Privacy Policy

Introduction

For your sanity, we've summarized each paragraph of legalese with plain English.

You probably realize this, but the simple explanations in the right-hand column exist solely to aid your comprehension and alleviate boredom. They're not legally binding.

The actual privacy policy is in the left column below.

Privacy Policy

We are very pleased about your interest in our company. The management of OB7 GmbH places a high value on data protection. Generally, the use of OB7 GmbH's website is possible without providing any personal data. However, if an individual wishes to use special services offered by our company through our website, the processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the individual.

The processing of personal data, for example the name, address, e-mail address or telephone number of a person, is always carried out in accordance with the General Data Protection Regulation and in compliance with the country-specific data protection regulations applicable to OB7 GmbH. Through this privacy statement, our company wishes to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, individuals are informed about their rights through this privacy statement.

As the responsible party for processing, OB7 GmbH has implemented numerous technical and organizational measures to ensure the most comprehensive protection possible for personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so absolute protection cannot be guaranteed. For this reason, every individual is free to transmit personal data to us via alternative means, for example by telephone.

1. Definitions

The privacy policy of OB7 GmbH is based on the terminologies used by the European directive and regulatory authority when adopting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance. We use the following terms in this privacy policy, among others:

a) Personal data

Personal data is all information that relates to an identified or identifiable natural person (hereinafter "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of this natural person.

b) Data subject

A data subject is any identified or identifiable natural person whose personal data is processed by the data controller.

c) Processing

Processing is any operation or series of operations carried out with or without the help of automated processes in connection with personal data, such as the collection, recording, organization, ordering, storage, adaptation or modification, reading, querying, use, disclosure by transmission, dissemination, or another form of provision, alignment or linking, restriction, deletion, or destruction.

d) Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their future processing.

e) Profiling

Profiling is any kind of automated processing of personal data that consists of using that personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Pseudonymization

Pseudonymization is the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

g) Controller or controller responsible for the processing

The controller or controller responsible for the processing is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union law or the law of the Member States, the controller or the specific criteria for its nomination may be provided for by Union law or by the law of the Member States.

h) Processor

Processor is a natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

i) Recipient

Recipient is a natural or legal person, public authority, agency or another body to whom personal data are disclosed, regardless of whether it is a third party or not. However, authorities who may receive personal data in the framework of a specific investigation in accordance with Union law or the law of the Member States are not considered recipients.

j) Third party

Third party refers to a natural or legal person, public authority, agency or another body, apart from the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

k) Consent

Consent is any freely given specific, informed and unambiguous indication of the data subject's agreement, in the form of a statement or other clear affirmative action, by which the data subject signifies agreement to the processing of personal data relating to them.

2. Name and address of the controller responsible for processing

Philip Müller & Jörn Depenbrock

OB7 GmbH
Emil-Figge-Str. 80
44227 Dortmund
Tel.: +49 231 99995355
E-Mail: contact@ob7.com
Website: www.ob7.com

3. Cookies

The websites of OB7 GmbH use cookies. Cookies are text files that are stored and saved through an internet browser on a computer system.

Numerous websites and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can match the specific internet browser in which the cookie was stored. This enables the visited websites and servers to distinguish the individual browser of the data subject from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

Through the use of cookies, OB7 GmbH can provide more user-friendly services to the users of this website, which would not be possible without the use of cookies.

By means of a cookie, the information and offers on our website can be optimized to benefit the user. Cookies allow us, as already mentioned, to recognize users of our website. The purpose of this recognition is to make it easier for users to use our website. We use functional cookies on our website, for example to store the status of your cookie consent. In addition, analytics cookies from PostHog and map cookies from Mapbox are used if you have given your consent via our cookie banner (see Section 5 and Section 5a).

The data subject can prevent the use of cookies by our website at any time by changing the settings of the internet browser used and thus permanently object to the use of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible with all commonly used internet browsers. If the data subject deactivates the use of cookies in the internet browser used, it may not be possible to use all the functions of our website to their full extent.

4. Collection of General Data and Information

The website of OB7 GmbH collects a series of general data and information with each visit to the website by a person concerned or an automated system. This general data and information are stored in the server's log files. What can be captured are (1) the types and versions of browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-pages which are accessed via an accessing system on our website, (5) the date and time of an access to the Internet site, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

In using this general data and information, OB7 GmbH does not draw conclusions about the person concerned. Rather these information are required to (1) correctly deliver the contents of our website, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, as well as (4) provide law enforcement authorities with the necessary information for prosecution in case of a cyber-attack. These anonymously collected data and information are therefore evaluated statistically and further with the aim by OB7 GmbH to increase data protection and data security in our company, in order ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a person concerned.

If you contact us by email, phone or fax, your request, including all resulting personal data (name, request) will be stored and processed by us in order to handle your request. We will not share this data without your consent.

We process these data based on Art. 6 Para. 1 lit. b GDPR, in case your request is related to the fulfillment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the inquiries addressed to us (Art. 6 Para. 1 lit. f GDPR) or on your consent (Art. 6 Para. 1 lit. a GDPR) if it has been obtained.

The data sent by you to us via contact requests remain with us until you request us to delete, revoke your consent to the storage or the purpose for the data storage lapses (e.g., after your request has been processed). Mandatory legal provisions – in particular legal retention periods – remain unaffected.

5. Analysis Tools

This website uses the web analytics service PostHog. The provider is PostHog, Inc., with EU hosting via PostHog Cloud in the Frankfurt region (eu-central-1). All data collected by PostHog is exclusively processed and stored on servers within the European Union. No transfer of personal data to third countries takes place. A Data Processing Agreement (DPA) in accordance with Art. 28 GDPR exists with PostHog.

PostHog enables us to analyze usage behavior on our website. The following data may be collected: pages visited, time spent on pages, browser type and version used, operating system used, referrer URL, time of access, and a pseudonymized IP address.

PostHog uses cookies and similar technologies to recognize the browser. Processing is carried out on the basis of your consent pursuant to Art. 6 Para. 1 lit. a GDPR, which you grant via our cookie banner. This consent can be revoked at any time with effect for the future by adjusting your cookie settings on our website.

Further information on data protection at PostHog can be found at: https://posthog.com/privacy

5a. Map Services (Mapbox)

For interactive map views on our website, we use services provided by Mapbox, Inc., 740 15th Street NW, 5th Floor, Washington, DC 20005, USA ("Mapbox"). If you consent to the "Maps" category in our cookie banner, your browser loads map tiles, stylesheets, fonts, and other technical resources directly from Mapbox servers.

In particular, your IP address, browser and device information, referrer information, and usage data related to the map view may be transmitted to Mapbox. Processing only takes place if you have given your consent in advance. The legal basis is Art. 6 Para. 1 lit. a GDPR together with Section 25 Para. 1 TTDSG.

Please note that Mapbox is a provider based in the United States. It therefore cannot be ruled out that personal data may also be transferred to a third country. Processing is based on your consent. You can withdraw your consent at any time with effect for the future via the cookie settings on our website.

Further information on data protection at Mapbox can be found at: https://www.mapbox.com/legal/privacy

6. Hosting

Our OB7.com website is hosted on servers of Hetzner Online GmbH in Germany.

Name: Hetzner Online GmbH
Address: Industriestr. 25, 91710 Gunzenhausen, Germany

Hetzner operates data centers in Germany (including Falkenstein and Nuremberg). All personal data is processed exclusively within Germany and the European Union. A data processing agreement in accordance with Art. 28 GDPR exists with Hetzner.

7. Contact possibility via the website

The website of OB7 GmbH contains, due to legal regulations, details that enable quick electronic contact to our company and direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a person concerned contacts the controller via email or a contact form, the personal data transmitted by the person concerned are automatically stored. Such personal data, voluntarily transmitted by a person concerned to the controller, are stored for the purpose of processing or contacting the person concerned. There is no transfer of this personal data to third parties.

8. Routine Deletion and Blocking of Personal Data

The data controller processes and stores personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European directives and regulations or any other legislator in laws or regulations to which the data controller is subject.

If the storage purpose is not applicable, or if a storage period prescribed by the European directives and regulations or any other competent legislator expires, the personal data are routinely blocked or erased in accordance with legal requirements.

9. Rights of the Data Subject

a) Right to confirmation: Every data subject has the right, as granted by the European directive and regulation maker, to request confirmation from the controller as to whether personal data concerning them is being processed. If a data subject wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.

b) Right to access: Every person affected by the processing of personal data has the right, granted by the European directives and regulation maker, to receive, at any time and free of charge, information from the data controller about personal data stored about them and a copy of this information. Furthermore, the European directives and regulation maker has granted the data subject access to the following information:

the processing purposes the categories of personal data being processed the recipients or categories of recipients to whom the personal data have been or will still be disclosed, in particular recipients in third countries or international organisations if possible, the planned duration for which the personal data will be stored, or, if this is not possible, the criteria for determining this duration the existence of a right to correction or deletion of personal data concerning them or to restriction of processing by the controller or a right to object to such processing the existence of a right to lodge a complaint with a supervisory authority if the personal data are not collected from the data subject: all available information about the origin of the data the existence of automated decision-making, including profiling, according to Article 22(1) and (4) of the GDPR, and - at least in these cases - meaningful information about the logic involved, as well as the significance and the potential impact of such processing on the data subject. Furthermore, the data subject has the right to obtain information as to whether personal data has been transferred to a third country or an international organization. If this is the case, the data subject also has the right to obtain information about the appropriate guarantees in connection with the transfer.

If a data subject wishes to exercise this right to information, they can contact an employee of the controller at any time.

c) Right to rectification: Every person affected by the processing of personal data has the right granted by the European directives and regulation maker to demand the immediate correction of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data - including by means of a supplementary statement - taking into account the purposes of the processing.

If a data subject wishes to exercise this right to rectification, they can contact an employee of the controller at any time.

d) Right to erasure (right to be forgotten) Every person affected by the processing of personal data has the right granted by the European directive and regulation maker to request the controller to immediately delete the personal data concerning them, provided that one of the following reasons applies and insofar as the processing is not necessary:

The personal data was collected or otherwise processed for such purposes for which it is no longer necessary. The data subject withdraws their consent on which the processing was based according to Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR, and there is no other legal basis for the processing. The data subject objects to the processing pursuant to Article 21 (1) GDPR, and there are no overriding legitimate reasons for processing, or the data subject objects to the processing pursuant to Article 21 (2) GDPR. The personal data was processed unlawfully. The deletion of personal data is necessary to fulfill a legal obligation under Union law or the law of the member states to which the controller is subject. The personal data was collected in relation to offered services of the information society according to Article 8 (1) GDPR. If one of the aforementioned reasons applies, and a data subject wishes to request the deletion of personal data stored by OB7 GmbH, they can contact an employee of the controller at any time. The OB7 GmbH employee will ensure that the request for deletion is complied with immediately.

If the personal data has been made public by OB7 GmbH and our company as the controller is obliged to delete personal data in accordance with Article 17 (1) GDPR, OB7 GmbH, taking into account available technology and implementation costs, will take appropriate measures, including technical ones, to inform other data processors who process the published personal data, that the data subject has requested the deletion of all links to these personal data or copies or replications of these personal data from these other data processors, provided that the processing is not necessary. The OB7 GmbH employee will arrange the necessary steps in individual cases.

e) Right to restriction of processing

Every person affected by the processing of personal data has the right, granted by the European directives and regulation maker, to request the controller to restrict the processing if one of the following conditions applies:

The accuracy of the personal data is contested by the data subject, for a period that enables the controller to verify the accuracy of the personal data. The processing is unlawful, the data subject opposes the erasure of the personal data and instead requests the restriction of the use of the personal data. The controller no longer needs the personal data for processing purposes, but the data subject needs them for the assertion, exercise or defense of legal claims. The data subject has objected to the processing in accordance with Art. 21 Para. 1 GDPR, and it is not yet clear whether the legitimate reasons of the controller outweigh those of the data subject. If one of the above conditions is met and a data subject wishes to request the restriction of personal data stored by OB7 GmbH, they can contact an employee of the data controller at any time. The OB7 GmbH employee will arrange for the processing to be restricted.

f) Right to data portability Every individual affected by the processing of personal data has the right granted by the European directive and regulation maker to receive their personal data, which they have provided to a controller, in a structured, common, and machine-readable format. They also have the right to transmit this data to another controller without hindrance from the controller to whom the personal data has been provided, provided that the processing is based on consent pursuant to Art. 6 Para. 1 letter a GDPR or Art. 9 Para. 2 letter a GDPR or on a contract pursuant to Art. 6 Para. 1 letter b GDPR and the processing is done using automated procedures, provided that the processing is not necessary for the performance of a task that is in the public interest or carried out in the exercise of public authority transferred to the controller.

Furthermore, in exercising their right to data portability in accordance with Art. 20 para. 1 GDPR, the individual has the right to have personal data transferred directly from one controller to another controller, insofar as this is technically feasible and as long as this does not infringe upon the rights and freedoms of other people.

In order to assert the right to data transferability, the data subject can contact an OB7 GmbH employee at any time.

g) Right to object Every individual affected by the processing of personal data has the right granted by the European directive and regulation maker, for reasons arising from their particular situation, to object at any time to the processing of personal data concerning them that is carried out on the basis of Art. 6 para. 1 letters e or f GDPR. This also applies to profiling based on these provisions.

OB7 GmbH no longer processes the personal data in the event of an objection unless we can demonstrate compelling legitimate reasons for the processing that outweigh the interests, rights, and freedoms of the data subject, or the processing is for the assertion, exercise, or defense of legal claims.

If OB7 GmbH processes personal data to conduct direct advertising, the individual has the right to object at any time to the processing of personal data for the purpose of such advertising. This also applies to profiling insofar as it is connected with such direct advertising. If the individual objects to processing for direct advertising purposes by OB7 GmbH, OB7 GmbH will no longer process the personal data for these purposes.

Furthermore, the data subject has the right, for reasons arising from his/her particular situation, to object to the processing of personal data concerning him/her, which is carried out at OB7 GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Para. 1 GDPR, unless such processing is necessary for the performance of a task in the public interest.

To exercise the right of objection, the data subject can directly contact any employee of OB7 GmbH or another employee. The data subject is also free to exercise their right of objection in connection with the use of Information Society Services, irrespective of Directive 2002/58/EC, using automated procedures that use technical specifications.

h) Automated decisions in individual cases including profiling Every person subject to the processing of personal data has the right granted by the European Directive and Regulation to not be subject to a decision based exclusively on automated processing, including profiling, that has legal effect on him/her or significantly affects him/her in a similar manner, unless the decision (1) is necessary for concluding or fulfilling a contract between the data subject and the controller, or (2) is permissible due to Union or Member State legal regulations to which the controller is subject, and these legal regulations contain appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, or (3) is done with the explicit consent of the data subject.

If the decision (1) is necessary for concluding or fulfilling a contract between the data subject and the controller, or (2) is done with the explicit consent of the data subject, OB7 GmbH takes appropriate measures to safeguard the rights, freedoms, and legitimate interests of the data subject, including, at minimum, the right to obtain human intervention from the controller, express one's point of view, and contest the decision.

If the data subject wishes to exercise rights concerning automated decisions, he or she can contact an employee of the controller responsible for the processing at any time.

i) Right to withdraw data protection consent Every person subject to the processing of personal data has the right granted by the European Directive and Regulation to revoke consent to the processing of personal data at any time.

If the data subject wishes to assert their right to withdraw consent, they can contact an employee of the controller responsible for the processing at any time.

10. Data Protection in Applications and the Application Process

The controller collects and processes the personal data of applicants for the purpose of handling the application process. The processing can also be carried out electronically. This is particularly the case when an applicant sends application documents electronically, for example by email or via a web form on the website, to the controller. If the controller concludes an employment contract with an applicant, the submitted data will be stored for the purpose of processing the employment relationship in compliance with the legal regulations. If the controller does not conclude an employment contract with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, unless deletion opposes any other legitimate interests of the controller. Other legitimate interest in this sense might be a burden of proof in a procedure under the General Equal Treatment Act (AGG).

11. Legal Basis for Processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose. If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, as is the case, for example, with processing operations necessary for the delivery of goods or the provision of any other service or consideration, the processing is based on Art. 6 I lit. b GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, for example, in cases of inquiries regarding our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfilment of tax obligations, the processing is based on Art. 6 I lit. c GDPR. In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person. This would be the case, for example, if a visitor to our premises were injured and his name, age, health insurance data, or other vital information would have to be passed on to a doctor, hospital, or other third party. Then the processing would be based on Art. 6 I lit. d GDPR. Finally, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations that are not covered by any of the aforementioned legal bases, if processing is necessary for the purposes of the legitimate interests pursued by our company or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are particularly permissible because they have been specifically mentioned by the European legislator. They considered that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

12. Legitimate Interests Pursued By The Controller Or A Third Party

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the welfare of all our employees and our shareholders.

13. Duration for which the personal data will be stored

The criterion for the duration of storage of personal data is the respective legal retention period. After expiry of this period, the corresponding data is routinely deleted, provided it is no longer necessary for the performance or initiation of the contract.

14. Legal or contractual regulations for providing personal data; necessity for contract conclusion; obligation of the data subject to provide the personal data; possible consequences of non-provision.

We inform you that the provision of personal data is partly legally required (e.g., tax regulations) or may also arise from contractual arrangements (e.g., details of the contractual partner). Sometimes it may be necessary for a contract to be concluded that a data subject provides us with personal data that must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company concludes a contract with him/her. Failure to provide personal data would mean that the contract with the data subject could not be concluded. Before providing personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of personal data is legally or contractually required, or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what consequences the non-provision of the personal data would have.

15. Existence of Automated Decision-making

As a responsible company, we abstain from automatic decision-making or profiling.

The controller in the sense of the General Data Protection Regulation, other data protection laws applicable in the member states of the European Union and other provisions with a data protection character is the:

OB7 GmbH
Emil-Figge-Str. 80
44227 Dortmund
Tel.: +49 231 99995355
E-Mail: contact@ob7.com
Website: www.ob7.com

Registered in the commercial register.
Register court: Dortmund.
Registration number: HRB 37787.