Privacy
Privacy notices
The protection of your privacy is very important to us. We therefore proceed according to the statutory regulations of the European and German data protection legislation in all operations of data processing (e.g. collecting, processing and transmission).
The following notices give you an overview of which of your data is asked for on our websites, how this data is used and forwarded, in which way you can find out about the information given to us and which security measures we take to protect your data.
Content
Controller as defined in the data protection regulations for all data processing procedures carried out via our websites is:
mbo Osswald GmbH & Co KG
Steingasse 13
D-97900 Kuelsheim-Steinbach
Telephone +49 9345 – 6700
Fax +49 9345 – 6255
Please address your enquiries on the topic of data protection and the assertion of the rights of data subjects (cf. below) to datenschutz@mbo-osswald.de.
Our external data protection officer is:
heyData GmbH
Schützenstraße 5
10117 Berlin
Which data do we need from you for the use of our websites? Which data is collected and stored during use?
Personal data is any information that refers to an identified or identifiable natural person (“data subject”), such as e.g. your name, your address, your phone number, your date of birth, your bank details and your IP address.
Basically, we only collect and use personal data when this is necessary in order to provide a functioning website and our contents and services. The collection and use of personal data takes place regularly only with your consent. An exception applies in such cases, where obtaining prior consent is not possible for practical reasons and the processing of data is permitted by statutory regulations.
Usage data
The following data is recorded during the use of our websites, whereby storage is exclusively for internal system-related and statistical purposes, so-called usage data:
- Information on the type of browser and the version used
- The operating system
- The Internet Service Provider
- The IP address
- Date and time of access
Legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR (General Data Protection Regulation).
The temporary storage of the IP address is required by the system, in order to enable the delivery of the website to the user’s computer. For this purpose, the user’s IP address must be stored for the duration of the session.
The storage in log files is carried out to ensure the functioning of the website. In addition, the data is used to optimise the website and ensure the security of our IT systems. An analysis of the data for marketing purposes does not take place in this connection.
Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. In the case of recording data to make the website available, this is the case when the respective session is terminated.
In the case of storing the data in log files, this is the case after seven days at the latest. Storage beyond this is possible. In this case, the IP addresses of the users are deleted or modified so that it is no longer possible to allocate them to the accessing client.
The recording of data to make the website available and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no contesting option.
Registration
We offer you the option of registering on our website, giving personal data. For this, the data is entered in an entry mask and transmitted to us and stored. The following data is processed in the course of the registration process:
At the time of registration the following data is also stored:
- Full name of the client and full company name
- Type of client – corporate client or consumer client
- E-mail address
- Address (invoice address and different delivery address if applicable)
- Phone number
- The answers to the optionally designed question, how you found us or how you heard about us
- Password
Legal basis for processing the data in the case of the existence of your consent is Art. 6 para. 1 lit. a GDPR.
If the registration serves the fulfilment of a contract, of which you are a contractual party or the execution of pre-contractual measures, additional legal basis for processing the data is Art. 6 para. 1 lit. b GDPR.
Registration is necessary for making certain contents and services available on our website.
Registration is necessary to fulfil a contract with the user or to execute pre-contractual measures.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected.
This is the case for the fulfilment of a contract or the execution of pre-contractual measures during the registration process, if the data is no longer necessary for the execution of the contract. Even after concluding the contract, the necessity to store personal data of the contractual partner may exist, in order to comply with contractual and statutory obligations.
You have the opportunity, as the user, to cancel the registration by an appropriate request by e-mail. You may also have the data stored about you altered at any time by appropriate information by e-mail.
If the data is required to fulfil a contract or to execute pre-contractual measures, a premature erasure of the data is only possible, if it is not contrary to contractual or statutory obligations.
Contact form
We provide a contact form for you on our website, with which you can conveniently get in touch with us electronically and send us your request. We only collect your name and possibly title and your address as well as the name of your company, your department and the address of your company, your e-mail address and your phone number via the contact form. Giving your phone number is voluntary.
We seek your consent for the processing of data during the dispatch process and refer to those privacy notices.
Alternatively, it is possible to contact us using the e-mail address provided. In this case the personal data transmitted with the e-mail is stored.
We only use your data to process your enquiry and can contact you for this purpose using the contact data given. Use of this data for advertising purposes or forwarding to third parties does not take place.
Legal basis for processing the data in the case of the existence of your consent is Art. 6 para. 1 lit. a GDPR.
Legal basis for the processing of the data transmitted to us via the contact form or in the course of transmitting an e-mail is Art. 6 para. 1 lit. f GDPR. If making contact also aims at concluding a contract, additional legal basis for processing is Art. 6 para. 1 lit. b GDPR.
The processing of personal data from the entry mask is only used for processing the communication with you. In the case of contact made by e-mail, the required legitimate interest is also in the processing of the data.
The other personal data processed during the dispatch process are only used to avoid abuse of the contact form and to ensure the security of our IT systems.
The data is deleted as soon as it is no longer necessary for the purpose for which it was collected. This is the case for the personal data from the entry mask of the contact form and the personal data transmitted by e-mail, if the respective conversation with you is terminated. The conversation is terminated when it can be inferred from the circumstances that the situation concerned has been conclusively clarified.
The personal data additionally collected during the dispatch process are deleted after a period of seven days at the latest.
You have the possibility of revoking your consent to the processing of personal data at any time. To do so, you can contact us by e-mail and revoke your consent. Should you contact us by e-mail, you can revoke the storage of your personal data at any time. The conversation cannot be continued in such a case.
All personal data that was stored in the course of making contact will be deleted in this case.
How is my data used, and possibly forwarded to third parties, and for what purpose is this carried out?
Fulfilment of contractual legal transactions or initiation of legal transactions
We use the personal data made available to us in order to process customer inquiries and orders as well as supplier inquiries and orders in accordance with article 6 paragraph 1 items b and c GDPR. We only collect data that we require for this purpose and that you yourself have communicated to us. Collection and/or processing of your personal data beyond the scope of what is permitted by law takes place only following your express consent.
Your personal data is only disclosed, sold or transferred in any other way to third-parties if this disclosure is necessary for the purposes of executing a contract or for invoicing or for collecting payment (e.g. shipping company or payment service provider), if there is a legitimate interest or you if have expressly consented to this. We are further authorised to disclose personal data for the purposes of debt collection and reserve the right to transfer data with credit information agencies (e.g. Schufa), provided, of course, that there is a legal basis for this.
The legal basis for the transfer of data to third-parties for the purposes of executing a contract or for invoicing purposes is provided by Art. 6 para. 1 item. b GDPR.
The data is stored for the duration of the relevant contractual relationship or contractual or similar obligation. This period is generally 10 years in the case of legal transactions and 6 years in the case of commercial documents.
Applications for situations vacant or unsolicited applications
We use the information made available by you to select potential employees in accordance with Article 6 paragraph 1 b) GDPR. We only collect data that we require for this purpose and that you yourself have communicated to us. Collection and/or processing of your personal data beyond the scope of what is permitted by law takes place only following your express consent.
Your personal data is disclosed, sold or transferred in any other way to third-parties only if this disclosure is necessary for the purposes of executing a contract or for invoicing or for collecting payment (e.g. shipping company or payment service provider), there is a legitimate interest or you have expressly consented to this. We are further authorised to disclose personal data for the purposes of debt collection and reserve the right to transfer data with credit information agencies (e.g. Schufa), provided, of course, that there is a legal basis for this.
The legal basis for the transfer of data to third-parties for the purposes of executing a contract or for invoicing purposes is provided by Art. 6 para. 1 item. b GDPR.
Data received from applicants is always deleted 4 months after the position in question has been assigned. This does not apply to the data of applicants who have given consent for their data to continue to be stored in the pool of applicant data. In the case of such data, a check is performed after two years to determine whether there is a requirement for continued storage. If there is no such requirement, the data is deleted.
Web site
We use the personal data you make available to us to answer your enquiries, to deal with your order in our online shop as well as for the technical administration of our websites.
Your personal data is disclosed, sold or transferred in any other way to third-parties only if this disclosure is necessary for the purposes of executing a contract or for invoicing or for collecting payment (e.g. shipping company or payment service provider), there is a legitimate interest or you have expressly consented to this. We are further authorised to disclose personal data for the purposes of debt collection and reserve the right to transfer data with credit information agencies (e.g. Schufa), provided, of course, that there is a legal basis for this.
The legal basis for the transfer of data to third-parties for the purposes of executing a contract or for invoicing purposes is provided by Art. 6 para. 1 item. b GDPR.
Payment processing via Paypal
For payment processing in our online shop, we use the payment system of the external payment service provider PayPal (Europe) S.à r.l. et Cie, S.C.A. 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as “PayPal”). If you wish to pay by credit card or PayPal, for example, a connection to the online paying system of PayPal is made automatically via a technical interface. The payment data you give is transmitted via an encrypted connection to PayPal exclusively for the purpose of the payment processing and stored and processed there. The processing of the data is also carried out exclusively for the above mentioned purpose of the payment processing of your order, whereby the payment data have to be forwarded by PayPal where necessary to the credit institute named by you, in order to trigger and authorise the payment process.
Integration of a 3D service of TraceParts S.A.
We use a service of the company TraceParts S.A., Parc Eco Normandie, 76430 Saint Romain (France), in order to also be able to present our products to you in the context of our product descriptions in the form of 3D models. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR also lies here.
If you make use of this offer by entering the corresponding e-mail address to your TraceParts Account in the appropriate box with the designation “TraceParts Account”, this address you have entered will be transmitted to TraceParts for identification purposes. If you do not have an account at TraceParts, you can alternatively request a download to view the 3D models according to corresponding format selection, if you are registered in our shop. The 3D view of our products is then also available to you.
Integration of a data application from the company OpenAI OpCo, LLC
We use a data application service from the company OpenAI OpCo, LLC, 3180 18th St., San Francisco, CA 94110 (referred to as “OpenAI” below) for the launching, processing and execution of orders as well as for the processing of enquiries received via email or the contact form on our website. If you send an enquiry or an order via email or get in touch with us electronically using the contact form on our website then the subject and content of your email or the data collected in the contact form are passed on to the application via a technical interface. The data you enter are sent via the encrypted interface to OpenAI, where they are stored and processed. The data is processed in order to handle the contact request and, in particular, to categorise it on the basis of its subject matter and assign it a priority, as well as for the automatic recording of transferred invoice and delivery addresses for further processing in the order process. OpenAI processes data on our behalf and processing is safeguarded contractually by a contract processing agreement in accordance with Art. 28 GDPR and the corresponding standard contractual clauses issued by the European Commission (Implementing Decision (EU) 2021/914 of the EU Commission of 04.06.2021 – ref. C(2021) 3972, OJ. EU No. L 199/31 of 07.06.2021). The standard contractual clauses are used as a suitable mechanism for the transfer of data overseas in accordance with Art. 46 (2) point c GDPR in order to safeguard the transfer of data to OpenAI, which has its head office in the USA as a so-called EU third country. The German version of the standard contractual clauses can be consulted https://commission.europa.eu/system/files/2021-06/1_de_annexe_acte_autonome_cp_part1_v3.pdf.
The legal basis for the processing of the personal data is provided by Art. 6 (1) point b GDPR insofar as the data are used for the above-mentioned purpose of launching, processing and executing orders. Art. 6 (1) point f GDPR provides the legal basis for enquiries that do not relate to the fulfilment of a contract. The legitimate interest lies in the processing of contact requests, the rapid processing of the information that you send us and in the categorisation and prioritisation of the received enquiry so that it can be processed quickly and correctly.
For more information on the purpose and scope of data collection, as well as on the processing of your data by OpenAI, please consult the OpenAI API data usage policy. This can be found on the web at https://openai.com/policies/api-data-usage-policies. The general data protection provisions of OpenAI can be consulted at https://openai.com/policies/privacy-policy.
You have the right to object to your personal data being processed by OpenAI at any time. To exercise this right, please use the contact details given above.
Reporting system / Complaints procedure / Ombudsperson / Hintbox
You can consult the applicable provisions under data protection legislation at the following link: https://mbo.hintbox.de/privacy-system
Forwarding in legally prescribed cases
We point out that we are entitled in individual cases to give information on data upon instructions of the competent body, where this is required for the purposes of law enforcement, averting danger by the police forces of the German federal states, for complying with the legal assignments of the state and federal offices of the protection of the constitution, of the federal intelligence service or the military counter-intelligence service or to enforce intellectual property rights.
On our websites we link to the social media platforms Facebook, Instagram and YouTube. This is carried out via a corresponding symbol on our websites that is labelled with the corresponding logo of the respective social media platform and behind which a corresponding link to our corresponding social media page is hidden. Social plugins (such as the Facebook “Like” button) are not integrated here.
No data relating to you is transmitted to these services by our references to the social media services. These are normal hyperlinks, via which no data transmission takes place regularly. If you click on the link, you will be forwarded directly to our social media presence at the respective social media service. A data transmission only takes place in doing so, if you are logged on to your user account of the corresponding social media service. You can then link or distribute contents of our websites directly with the social media service or, in the case of YouTube, watch the videos of our YouTube channel. The respective social media service possibly finds out which contents you have watched on our websites in this way.
Responsible for the social media services linked by us are exclusively:
- for Facebook and Instagram and their web presence Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Dublin, Ireland
- for YouTube and their web presence YouTube, LLC, 901 Cherry Ave., St. Bruno, CA 94066, USA
Further information about the purpose and extent of data collection and about the further processing of your data by the respective social media service can be found in the data protection regulations of the respective service. These are available on the internet:
- Facebook: https://www.facebook.com/about/privacy/
- YouTube: https://www.google.de/intl/en/policies/privacy/
- Instagram: https://privacycenter.instagram.com/policy
Under the named links, you will also find information about settings options to protect your privacy and about your further rights concerning the collection, processing and use of your data by the respective social media service, among other things.
You are yourself responsible for transmitting data to the social network services mentioned above, as you become active by logging on to your respective social network account and following the respective link and therefore initiate the data processing by the respective social network service that takes place subsequently.
Information about our YouTube channel
We operate this site in order to draw attention to our products and to establish contact with you as a visitor and user of this YouTube channel and our web site. You can find more information on us and our company on our web site at https://www.mbo-osswald.de/en.
Whenever a user visits our YouTube channel, data concerning the user is collected, stored and used by YouTube.
We, as the operators of the YouTube channel, have no interest in the collection and further processing of your individual personal data for analytical or marketing purposes. However, we have no control over this because the data is collected and used solely by YouTube. You can find further information on how we handle personal data here in our Privacy notices.
The operation of our YouTube channel, including the processing of users' personal data by YouTube, is based on our legitimate interest in the use of a modern supporting method for informing and interacting with our users and visitors in accordance with Art. 6 para. 1 item. f. GDPR.
Name and address of the controllers:
The joint controllers with regard to the operation of our YouTube channel for the purposes of the General Data Protection Regulation and other data protection provisions, are:
Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
and
mbo Osswald GmbH & Co KG, Steingasse 13, 97900 Kuelsheim-Steinbach, Germany
You can contact our Data Protection Office by e-mail at datenschutz@mbo-osswald.de. The Data Protection Officer will be happy to assist you with your inquiries regarding data protection.
Processing of personal data by YouTube
Whenever you connect to our YouTube channel, your browser establishes a connection to YouTube and transfers information.
Apps, browsers and devices
The data collected by YouTube includes unique identifications, the browser type and settings, the device type and settings, the operating system, information about the mobile network such as the name of the network operator and the telephone number and version number of the app. YouTube also collects data about the way your apps, browsers and devices interact with its services. This includes, among other things, the IP address, crash reports, system activities as well as the data, time and referrer URL for your request.
Activities
YouTube collects data about your activities. YouTube uses this data, for example, to recommend videos that you might like. The following activity data might be collected, among other information:
- Terms that you search for
- Videos that you watch
- Content and videos that you see and interact with
- Language and audio data when you use audio functions
- People with whom you communicate or exchange content with
- Activities on third-party provider web sites and apps that use our services
- The Chrome browser activity that you have synchronized with your Google account
Location data
When you use YouTube, YouTube may collect data about your location.
Your location may be determined with differing levels of accuracy. To do this we use:
- GPS
- IP address
- Sensor data from your device
- Information about objects close to your device such as WLAN access points, radio masts and Bluetooth-capable devices
The types of location data collected by YouTube depend in part on your device and account settings. Thus, for example, you can use the "Settings" app on your device to turn location detection on your Android device on or off. If you want to save and manage your location data in your account, you can also turn on the location history.
YouTube processes all the data collected about you via our YouTube channel and may sometimes transfer it to countries outside of the European Union. For further details on the information obtained by YouTube and the way it is used, see the Privacy Policy at https://policies.google.com/privacy.
The ways in which YouTube uses the data resulting from your visit to our YouTube channel for its own purposes, the extent to which activities on the YouTube channel are attributed to individual users, the period for which YouTube stores this data and whether data resulting from a visit to the YouTube channel is made available to third-parties are not definitively and clearly stated by YouTube and are therefore unknown to us. All related information can also be taken from the above-mentioned Privacy Policy.
However, Google Inc., the US-American parent corporation to which YouTube belongs, is certified under the EU-U.S. Privacy Shield and thereby agrees to abide by European data protection guidelines.
For further information on Google's Privacy Shield status, go to:
https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI.
Rights of YouTube users
When your personal data is processed, you are a data subject as set out in GDPR and you possess the following rights vis-à-vis the controller:
- Right of access, rectification, restriction of processing and erasure of data
- Right to data portability
- Right to information
- Right to object
- Right to withdraw declarations of consent under data processing legislation
- Right not to be subject to automated individual decision-making and profiling
- Right to lodge a complaint with a supervisory authority
You can find further information on the rights of data subjects here in the Privacy notices.
Because YouTube has full access to the user data, we recommend that you contact YouTube directly if you wish to request information or have any other questions regarding your rights as a user (e.g. right to erasure). If you require any assistance to do this or have other questions, please contact us by e-mail at datenschutz@mbo-osswald.de or at the above address.
Ways of objecting
For information on the ways of contacting YouTube and the choices you can make with regard to the data collected by YouTube and the way it is used, go to https://policies.google.com/privacy?hl=en&gl=de#infochoices.
Information about our Facebook page
We operate this page in order to draw attention to our products and to establish contact with you as a visitor and user of this Facebook page and our web site. You can find more information on us and our company on our web site at https://www.mbo-osswald.de/en.
You do not have to be a member of Facebook in order to see this Facebook page. However, whenever anyone visits our Facebook page, visitor data is collected, stored and processed by Facebook.
We, as the operators of the Facebook page, have no interest in the collection and further processing of your individual personal data for analytical or marketing purposes. However, we have no control over this because the data is collected and used solely by Facebook. Further information on the way we handle personal data can be found here in the Privacy notices.
The operation of our Facebook page, including the processing of users' personal data by Facebook, is based on our legitimate interest in the use of a modern supporting method for informing and interacting with users and visitors in accordance with Art. 6 para. 1 item. f. GDPR.
Name and address of the controllers:
The joint controllers with regard to the operation of our Facebook page for the purposes of the General Data Protection Regulation and other data protection provisions, are:
Facebook Ireland Ltd. (referred to as "Facebook" here) 4 Grand Canal Square Grand Canal Harbour Dublin 2 Ireland
and
mbo Osswald GmbH & Co KG, Steingasse 13, 97900 Kuelsheim-Steinbach, Germany
You can contact our Data Protection Office by e-mail at datenschutz@mbo-osswald.de. The Data Protection Officer will be happy to assist you with your inquiries regarding data protection.
Processing of personal data by Facebook
Whenever you connect to our Facebook page, your browser establishes a connection to Facebook and transfers information.
IP address
When you access a Facebook page, the IP address assigned to your terminal device is transferred to Facebook. According to the information provided by Facebook, this IP address is anonymized and deleted after 90 days. Facebook also stores information about its users' terminal devices (e.g. as part of the "Login notification" function). It may be possible for Facebook to use this to assign IP addresses to individual users.
Cookies
If you are currently logged into Facebook as a user then a cookie with your Facebook identification is present on your terminal device. This allows Facebook to tell that you have searched for this page and how you have used it. The same applies for all other Facebook pages. Due to the Facebook buttons present on web pages, Facebook is able to record your visits to these web pages and assign them to your Facebook profile. This data can be used to tailor content or advertising to your profile.
Facebook Insights
Via the Facebook page's so-called "Insights", we, as operator of the page, are able to call up various categories of statistical data. These statistics are generated and made available by Facebook. As operator of the page, we have no influence over their generation and presentation. This function cannot be deactivated and the generation and processing of the data cannot be prevented. Facebook provides us with the following data with regard to our Facebook page for a selectable period and for each of the categories: fans, subscribers, people reached and people engaged:
- Total number of calls of the page
- "Likes" values
- Page activities
- Engagement with contributions
- Reach
- Video viewing
- Reach of contributions
- Comments
- Shared contents
- Replies
- Proportion of men and women
- Origin (country and city)
- Language
- Calls and clicks in the shop
- Clicks on route planners
- Clicks on telephone numbers
In this way, we are also provided with data on the Facebook groups that are linked to our Facebook page. Since we have no influence on Facebook's development activities, changes to the data that is collected and processed may occur at any time. For further details and up-to-date information, we therefore refer you to the Facebook Privacy Policy indicated below.
We use the data made available to us by Facebook to make our posts and activities on our Facebook page more attractive to users. We use the distributions by age and gender for a customized approach and use the preferred user times to optimize the timing of our contributions. Information about the type of terminal devices used by visitors helps us adapt the visual appearance of our posts to the terminal devices preferred by visitors. In accordance with Facebook's conditions of use which all users have agreed to when setting up a Facebook profile, we are able to identify subscribers to and fans of the page and view their profiles and other shared information regarding them.
Facebook processes all the data collected about you via our Facebook page and may sometimes transfer it to countries outside of the European Union. Facebook provides a general description of the information it obtains and how it is used in its Privacy Policy, which can be viewed at https://www.facebook.com/about/privacy.
Facebook's full Data Policy can be found at http://www.facebook.com/full_data_use_policy.
The ways in which Facebook uses the data resulting from your visit to Facebook pages for its own purposes, the extent to which activities on the the Facebook page are attributed to individual users, the period for which Facebook stores this data and whether data resulting from a visit to the Facebook page is made available to to third-parties are not yet definitively and clearly stated by Facebook and are therefore unknown to us. All related information can also be taken from the above-mentioned Data Policy.
However, Facebook Inc., the US-American parent corporation to which Facebook Ireland Ltd. belongs, is certified under the EU-U.S. Privacy Shield and thereby agrees to abide by European data protection guidelines.
For further information on Facebook's Privacy Shield status, go to:
https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.
Rights of Facebook users
When your personal data is processed, you are a data subject as set out in GDPR and you possess the following rights vis-à-vis the controller:
- Right of access, rectification, restriction of processing and erasure of data
- Right to data portability
- Right to information
- Right to object
- Right to withdraw declarations of consent under data processing legislation
- Right not to be subject to automated individual decision-making and profiling
- Right to lodge a complaint with a supervisory authority
You can find further information on the rights of data subjects here in our Privacy notices.
Because Facebook has full access to the user data, we recommend that you contact Facebook directly if you wish to request information or have any other questions regarding your rights as a user (e.g. right to erasure). If you require any assistance to do this or have other questions, please contact us by e-mail at datenschutz@mbo-osswald.de or at the above address.
Ways of objecting
If you do not want your data to be processed in this way in the future, you can use the functions "I no longer like this page" or "Do not subscribe to this page" to cancel the link between your user profile and our page.
Proceed as follows if you want to prevent Facebook from linking the data collected via our fan page with the member data stored by Facebook:
- Log off from Facebook before visiting our fan page.
- Delete the cookies present on your terminal device
- Shut down and restart your browser.
For information on how to contact Facebook, the setting options available for advertising as well as on the management and erasure of the information held regarding you, see http://www.facebook.com/about/Privacy.
Information about our Instagram page
We operate this page in order to draw attention to our products and to establish contact with you as a visitor and user of this Instagram page and our web site. You can find more information on us and our company on our web site at https://www.mbo-osswald.de/en.
Whenever anyone visits our Instagram page, visitor data is collected, stored and processed by Instagram.
We, as the operator of the Instagram page, have no interest in the collection and further processing of your individual personal data for analytical or marketing purposes. However, we have no control over this because the data is collected and used solely by Instagram. You can find further information on how we handle personal data here in our Privacy Notice on our web site at https://www.mbo-osswald.de/en/privacy/.
The operation of our Instagram page, including the processing of users' personal data by Instagram, is based on our legitimate interest in the use of a modern supporting method for informing and interacting with users and visitors in accordance with Art. 6 para. 1 item. f. GDPR.
Name and address of the controllers:
The joint controllers with regard to the operation of our Instagram page for the purposes of the General Data Protection Regulation and other data protection provisions, are:
Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland
and
mbo Osswald GmbH & Co KG, Steingasse 13, 97900 Kuelsheim-Steinbach, Germany
You can contact our Data Protection Officer by e-mail at datenschutz@mbo-osswald.de. The Data Protection Officer will be happy to assist you with your inquiries regarding data protection.
Processing of personal data by Instagram
Whenever you connect to our Instagram page, your browser establishes a connection to Instagram and transfers information.
Cookies
Instagram uses cookies and similar technologies such as Pixel, Web Beacons or local storage in order to collect information about how you use Instagram, make functions available to you and show you advertising tailored to your interests.
Log file information
When you use Instagram, certain log file information is automatically recorded. This includes the web request, IP address, browser type, referring/exit pages and URLs, the number of clicks and the way in which you interact with the links in the service, as well as domain names, landing pages, called pages and other similar information. This information allows Instagram to perform more accurate reporting and consequently helps improve the service.
Device IDs:
When Instagram is accessed via mobile devices, Instagram can access one or more “device IDs”, record and monitor these and save them on your device and/or another computer. Device IDs are small files or similar data structures that are stored on your mobile device or assigned to it and uniquely identify your mobile device. A device ID can take the form of data and/or other software that is stored in connection with the device hardware or its operating system or data that is sent to the device by Instagram.
The device ID supplies information on how the service is used and allows Instagram to provide reports or personalised contents and advertising. Certain functions of the service may not function correctly if the use or availability of device IDs is impaired or disabled.
Instagram processes all the data collected about you via our Instagram page and may sometimes transfer it to countries outside of the European Union. Instagram provides a further general description of the information it obtains and how it is used in its Privacy Policy, which can be viewed at https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.
The ways in which Instagram uses the data resulting visits to Instagram pages for its own purposes, the extent to which activities on the Instagram page are attributed to individual users, the period for which Instagram stores this data and whether data resulting from a visit to the Instagram page is made available to third-parties are also set out in the above-mentioned Privacy Policy.
Rights of Instagram users
When your personal data is processed, you are a data subject as set out in GDPR and you possess the following rights vis-à-vis the controller:
- Right of access, rectification, restriction of processing and erasure of data
- Right to data portability
- Right to information
- Right to object
- Right to withdraw declarations of consent under data processing legislation
- Right not to be subject to automated individual decision-making and profiling
- Right to lodge a complaint with a supervisory authority
You can find more information on these data subject rights in the Privacy Notice on our web site at https://www.mbo-osswald.de/en/privacy/.
Because only Instagram has full access to the user data, we recommend that you contact Instagram directly if you wish to request information or have any other questions regarding your rights as a user (e.g. right to erasure). If you require any assistance to do this or have other questions, please contact us by e-mail at datenschutz@mbo-osswald.de or at the above address.
Ways of objecting
You can find information on ways to contact Instagram at https://privacycenter.instagram.com/policy/?section_id=13-HowToContactMeta.
We have taken a variety of security measures to protect personal information appropriately and adequately.
Our databases are protected by physical and technical measures, as well as procedural measures that restrict access to the information to specially authorised persons in compliance with those data protection notices. Our information system is located behind a software firewall to prevent access from other networks that are connected to the internet. Only employees, who require the information to complete a special task, obtain access to personal information. Our staff are trained regarding security and data protection practices.
We use the standardised SSL encryption technology when collecting and transmitting data via our internet pages. Personal details are transmitted via SSL encryption during the ordering procedure, identifiable in the browser by the lock icon and in address line by the addition “https://”.
You should never give your password for the access to our websites to third parties and you should change this password regularly. In addition, you should not use the same password for accessing our websites that you also use on other websites for password-protected access (e-mail account, online banking etc.). When you have left our websites, you should actively log out and close your browser, in order to avoid authorised users gaining access to your user account.
When communicating by e-mail, we cannot guarantee full data security.
We use the services of the provider, CleverReach GmbH & Co. KG, Mühlenstraße 43, 26180 Rastede, Germany, for sending e-mail messages. The data named below is processed by CleverReach on our behalf and stored on the servers of CleverReach for this purpose. CleverReach uses the data for dispatching and analysing the newsletter. The data protection provisions of the service provider are available at https://www.cleverreach.com/en/privacy-policy/.
The following data from the entry mask is thereby transmitted when registering for the newsletter.
- Name
- E-mail address
Legal basis for processing the data by our newsletter service provider after registering for the newsletter in the case of the existence of your consent is Art. 6 para. 1 lit. a GDPR.
The collection of your e-mail address is used to send the newsletter.
The data is deleted as soon as it is no longer necessary for the purpose, for which it was collected. Your e-mail address is, therefore, stored for as long as the subscription of the newsletter is active.
You can cancel the subscription of the newsletter at any time. A corresponding link can be found for this purpose in every newsletter.
A revocation of the consent to store personal data collected during the registration process is also made possible here.
An evaluation of the opening rate of the e-mails and a click evaluation within the newsletter are also carried out by CleverReach. We use this technique to determine the degree of interest in specific topic and to measure the effectiveness of our communication measures. Our legitimate interest according to Art. 6 para. 1 lit. f GDPR also lies here. This data is segmented and stored in an anonymised manner. We do not exchange this data with anyone and we make no attempt to associate "click-throughs" with individual e-mail addresses. The individual user data is deleted after the compiling of the anonymised total evaluation - after 3 months at the latest.
The newsletters dispatched by CleverReach contain a tracking pixel that sends information to CleverReach as soon as you open the newsletter. In doing so, the following information is collected:
- your IP address
- information on the browser used
- information on the system used
- time of the retrieval
The legal basis for the processing of personal data by the service provider CleverReach for analysis purposes is Art. 6 para. 1 lit. f GDPR.
The use of tracking software is carried out to improve the quality of our newsletter system and its contents. Through the tracking software we discover how the newsletters are used and can thus constantly optimise our offer.
Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
We use so-called cookies on our websites. Cookies are small amounts of data in the form of text information that the web server sends to your browser. These are only stored on your hard disk. Cookies can only be read by the server that previously stored them there and provides information about what you have looked at on a website and when. Cookies themselves only identify the IP address of your computer and do not store any personal information, such as your name. The data stored in the cookies is not linked to your personal details (name, address, etc.).
We use cookies in order to make our website more user-friendly. Some elements of our website make it necessary to be able to identify the accessing browser even after a page change.
The following data is therefore stored and transmitted in the cookies:
- Language settings
- Log on information, in particular, the type of client Private or Business Client
- Configurators
The details relating to you in this manner are pseudonymised by technical means. An allocation of data to the accessing user is therefore no longer possible. The data is not stored together with any other personal data relating to you.
It is up to you to decide whether you allow cookies. On the one hand, you have the option of accepting all cookies, of being informed when cookies are set or refusing all cookies by changing your browser settings (usually to be found under “Option” or “Settings” in the browser’s menu. On the other hand, you are free to decide via the banner that is shown the first time you visit our websites and which refers to those privacy notices, whether you wish to give your consent for cookies to be set or refuse this.
The legal basis for the processing of personal data using the cookies technically needed for this is Art. 6 para. 1 lit. f GDPR.
The objective of using technically necessary cookies is to simplify the use of websites for you. Some functions of our website cannot be offered without the use of cookies. It is necessary for these that the browser is also identified after a page change.
The user data collected by technically necessary cookies are not used for creating user profiles.
Our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR also lies in these purposes.
Cookies are stored on your computer and transmitted by this to our page. In this way, you still have the full control over the use of cookies as the user. You can deactivate or limit the transmission of cookies by changing the settings in your internet browser. Cookies already stored can be deleted at any time. This can even be done automatically. If cookies are deactivated for our website, it is possible that all the functions of the website may not be used to their full extent.
Some of our services also use so-called tracking bugs or tracking pixels as well. These are mostly only 1x1 pixel measuring code snippets that are able to identify and to recognise the type of your browser via the browser ID – the individual fingerprint of our browser. The service provider can therefore see when and how many users have accessed the pixel, or whether and when an e-mail was opened or a website was visited.
You can prevent the data recording by these tracking bugs, by either opening your e-mails offline or by stopping the loading of external graphics in your e-mail programme.
If personal data relating to you is processed, you are a data subject as defined in the GDPR and you are entitled to the following rights against the controller:
Information, rectification, restriction of processing and erasure
You have the right at any time to obtain information free of charge about any personal data we have stored about you, about the origin and recipient as well as the purpose of data processing via our websites. In addition, you have the right to rectification, erasure and restriction of the processing of your personal data, where the statutory provisions exist.
Right to data portability
You have the right to receive the personal data relating to you that you have made available to us as controller in a structured, commonly used and machine readable format. We can meet this right by providing a csv-export of the customer data processed relating to you.
Right to information
If you have asserted your right to rectification, erasure or restriction of processing to the controller, this is obliged to inform all recipients, to whom the personal data relating to you was disclosed, about this rectification or erasure of the data or the restriction of processing, unless this proves to be impossible or involves an unreasonable expense or effort.
You have the right vis-à-vis the controller to be informed of these recipients.
Right to object
You have the right, for reasons that result from your particular situation, to object at any time to the processing of personal data relating to you that is carried out on the basis of Art. 6 para. 1 lit. e or lit. f GDPR.
The controller no longer processes the personal data relating to you, unless he can prove compelling legitimate grounds for the processing that override your interests, rights and liberties, or the processing serves the assertion, exercise or defence of legal claims.
If the personal data relating to you is processed in order to operate direct advertising, you have the right to object to the processing of the personal data relating to you for the purpose of such advertising at any time, this also includes profiling, where this is associated with such direct advertising.
If you object to the processing for direct advertising purposes, the personal data relating to you will no longer be processed for these purposes.
Revocability of data protection declarations of consent
In addition, you may revoke the consents that you have given us with effect to the future at any time at the contact details stated below.
Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular, in the member state of your place of residence, your place of work or the place of alleged infringement, if you consider that the processing of the personal data relating to you infringes the EU general data protection regulation.
The supervisory authority, with which the complaint has been lodged, informs the complainant on the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.