbH & Co KG
Steingasse 13
D-97900 Kuelsheim-Steinbach

Telephone +49 9345 – 6700
Fax +49 9345 – 6255

Please address your enquiries on the topic of data protection and the assertion of the rights of data subjects (cf. below) to datenschutz@mbo-osswald.de.

Which data do we need from you for the use of our websites? Which data is collected and stored during use?

Personal data is any information that refers to an identified or identifiable natural person (“data subject”), such as e.g. your name, your address, your phone number, your date of birth, your bank details and your IP address.

Basically, we only collect and use personal data when this is necessary in order to provide a functioning website and our contents and services. The collection and use of personal data takes place regularly only with your consent. An exception applies in such cases, where obtaining prior consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.

Usage data

The following data is recorded during the use of our websites, whereby storage is exclusively for internal system-related and statistical purposes, so-called usage data:

  1. Information on the type of browser and the version used
  2. The operating system
  3. The Internet Service Provider
  4. The IP address
  5. Date and time of access

Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR (General Data Protection Regulation).

The temporary storage of the IP address is required by the system, in order to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.

The storage in log files is carried out to ensure the functioning of the website. In addition, the data is used to optimise the website and ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place in this connection.

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of recording data to make the website available, this is the case when the respective session is terminated.

In the case of storing the data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or modified so that it is no longer possible to allocate them to the accessing client.

The recording of data to make the website available and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no contesting option.

Registration

We offer you the option of registering on our website, giving personal data. For this, the data is entered in an entry mask and transmitted to us and stored. The following data is processed in the course of the registration process:

At the time of registration the following data is also stored:

  • Full name of the client and full company name
  • Type of client – corporate client or consumer client
  • E-mail address
  • Address (invoice address and different delivery address if applicable)
  • Phone number
  • The answers to the optionally designed question, how you found us or how you heard about us;
  • Password

 

Legal basis for processing the data in the case of the existence of your consent is Art. 6 para. 1 lit. a GDPR.

If the registration serves the fulfilment of a contract, of which you are a contractual party or the execution of pre-contractual measures, additional legal basis for processing the data is Art. 6 para. 1 lit. b GDPR.

Registration is necessary for making certain contents and services available on our website.

Registration is necessary to fulfil a contract with the user or to execute pre-contractual measures.

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected.

This is the case for the fulfilment of a contract or the execution of pre-contractual measures during the registration process, if the data is no longer necessary for the execution of the contract. Even after concluding the contract, the necessity to store personal data of the contractual partner may exist, in order to comply with contractual and statutory obligations.

You have the opportunity, as the user, to cancel the registration by an appropriate request by e-mail. You may also have the data stored about you altered at any time by appropriate information by e-mail.

If the data is required to fulfil a contract or to execute pre-contractual measures, a premature erasure of the data is only possible, if it is not contrary to contractual or statutory obligations.

Contact form

We provide a contact form for you on our website, with which you can conveniently get in touch with us electronically and send us your request. We only collect your name and possibly title and your address as well as the name of your company, your department and the address of your company, your e-mail address and your phone number via the contact form. Giving your phone number is voluntary.

We seek your consent for the processing of data during the dispatch process and refer to this data protection statement.

Alternatively, it is possible to contact us using the e-mail address provided. In this case the personal data transmitted with the e-mail is stored.

We only use your data to process your enquiry and can contact you for this purpose using the contact data given. Use of this data for advertising purposes or forwarding to third parties does not take place.

Legal basis for processing the data in the case of the existence of your consent is Art. 6 para. 1 lit. a GDPR.

Legal basis for the processing of the data transmitted to us via the contact form or in the course of transmitting an e-mail is Art. 6 para. 1 lit. f GDPR. If making contact also aims at concluding a contract, additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.

The processing of personal data from the entry mask is only used for processing the communication with you. In the case of contact made by e-mail, the required legitimate interest is also in the processing of the data.

The other personal data processed during the dispatch process are only used to avoid abuse of the contact form and to ensure the security of our IT systems.

The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the personal data from the entry mask of the contact form and the personal data transmitted by e-mail, if the respective conversation with you is terminated. The conversation is terminated when it can be inferred from the circumstances that the situation concerned has been conclusively clarified.

The personal data additionally collected during the dispatch process are deleted after a period of seven days at the latest.

You have the possibility of revoking your consent to the processing of personal data at any time. To do so, you can contact us by e-mail and revoke your consent. Should you contact us by e-mail, you can revoke the storage of your personal data at any time. The conversation cannot be continued in such a case.

All personal data that was stored in the course of making contact will be deleted in this case.

How is my data used, and possibly forwarded to third parties, and for what purpose is this carried out?

Fulfillment of contractual legal transactions or legal transactions

We use the personal data you provide to process customer inquiries and orders, or supplier inquiries and orders in accordance with Article 6 paragraph 1 lit. b and c GDPR. We only collect data that we need for this purpose and which we have been informed by you. A collection and / or processing of your personal data that goes beyond the scope of the statutory permission is only possible on the basis of your express consent.

Any transfer, sale or other transfer of your personal data to third parties only takes place if the disclosure is required for the purpose of contract execution or for billing purposes or to collect the fee (eg shipping company or payment service provider), or if you have a legitimate interest have expressly consented. In addition, we are entitled to disclose Personal Information for collection purposes and reserve the right to communicate with business protection organizations (such as Schufa); this, of course, only if the legal requirements for this exist.

The legal basis for the transmission of the data to third parties for the purpose of contract execution or for billing purposes is Art. 6 para. 1 lit. b GDPR.

In principle, there is no transmission of data to third countries.

The data are stored for the duration of the respective contractual relationship or legal or similar business relationship. This period is usually 10 years for legal transactions and 6 years for commercial letters.

Applications for job advertisements or unsolicited applications

We use the personal data provided by you for the selection of potential employees in accordance with Article 6 paragraph 1 lit. b GDPR. We only collect data that we need for this purpose and which we have been informed by you. A collection and / or processing of your personal data that goes beyond the scope of the statutory permission is only possible on the basis of your express consent.

Any transfer, sale or other transfer of your personal data to third parties only takes place if the disclosure is required for the purpose of contract execution or for billing purposes or to collect the fee (eg shipping company or payment service provider), or if you have a legitimate interest have expressly consented. In addition, we are entitled to disclose Personal Information for collection purposes and reserve the right to communicate with business protection organizations (such as Schufa); this, of course, only if the legal requirements for this exist.

The legal basis for the transmission of the data to third parties for the purpose of contract execution or for billing purposes is Art. 6 para. 1 lit. b GDPR.

In principle, there is no transmission of data to third countries.

Applicant data will generally be deleted after 4 months from the date of submission of the respective position. Exceptions to this are the data of the applicants who have given their consent to the further storage of the data in the applicant data pool. This data will be reviewed after two years for a need for further storage. Otherwise the data will be deleted.

Website

We use the personal data you make available to us to answer your enquiries, to deal with your order in our online shop as well as for the technical administration of our websites.

Forwarding, sale or other transmission of your personal data to third parties is only carried out, if the forwarding is required for contract processing purposes or for invoicing purposes respectively, in order to collect the remuneration (for example, shipping companies or payment service providers), a legitimate interest exists or you have explicitly given your consent. Furthermore, we are entitled to forward personal data for collection purposes and reserve the right to exchange data with credit information agencies (e.g. Schufa); naturally only if the legal requirements for this are met.

Legal basis for the transmission of data to third parties for contract processing purposes or for invoicing purposes is Art. 6 para. 1 lit. b GDPR.

Payment processing via Paypal

For payment processing in our online shop, we use the payment system of the external payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A.  22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). If you wish to pay by credit card or PayPal, for example, a connection to the online paying system of PayPal is made automatically via a technical interface. The payment data you give is transmitted via an encrypted connection to PayPal exclusively for the purpose of the payment processing and stored and processed there. The processing of the data is also carried out exclusively for the above mentioned purpose of the payment processing of your order, whereby the payment data have to be forwarded by PayPal where necessary to the credit institute named by you, in order to trigger and authorise the payment process.

Integration of a 3D service of TraceParts S.A.

We use a service of the company TraceParts S.A., Parc Eco Normandie, 76430 Saint Romain (France), in order to also be able to present our products to you in the context of our product descriptions in the form of 3D models. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR also lies here.

If you make use of this offer by entering the corresponding e-mail address to your TraceParts Account in the appropriate box with the designation “TraceParts Account”, this address you have entered will be transmitted to TraceParts for identification purposes. If you do not have an account at TraceParts, you can alternatively request a download to view the 3D models according to corresponding format selection, if you are registered in our shop. The 3D view of our products is then also available to you.

Forwarding in legally prescribed cases

We point out that we are entitled in individual cases to give information on data upon instructions of the competent body, where this is required for the purposes of law enforcement, averting danger by the police forces of the German federal states, for complying with the legal assignments of the state and federal offices of the protection of the constitution, of the federal intelligence service or the military counter-intelligence service or to enforce intellectual property rights.

Linking to social networks

On our websites we link to the social media platforms Facebook, Google+ and YouTube. This is carried out via a corresponding symbol on our websites that is labelled with the corresponding logo of the respective social media platform and behind which a corresponding link to our corresponding social media page is hidden. Social plugins (such as the Facebook “Like” button) are not integrated here.

No data relating to you is transmitted to these services by our references to the social media services. These are normal hyperlinks, via which no data transmission takes place regularly. If you click on the link, you will be forwarded directly to our social media presence at the respective social media service. A data transmission only takes place in doing so, if you are logged on to your user account of the corresponding social media service. You can then link or distribute contents of our websites directly with the social media service or, in the case of YouTube, watch the videos of our YouTube channel. The respective social media service possibly finds out which contents you have watched on our websites in this way.

Responsible for the social media services linked by us are exclusively:

  • for Facebook and their web presence Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA;
  • for Google+ and their web presence Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA;
  • for YouTube and their web presence YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA;

 

Further information about the purpose and extent of data collection and about the further processing of your data by the respective social media service can be found in the data protection regulations of the respective service. These are available on the internet:

 

Under the named links, you will also find information about settings options to protect your privacy and about your further rights concerning the collection, processing and use of your data by the respective social media service, among other things.

You are yourself responsible for transmitting data to the social network services mentioned above, as you become active by logging on to your respective social network account and following the respective link and therefore initiate the data processing by the respective social network service that takes place subsequently.

What security measures have we taken to protect your data?

We have taken a variety of security measures to protect personal information appropriately and adequately.

Our databases are protected by physical and technical measures, as well as procedural measures that restrict access to the information to specially authorised persons in compliance with this data protection statement. Our information system is located behind a software firewall to prevent access from other networks that are connected to the internet. Only employees, who require the information to complete a special task, obtain access to personal information. Our staff are trained regarding security and data protection practices.

We use the standardised SSL encryption technology when collecting and transmitting data via our internet pages. Personal details are transmitted via SSL encryption during the ordering procedure, identifiable in the browser by the lock icon and in address line by the addition “https://”.

You should never give your password for the access to our websites to third parties and you should change this password regularly. In addition, you should not use the same password for accessing our websites that you also use on other websites for password-protected access (e-mail account, online banking etc.). When you have left our websites, you should actively log out and close your browser, in order to avoid authorised users gaining access to your user account.

When communicating by e-mail, we cannot guarantee full data security.

Advertising by e-mail (e.g. E-mail newsletter)

We use the services of the provider, CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany, for sending e-mail messages. The data named below is processed by CleverReach on our behalf and stored on the servers of CleverReach for this purpose. CleverReach uses the data for dispatching and analysing the newsletter. The data protection provisions of the service provider are available at https://www.cleverreach.com/de/datenschutz/ .

The following data from the entry mask is thereby transmitted when registering for the newsletter.

  • Name
  • E-mail address

 

Legal basis for processing the data by our newsletter service provider after registering for the newsletter in the case of the existence of your consent is Art. 6 para. 1 lit. a GDPR.

The collection of your e-mail address is used to send the newsletter.

The data is deleted as soon as it is no longer necessary for the purpose, for which it was collected. Your e-mail address is, therefore, stored for as long as the subscription of the newsletter is active.

You can cancel the subscription of the newsletter at any time. A corresponding link can be found for this purpose in every newsletter.

A revocation of the consent to store personal data collected during the registration process is also made possible here.

Newsletter Tracking

An evaluation of the opening rate of the e-mails and a click evaluation within the newsletter are also carried out by CleverReach. We use this technique to determine the degree of interest in specific topic and to measure the effectiveness of our communication measures. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR also lies here. This data is segmented and stored in an anonymised manner. We do not exchange this data with anyone and we make no attempt to associate "click-throughs" with individual e-mail addresses. The individual user data is deleted after the compiling of the anonymised total evaluation - after 3 months at the latest.

The newsletters dispatched by CleverReach contain a tracking pixel that sends information to CleverReach as soon as you open the newsletter. In doing so, the following information is collected:

  • your IP address
  • information on the browser used
  • information on the system used
  • time of the retrieval

 

The legal basis for the processing of personal data by the service provider CleverReach for analysis purposes is Art. 6 para. 1 lit. f GDPR.

The use of tracking software is carried out to improve the quality of our newsletter system and its contents. Through the tracking software we discover how the newsletters are used and can thus constantly optimise our offer.

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

A cookie is stored on your computer when you use our websites. What does this mean?

We use so-called cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These are only stored on your hard disk. Cookies can only be read by the server that previously stored them there and provides information about what you have looked at on a website and when. Cookies themselves only identify the IP address of your computer and do not store any personal information, such as your name. The data stored in the cookies is not linked to your personal details (name, address, etc.).

We use cookies in order to make our website more user-friendly. Some elements of our website make it necessary to be able to identify the accessing browser even after a page change.

The following data is therefore stored and transmitted in the cookies:

  1. Language settings
  2. Log on information, in particular, the type of client Private or Business Client
  3. Configurators

The details relating to you in this manner are pseudonymised by technical means. An allocation of data to the accessing user is therefore no longer possible. The data is not stored together with any other personal data relating to you.

It is up to you to decide whether you allow cookies. On the one hand, you have the option of accepting all cookies, of being informed when cookies are set or refusing all cookies by changing your browser settings (usually to be found under “Option” or “Settings” in the browser’s menu. On the other hand, you are free to decide via the banner that is shown the first time you visit our websites and which refers to this data protection statement, whether you wish to give your consent for cookies to be set or refuse this.

The legal basis for the processing of personal data using the cookies technically needed for this is Art. 6 para. 1 lit. f GDPR.

The objective of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. It is necessary for these that the browser is also identified after a page change.

The user data collected by technically necessary cookies are not used for creating user profiles.

Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.

Cookies are stored on your computer and transmitted by this to our page. In this way, you still have the full control over the use of cookies as the user. You can deactivate or limit the transmission of cookies by changing the settings in your internet browser. Cookies already stored can be deleted at any time. This can even be done automatically. If cookies are deactivated for our website, it is possible that all the functions of the website may not be used to their full extent.

Some of our services also use so-called tracking bugs or tracking pixels as well. These are mostly only 1x1 pixel measuring code snippets that are able to identify and to recognise the type of your browser via the browser ID – the individual fingerprint of our browser. The service provider can therefore see when and how many users have accessed the pixel, or whether and when an e-mail was opened or a website was visited.

You can prevent the data recording by these tracking bugs, by either opening your e-mails offline or by stopping the loading of external graphics in your e-mail programme.

Rights of data subjects

If personal data relating to you is processed, you are a data subject as defined in the GDPR and you are entitled to the following rights against the controller:

Information, rectification, restriction of processing and erasure

You have the right at any time to obtain information free of charge about any personal data we have stored about you, about the origin and recipient as well as the purpose of data processing via our websites. In addition, you have the right to rectification, erasure and restriction of the processing of your personal data, where the statutory provisions exist.

Right to data portability

You have the right to receive the personal data relating to you that you have made available to us as controller in a structured, commonly used and machine readable format. We can meet this right by providing a csv-export of the customer data processed relating to you.

Right to information

If you have asserted your right to rectification, erasure or restriction of processing to the controller, this is obliged to inform all recipients, to whom the personal data relating to you was disclosed, about this rectification or erasure of the data or the restriction of processing, unless this proves to be impossible or involves an unreasonable expense or effort.

You have the right vis-à-vis the controller to be informed of these recipients.

Right to object

You have the right, for reasons that result from your particular situation, to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR.

The controller no longer processes the personal data relating to you, unless he can prove compelling legitimate grounds for the processing that override your interests, rights and liberties, or the processing serves the assertion, exercise or defence of legal claims.

If the personal data relating to you is processed in order to operate direct advertising, you have the right to object to the processing of the personal data relating to you for the purpose of such advertising at any time, this also includes profiling, where this is associated with such direct advertising.

If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.

Revocability of data protection declarations of consent

In addition, you may revoke the consents that you have given us with effect to the future at any time at the contact details stated below.

Right to lodge a complaint with a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the member state of your place of residence, your place of work or the place of alleged infringement, if you consider that the processing of the personal data relating to you infringes the EU general data protection regulation.

The supervisory authority, with which the complaint has been lodged, informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Changes to this data protection statement

We reserve the right to change this data protection statement when the occasion arises and without prior notice. Please therefore consult this page regularly to find out about possible changes to this data protection statement.

As of May 2018

Contact

Do you have any questions or would you like to talk to us in person? We would be delighted to advise you in person!
Tel. +49 9345 6700

To the contact form