Privacy policy declaration for OIY Solutions GmbH in accordance with the provisions of the GDPR

OIY Solutions GmbH (hereinafter ‘controller’) is pleased that you are visiting our website. When using our website, data protection and data security are very important to us. We would therefore like to take this opportunity to inform you which of your personal data we collect when you visit our website and for what purposes it is used.

As changes to the law or changes to our internal company processes may make it necessary to adapt this privacy policy, we ask you to read this privacy policy regularly. The privacy policy can be accessed, saved and printed at any time under Privacy Policy.

§ 1 Controller and scope of application

The controller within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

OIY Solutions GmbH

Widdersdorfer Str. 185

50825 Cologne

Germany

Phone: +49 (0)221 6700 4044

Email: info@oater.de

Website: www.oater.de

Further information can be found in the legal notice of our website. This privacy policy applies to the website of OIY Solutions GmbH, which can be accessed under the domain www.oater.de and the various subdomains (hereinafter referred to as ‘our website’).

§ 2 Principles of data processing

We only process the personal data of our users to the extent necessary to provide a functional website and our content and services. The processing of our users' personal data only takes place regularly with the user's consent. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

§ 3 Legal bases

The legal bases for the processing of personal data generally arise from:

• 6 para. 1 lit. a GDPR, as far as we obtain the consent of the data subject for the processing of personal data.
• 6 para. 1 lit. b GDPR for the processing of personal data necessary for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
• 6 para. 1 lit. c GDPR, as far as the processing of personal data is necessary for the fulfilment of a legal obligation to which our company is subject.
• 6 para. 1 lit. f GDPR, as far as the processing is necessary to safeguard a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the former interest.

We state the specific applicable legal bases for the processing operations we carry out.

§ 4 Data erasure and storage duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.

§ 5 Disclosure of data

We only disclose your personal data to third parties if:

• you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR
• this is permitted by law and is required in accordance with Art. 6 para. 1 lit. b GDPR to fulfil a contractual relationship with you
• there is a legal obligation for the disclosure in accordance with Art. 6 para. 1 lit. c GDPR
• the disclosure in accordance with Art. 6 para. 1 lit. f GDPR for the protection of legitimate company interests, as well as for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data.

Recipients of the data are:

• Hubspot

We use the HubSpot service on this website for various purposes. HubSpot is a software company from the USA with a branch in Ireland.

Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

Hubspot is an integrated software solution that we use to cover various aspects of our online marketing. These include, among others:

Email marketing, social media publishing & reporting, reporting, contact management (e.g. user segmentation & CRM), landing pages and contact forms.

Our registration service allows visitors to our website to learn more about our company, download content and provide their contact information and other demographic information. This information and the content of our website is stored on the servers of our software partner HubSpot.

It can be used by us to contact visitors to our website and to determine which of our company's services are of interest to them. All information we collect is subject to this privacy policy. We use all information collected exclusively to optimise our marketing measures.

As part of the optimisation of our marketing measures, the following data may be collected and processed via Hubspot:

• Geographical position
• Browser type
• Navigation information
• Referral URL
• Performance data
• Information about how often the application is used
• Mobile apps data
• Login information for the HubSpot subscription service
• Files that are displayed on site
• Domain names
• Pages viewed
• Aggregated usage
• Operating system version
• Internet service provider
• IP address
• Device identifier
• Duration of the visit
• Where the application was downloaded from
• Operating system
• Events that occur within the application
• Access times
• Clickstream data
• Device model and version
  
  

In addition, we also use Hubspot to provide contact forms. Further information on this can be found in section 4 of this privacy policy.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. If you do not want Hubspot to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future.

The personal data will be stored for as long as it is necessary to fulfil the purpose of processing. The data will be deleted as soon as it is no longer required to fulfil the purpose. As part of processing via HubSpot, data may be transferred to the USA. The security of the transfer is ensured by so-called standard contractual clauses, which guarantee that the processing of personal data is subject to a level of security that corresponds to that of the GDPR. If the standard contractual clauses are not sufficient to establish an adequate level of security, your consent may serve as the legal basis for the transfer to third countries in accordance with Art. 49 para. 1 lit. a GDPR.

§ 6 Requirements for the transfer of personal data to third countries

As part of our business relationships, your personal data may be passed on or disclosed to third-party companies. These may also be located outside the European Economic Area (EEA), i.e. in third countries. When transferring your personal data to third countries, we ensure compliance with the special requirements of Art. 44 et seq. GDPR.

The European Commission certifies that some third countries have a level of data protection comparable to the EEA standard by means of so-called adequacy decisions. However, in other third countries to which personal data may be transferred, there may not be a consistently high level of data protection due to a lack of legal provisions. If this is the case, we ensure that data protection is adequately guaranteed. This is possible via binding corporate rules, standard contractual clauses of the European Commission for the protection of personal data in accordance with Art. 46 para. 1, 2 lit. c GDPR in conjunction with appropriate security guarantees, certificates or recognised codes of conduct.

§ 7 Individual processing operations

Provision and use of the website, type and scope of data processing

When you access and use our website, we collect the personal data that your browser automatically transmits to our server. When you use our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security:

• IP address of the requesting computer
• Date and time of access
• Name and URL of the retrieved file
• Website from which the access is made (referrer URL)
• Browser used and, if applicable, the operating system of your computer, as well as the name of your access provider

This information is temporarily stored in a so-called log file. This data is not stored together with other personal data of the user.

Purposes and legal basis

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session. The data is stored in log files to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The data is not analysed for marketing purposes in this context.

Art. 6 para. 1 lit. f GDPR serves as the legal basis for the temporary storage of data and log files. The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

Storage period

As soon as the aforementioned data is no longer required to display the website, it is deleted. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended. Further storage may take place in individual cases if this is required by law.

In the case of data storage in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or anonymised so that it is no longer possible to identify the calling client.

Registration/waiting list and type and scope of data processing

On our website, we offer you the opportunity to be placed on our waiting list by providing personal data. The data is entered into an input mask, transmitted to us and stored.

The following overview shows in detail which personal data we collect from you when you register:

• Name
• E-mail address
• Address
• Date of birth
• Interests, if applicable

The following data is also stored at the time of registration:

• IP address
• Date and time of registration
• Duration of the user's visit to the website
• Purposes and legal basis

Registration is necessary for the fulfilment of a contract with us or for the implementation of pre-contractual measures for the following reasons: We check your data in order to be able to offer you relevant services and content.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent. The processing of the personal data described serves the fulfilment of a contract between you and us or the implementation of pre-contractual measures, so that Art. 6 para. 1 lit. b GDPR also serves as the legal basis.

End of registration or change of data

As a user, you have the option of cancelling your registration at any time. You can also have the data stored about you changed at any time. To do this, proceed as follows: You can either write us an e-mail to the above address so that we delete your data, or change your data in your account.

However, if the processed data is still required for the fulfilment of a contract or for the implementation of pre-contractual measures, premature deletion of the data is only possible insofar as this does not conflict with contractual or legal obligations.

Newsletter and type and scope of data processing

You can subscribe to a free newsletter on our website. In order to be able to send you the newsletter regularly, we need the following information from you:

• E-mail address
• Your name

The following data is also collected during registration:

• IP address of the accessing computer
• Date and time of registration

Your consent is obtained for the processing of the data as part of the registration process and reference is made to this privacy policy.

Your data will not be passed on to third parties in connection with data processing for sending the newsletter. The data is used exclusively for sending the newsletter.

We use the so-called double opt-in procedure for sending the newsletter, i.e. we will only send you the newsletter if you first confirm your registration via a confirmation e-mail sent to you for this purpose using a link contained therein. This is to ensure that only you, as the owner of the e-mail address provided, can register for the newsletter. Your confirmation must be made promptly after receipt of the confirmation e-mail, otherwise your newsletter registration will be automatically deleted from our database.

We reserve the right to send you advertising without your consent if you have purchased goods or services from us and the advertising is related to the goods or services. This will only take place if you have not previously objected to the advertising. Each time we send you advertising, we will also inform you of the option to object.

Purposes and legal basis

The purpose of collecting the user's email address is to send the newsletter. The collection of other personal data as part of the registration process serves to prevent misuse of the services or the e-mail address used.

The legal basis for the processing of data after the user has registered for the newsletter is Art. 6 para. 1 lit. a GDPR if the user has given consent. The legal basis for sending the newsletter as a result of the sale of goods or services is Section 7 (3) UWG.

Storage period

The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. The user's email address is therefore stored for as long as the subscription to the newsletter is active. The other personal data collected during the registration process is generally deleted after a period of seven days.

Declaration of consent:

By entering my data and clicking on the ‘Send’ button, I declare my consent to the processing of my e-mail address and name for the regular sending of newsletters. I can unsubscribe from the newsletter service at any time by clicking on the corresponding link at the end of the newsletter.

I can revoke my consent to the collection of personal data collected during the registration process at any time.

---

Storage period

Your e-mail address and name will be stored for as long as you have subscribed to the newsletter. After you unsubscribe from the newsletter, your e-mail address will be deleted. Further storage may take place in individual cases if this is required by law.

• Contact form
• Type and scope of data processing

On our website, we offer you the opportunity to contact us using a form provided. As part of the process of sending your enquiry via the contact form, reference is made to this privacy policy to obtain your consent. If a user makes use of this option, the data entered in the input mask will be transmitted to us and stored.

These data are:

• E-mail address
• Your name
• Company, if applicable
• Contact person, if applicable
• If applicable, other personal data that you wish to share with us as part of the message

The following data is also stored at the time the message is sent:

• IP address
• Date and time

When using the contact form, your personal data will not be passed on to third parties.

Legal basis

The purpose of providing your e-mail address is to be able to allocate your enquiry and reply to you.

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

Storage period

Declaration of consent:
By entering my data and clicking the ‘Send’ button, I declare my consent to the processing of my e-mail address, name, company if applicable and any other personal data that I provide in my message for the purpose of responding to my contact enquiry.

I can revoke my consent to the collection of personal data collected during the use of the contact form at any time.

---

The data is deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the input screen of the contact form, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question

has been conclusively clarified. The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.

§ 8 Use of Cookies

Type and scope of data processing

We use cookies on our website. Cookies are small text files that are sent by us to the browser of your end device and stored there when you visit our website. Some functions of our website cannot be offered without the use of technically necessary cookies. Other cookies, however, enable us to carry out various analyses. For example, cookies are able to recognise the browser you use when you visit our website again and to transmit various information to us. With the help of cookies, we can make our website more user-friendly and effective for you, for example by tracking your use of our website and determining your preferred settings (e.g. country and language settings). If third parties process information via cookies, they collect the information directly via your browser. Cookies do not cause any damage to your end device. They cannot execute programmes or contain viruses.

Various types of cookies are used on our website:

• Type 1: Transient cookies:
  Transient cookies are used on our website and are automatically deleted as soon as you close your browser. This type of cookie makes it possible to record your session ID. This allows various requests from your browser to be assigned to a common session and enables us to recognise your end device during subsequent website visits within a session. 
• Type 2: Persistent cookies
  Persistent cookies are used on our website. Persistent cookies are cookies that are stored in your browser for a longer period of time and transmit information to us. The respective storage period differs depending on the cookie. You can delete persistent cookies yourself via your browser settings. 
• Type 3: Third-party cookies
  Some cookies from third-party companies may also be stored on your device when you visit our website. These enable us or you to use certain services of the third-party company (e.g. cookies for processing payment services). 

Purpose and legal basis

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. This applies, for example, to the following applications: Consent manager. In addition, these cookies contribute to the secure and compliant use of the website.

Analysis cookies are used for the purpose of improving the quality of our website and its content. Through the analysis cookies, we learn how the website is used and can thus constantly optimise our offer. For example, information is collected about how our website is used by visitors, which pages are accessed most frequently or whether error messages are displayed on certain pages.

The legal basis for the storage of cookies, device identifiers and similar tracking technologies or for the storage of information in the end user's end device and access to this information as well as the subsequent use of personal data is their consent in accordance with § 25 para. 1 of the Act on the Regulation of Data Protection and the Protection of Privacy in Telecommunications and Telemedia (TTDSG). If the cookies are not stored on the end user's device, consent is required in accordance with Art. 6 para. 1 lit. a GDPR.

The legal basis for the processing of personal data using technically necessary cookies is Art. 6 para. 1 lit. f GDPR.

Storage duration

Cookies are stored on the user's computer and transmitted by it to our website. As a user, you therefore have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website to their full extent.

§ 9 Hyperlinks

Our website contains so-called hyperlinks to websites of other providers. If you activate these hyperlinks, you will be forwarded directly from our website to the website of the other provider. You can recognise this by the change of URL, among other things. We cannot accept any responsibility for the confidential handling of your data on these third-party websites, as we have no influence on whether these companies comply with data protection regulations.

A button of the ‘LinkedIn’ network is used on our website. When you click on this button, you will be redirected to our LinkedIn page. Your browser will establish a connection to the servers of LinkedIn Corp (hereinafter ‘LinkedIn’). LinkedIn stores your personal data when you visit this website. We have no influence on the processing of your personal data by LinkedIn. You can access LinkedIn's current data protection information and additional information on this website:

https://de.linkedin.com/legal/privacy-policy.

On our website we use a button of the network ‘Instagram’. When you click on this button, you will be redirected to our Instagram page. A connection to the servers of Instagram Corp (hereinafter ‘Instagram’) is established via your browser. Instagram stores personal data about you when you visit this website. We have no influence on the processing of your personal data by Instagram. You can access Instagram's current data protection information and additional information on this website:

https://privacycenter.instagram.com/policy/?entry_point=ig_help_center_data_policy_redirect.

§ 10 Rights of data subjects

The GDPR gives you the following rights as a data subject of personal data processing:

•  Information: In accordance with Art. 15 GDPR, you can request information about your personal data processed by us. In particular, you can request information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data if it was not collected by us, about a transfer to third countries or to international organisations and about the existence of automated decision-making including profiling and, if applicable, meaningful information about its details.
• Rectification: In accordance with Art. 16 GDPR, you may request the rectification of inaccurate personal data or the completion of your personal data stored by us without undue delay.
• Erasure: In accordance with Art. 17 GDPR, you can request the erasure of your personal data stored by us, unless the processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defence of legal claims.
• Restriction: In accordance with Art. 18 GDPR, you can request the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, we no longer need the data and you refuse to delete it because you need it for the assertion, exercise or defence of legal claims. You also have the right under Art. 18 GDPR if you have objected to the processing pursuant to Art. 21 GDPR.
• Data portability: In accordance with Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or you can request that it be transferred to another controller.
• Revocation: In accordance with Art. 7 para. 3 GDPR, you can revoke your consent to us at any time. As a result, we may no longer continue the data processing based on this consent in the future.
• Objection: In accordance with Art. 21 GDPR, you have the right to object to the processing of your personal data on the basis of legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, provided that there are reasons for this arising from your particular situation or the objection is directed against direct advertising. In the case of direct marketing, you have a general right to object, which we will implement without you having to specify a particular situation.
• Complaint: In accordance with Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your workplace or our company headquarters. The supervisory authority responsible for us is the State Commissioner for Data Protection and Freedom of Information with the following contact details:

Die Landesbeauftragte für den Datenschutz und die Informationsfreiheit
Kavalleriestr. 2-4
40213 Düsseldorf poststelle@ldi.nrw.de
0211 – 38424-0