Data protection declaration
A. General data processing conditions on our website
1. Object of this data protection declaration
We, OBO Bettermann Holding GmbH & Co. KG (hereinafter referred to as OBO), thank you for your interest in our website and our offers on our website.
For us, the protection of personal data is a major and important issue. For this reason, we would like to provide you with comprehensive information as to which data is collected when you visit our websites and use the offers there and how we then process or use it. In addition, we would like to inform you about which accompanying protection measures we have made in a technical and organisational regard.
The processing of personal data, such as name, address, e-mail address or telephone number of an affected person, will always occur in accordance with the valid data protection regulations. Through this data protection declaration, we wish to inform you about the type, scope and purpose of the personal data we collect, use and process, and explain them to you, if you are affected by the data processing.
Although, as the party responsible for the processing of personal data, we have implemented countless technical and organisational measures, Internet-based data transmission can always present security flaws, meaning that absolute protection cannot be guaranteed. We would ask you to take this into account when using our Internet presence.
This data protection declaration uses terms specified by lawmakers in the General Data Protection Regulations (hereinafter known as the GDPR). You can view the GDPR via the following link:
The aim of our data protection declaration is to inform you about the processing of your personal data on our website in a simple, clear manner.
3. Name and address of the party responsible for processing
The responsible party in the sense of data protection law is:
OBO Bettermann Holding GmbH & Co. KG
Hüingser Ring 52
58710 Menden, Germany
Telephone: +49 (0)2373 89-0
Fax: +49 (0)2373 89-238
4. Contact data of the data protection officer
OBO Bettermann Holding GmbH & Co. KG
- Data protection officer -
Hüingser Ring 52
58710 Menden, Germany
Tel.: +49 (0)2373 89-1351
5. Deletion and blocking of personal data/storage period
Should nothing to the contrary be regulated for the processing of the personal data in Chapter B of this data protection declaration, then the data we have saved is deleted when storage is no longer required and no statutory storage obligations contradict the deletion. If the data of the affected person is not deleted because it is required for other legally permitted purposes, its processing will be restricted. This means that the data will be blocked and not used for other purposes. This applies, for example, to data of the affected person, which must be stored for commercial and taxation law reasons.
According to statutory requirements, storage takes place for six years according to § 257 Para. 1 of the German Commercial Code (account books, inventory, opening balances, annual reports, trade letters, booking receipts, etc.) as well as for ten years according to § 147 Para. 1 of the German Revenue Code (books, recordings, storage reports, booking receipts, commercial and business laws, etc.).
6. Rights of the affected person
6.1. Right to confirmation
Each affected person shall have the right to demand a confirmation from the party responsible for processing as to whether their personal data is being processed. Should an affected person make use of this right of confirmation, then they can contact us or our Data Protection Officer at any time.
6.2. Right to be informed
Each person affected by the processing of personal data shall have the right, at any time, to obtain information on the personal data saved on their person at no charge and to obtain a copy of this information. In addition, the affected person shall be able to obtain information about the following:
- The processing purposes;
- The categories of personal data being processed;
- The recipients or categories of recipients to whom personal data has been or is being published, in particular with recipients in third countries or with international organisations;
- If possible, the planned period for which the personal data is saved or ‒ if this is not possible ‒ the criteria for specifying this period;
- The existence of a right to correction or deletion of the personal data affecting them or to limitation of processing by the responsible party or a right of revocation against this processing;
- The existence of a right to complain to a supervisory authority;
- If the personal data is not collected from the affected person: All the available information on the origin of the data;
- The existence of automated decision-making, including profiling according to Article 22 Para 1 and 4 of the GDPR and ‒ at least in these cases ‒ expressive information on the involved logic and the scope and intended effects of such processing for the affected person.
In addition, the affected person shall have a right to information as to whether personal data was transmitted to a third country or an international organisation. If this is the case, then the affected person shall also have the right to obtain information on the suitable guarantees in conjunction with the transmission.
Should an affected person make use of this right to information, then they can contact us or our Data Protection Officer at any time.
6.3 Right to rectification
Any person affected by the processing of personal data shall have the right to demand immediate correction of incorrect personal data affecting them. In addition, the affected person shall have the right, subject to the purposes of the processing, to completion of incomplete personal data through a supplementary declaration.
Should an affected person make use of this right to correction, then they can contact us or our Data Protection Officer at any time.
6.4 Right to erasure
Each person affected by the processing of personal data shall have the right to demand that the responsible party delete personal data affecting them immediately, should one of the following reasons be applicable and processing not be required:
- The personal data was only collected for such purposes or was processed in such a way for which it is no longer required.
- The affected person shall revoke their permission on which processing is based according to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a of the GDPR and there is no other legal basis for processing.
- The affected person objects to the processing according to Art. 21 Para. 1 of the GDPR and there are no superior, valid reasons for the processing or the affected person objects to the processing in accordance with Art. 21 Para. 2 of the GDPR.
- The personal data was processed illegally.
- The deletion of the personal data is required to fulfil a legal obligation according to the law of the European Union or the member states, to which the responsible party is subject.
- The personal data was collected with reference to offered services of the information society in accordance with Art. 8 Para. 1 of the GDPR.
Should one of the above cases be applicable and an affected person wish to instigate the deletion of personal data saved at OBO, then they can contact our Data Protection Officer or another employee at any time. We will then ensure that the deletion demand is met immediately.
6.5 Right to restriction of processing
Each person affected by the processing of personal data shall have the right to demand that the responsible party restrict processing, should one of the following preconditions be applicable:
- The affected person asserts the incorrectness of the personal data for a period allowing the responsible party to check the correctness of the personal data.
- The processing is improper, the affected person refuses the deletion of the personal data and, instead, demands the limitation of the use of the personal data.
- The responsible party no longer requires the personal data for the purposes of processing, although the affected person requires them to make, assert or defend legal claims.
- The affected person has revoked processing according to Art. 21 Para. 1 of the GDPR and it is not yet clear whether the valid reasons of the responsible party outweigh those of the affected person.
Should one of the above cases occur and an affected person wish to demand the limitation of personal data saved at OBO, then they can contact us or our Data Protection Officer at any time. We will then limit processing.
6.6 Right to data portability
Each person affected by the processing of personal data shall have the right to demand to obtain the personal data provided to the responsible party by the affected person in a structured, standard and machine-readable format. In addition, the affected person has the right to transfer this data to another responsible party without hindrance from the responsible party to whom the personal data was made available, insofar as the processing is based on an authorisation according to Art. 6 Para. 1 Letter a of the GDPR or Art. 9 Para. 2 Letter a of the GDPR or a contract according to Art. 6 Para. 1 Letter b of the GDPR and processing takes place using automated methods.
In addition, the affected person will have the right to exert their right to data transfer according to Art. 20 Para. 1 of the GDPR to cause the personal data to be transferred from one responsible party to another responsible party, providing that this is technically feasible and no rights and freedoms of other people are impeded in doing so.
To exert their right to data transfer, the affected person can contact us or our Data Protection Officer at any time.
6.7 Right to object
Any person affected by the processing of personal data shall have the right to object to the processing of personal data affecting them due to Art. 6 Para. 1 Letter e or f of the GDPR, for reasons resulting from their particular situation. This also applies to profiling based on these conditions.
In the case of an objection, OBO will cease to process the personal data unless we can prove essential, legitimate reasons for processing, which are superior to the interests, rights and freedoms of the affected person, or the processing serves to make, exert or defend legal claims.
If OBO processes personal data in order to perform direct marketing, then the affected person has the right, at any time, to object to the processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is connected to such direct marketing. Should the affected person make their objection known to us regarding processing for the purposes of direct marketing, then we will no longer process the personal data for these purposes.
In addition, the affected person has the right to object, for reasons resulting from their particular situation, to processing of personal data connected to them for purposes of scientific or historical research by us or for statistical purposes in accordance with Art. 89 Para. 1 of the GDPR, unless such processing is required to fulfil a task in the public interest.
The affected person can contact us directly to exert their right to object. In addition, the affected person is also able, in connection with the use of the services of the information society, irrespective of the Directive 2002/58/EC, to exert their right to object via automated methods in which technical specifications are used.
6.8 Automated individual decision-making, including profiling
Each person affected by the processing of personal data has the right, as declared by the European Directive and Ordinance authority, not to be subjected to a decision solely made by an automated procedure ‒ including possible profiling ‒ which has a legal impact on them or which impedes them in a similar manner, should the decision
- Not be required to complete or fulfil a contract between the affected person and the responsible party or
- Be permitted due to legal requirements of the European Union or member states to which the responsible party is subject, and these legal requirements contain reasonable measures to protect the rights, freedoms and valid interests of the affected person or
- Occur with the express authorisation of the affected person.
- If the decision
- Is required to complete or fulfil a contract between the affected person and the responsible party or
- Takes place with the express permission of the affected person, OBO will take appropriate measures to protect the rights and freedoms and the valid interests of the affected person, which includes at least the right to obtain intervention by a person belonging to the responsible party, to presentation of one’s own opinion and to a challenge to the decision.
Should an affected person wish to exert their rights with regards to the automated decision-making, then they can contact us or our Data Protection Officer at any time.
6.9 Right to revoke consent under data protection law
Any person affected by the processing of personal data shall have the right to revoke an authorisation to process personal data affecting them at any time.
Should the affected person wish to exert their right to revoke an authorisation, then they can contact us or our Data Protection Officer at any time.
Each affected person can contact us directly and at any time with regard to any questions and suggestions about data protection.
6.10 Right to lodge a complaint with a data protection supervisory authority
Any person affected by the processing of personal data shall have the right to complain to a data protection supervisory authority about our processing of their personal data.
7. Lawful basis for processing personal data
If the description of the appropriate data processing procedure in Chapter B of this data protection declaration does not state otherwise, then the following regulations shall apply.
Item 6 I lit. a of the GDPR serves OBO as a legal basis for processing procedures, in which an authorisation must be obtained for a specific processing purpose. If the processing of personal data by ourselves or one of our subsidiaries – whose services and/or products are referenced by the enquiry – is required to fulfil a contract in which the affected person is one of the contractual parties, then the processing shall be based on Art. 6 I lit. b of the GDPR. The same applies to processing procedures required to carry out pre-contractual measures, such as enquiries about our services and products.
If OBO is subject to a legal obligation requiring the processing of personal data, then processing will be based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data may be required to protect essential interests of the affected person or another natural person. In this case, processing takes place based on Art. 6 I lit. d of the GDPR.
Finally, processing procedures may be based on Art. 6 I lit. f of the GDPR. This forms the legal basis of processing operations not included in any of the above legal basis, if the processing is required to protect a valid interest of OBO or a third party, provided that the interests, basic rights and basic freedoms of the affected person do not outweigh this. We are particularly permitted to perform such processing operations, because they were particularly mentioned by the European jurisdiction (cf. Recital 47 Clause 2 of the GDPR).
8. Consideration of legitimate interests
If, in the description of the appropriate data processing operation in Chapter B of this data protection declaration, there are no other stipulations and the processing of personal data is based on Article 6 I lit. f of the GDPR, then our valid interest lies in the execution of our business activity and the connected economic interest.
9. Data protection when using our contact data
If you have used the contact data stated on our website (e.g. our e-mail address or fax number) to make contact with us, then the personal data transmitted by you will only be used for the purpose intended on making contact. If your enquiry does not refer to services and/or products of OBO Bettermann Holding GmbH & Co. KG (OBO), but to those of a subsidiary, this subsidiary will process and answer your enquiry, which is why it must be passed on to them.
If the reason for your making contact is in the interest in our services or products or in the fulfillment of an existing contract with us, then the legal basis is Art. 6 Para. 1 lit. b of the GDPR. In all other cases when contact is made, we have a valid interest in data processing according to Art. 6 Para. 1 lit. f of the GDPR due to the communication initiated by you.
The personal data recorded to answer your enquiry or to carry out the contractual relationship shall be stored until the enquiry is completely processed or until termination of the contractual relationship and later deleted (not before expiry of any guarantee periods), unless we are required to store the data longer in accordance with Article 6 Para. 1 s. 1 lit. c of the GDPR due to storage and documentation duties (from the German Commercial Code, tax and revenue code) or you have approved longer storage in accordance with Art. 6 Para. 1 S. 1 lit. a of the GDPR.
In addition, we would like to maintain contact with you even after the order is processed or the contract is ended and inform you of our services and offering in electronic form ‒ e.g. via the e-mail address you gave us. We base data processing for the purposes of customer retention and care, as well as making contact easier, on a legitimate interest as defined by Art. 6 Para. 1 lit. f of the GDPR, whereby in balancing our interests with your basic rights and freedoms, we also see advantages for you from our maintaining contact, such as the opportunity resulting from timely information about our services and offers to ask us to make an offer on additional building projects or clarify questions directly with our contact partners. You have the right to challenge the data processing occurring on the basis of Art. 6 Para. 1 f of the GDPR and which is not for direct marketing for reasons resulting from your particular situation at any time. In the case of direct marketing, you can challenge the processing at any time without the need to state reasons.
Data that is processed for customer retention or direct contact in accordance with Art. 6 Para. 1 lit f of the GDPR will be processed until the legitimate interest no longer applies and then deleted, but not later than your declaration of objection to processing of the data. Legal retention obligations are also granted with regard to this data.
Recipients of the personal data processed according to this regulation are IT service providers with whom we have appropriate order processing agreements according to Art. 28 of the GDPR, and possibly subsidiaries whose services and/or products are referred to in your enquiry.
10. Data protection during applications and during the application procedure
We collect and process the personal data of applicants for the purposes of carrying out the application procedure and thus due to a pre-contract measure in the sense of Art. 6 Para. 1 lit. b of the GDPR and our valid interest according to Art. 6 Para. 1 lit. f of the GDPR in the hiring of employees.
Processing can also occur in an electronic manner, e.g. if an applicant transfers the appropriate application documents to us via electronic means, e.g. via e-mail or via our contact form. Should we complete an employment contract with an applicant, then the transferred data will be saved for the purposes of handling the employment relationship, subject to statutory requirements. If no employment contract is completed with the party responsible for the processing, then the application documents will be deleted two months after promulgation of the refusal decision, unless deletion is in contravention of other valid interests of the party responsible for the processing. In this area, another valid interest is, for example, the obligation to proof of a procedure according to the General Equal Treatment Act (AGG).
Due to the digitalised collection of the incoming applications, recipients of the processed personal data are our IT service provider (particularly hosts) with whom we have completed appropriate order processing agreements in the sense of Art. 28 of the GDPR.
11. Changes to these data protection regulations
OBO reserves the right to change these data protection regulations at any time effective in future. A current version is available on the website. Please visit the website regularly and inform yourself about the valid data protection regulations.
B. Special data processing conditions on our website
1. Collection and use of your data
The scope and type of the collection and use of your data differs according to whether you visit our website merely to view information or whether you wish to take advantage of the services we offer, e.g. to complete a contract via the website, and possibly need to register.
2. Information use/collected data/cookies
(1) General information
Cookies cannot execute any programs or transmit viruses to your computer. They are used to make the Internet presence more user-friendly and effective overall.
Our website uses the following types of cookies, whose scope and function are explained below:
- Transient cookies
- Persistent cookies
Transient cookies are deleted automatically when you close the browser. This includes session cookies in particular. These save a so-called Session ID, with which various enquiries by your browser can be assigned to a joint session. This means that your computer can be recognised again when you return to our website. The session cookies are deleted automatically when you log out or close the browser.
Persistent cookies are deleted automatically after a preset period, which differs according to the cookie and can last several years. You can delete the cookies at any time in the security settings of your browser.
(2) Cookies that are absolutely necessary for the operation of the website.
When the website is used solely for information purposes, e.g. if you do not make a booking via our website, for example, or provide us with other information, then we will only collect the personal data that your browser sends to our server. If you wish to view our website, then we collect the following data, which we require for technical reasons in order to present our website to you and to guarantee the stability and security (the legal basis is Art. 6 Para. 1 Sentence 1 lit. f of the GDPR):
- IP address
- Date and time of the enquiry
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/http status code
- Transmitted volume of data
- Website from which the request comes
- Operating system and its desktop
- Language and version of the browser software.
The data processed according to Para. 1 of these regulations is saved for the specified purposes for a period of 30 days and then deleted.
(3) Cookies that are not absolutely necessary for the operation of the website.
The consent data is stored for 3 years. The data is stored in the European Union. Additional information on the collected data and contact details can be found at https://usercentrics.com/privacy-policy/.
3. Plug-ins and tools
3.1 Web fonts from fast.fonts.net or fonts.com
To ensure a uniform display of typefaces, our website uses web fonts that have been provided by Monotype GmbH (font.com or fast.fonts.net). When you visit our site, the browser automatically loads the necessary web fonts in your browser cache in order to correctly display text and typefaces.
For this purpose, your browser must connect to the fonts.com servers. In so doing, fonts.com becomes aware that your IP address has been used to access our website. Using web fonts from fonts.com is in the interest of a uniform and attractive presentation of our online presence. This represents a legitimate interest as defined in Art. 6 Para. 1 lit. f of the GDPR.
If your browser does not support web fonts, a standard typeface from your computer will be used instead.
We use the Pingdom monitoring service from SolarWinds.
Pingdom is used in the interest of continuous improvement of the content and technology of the website. This represents a legitimate interest as defined in Art. 6 Para. 1 lit. f of the GDPR. SolarWinds has adopted the privacy shield, which ensures an adequate level of data protection for any data processing in the USA: https://www.privacyshield.gov/participant?id=a2zt00000008R6bAAE&status=Active
4. Google Analytics
Based on our valid interest in the analysis, optimisation and economic operation of our online presence in the sense of Art. 6 Para. 1 lit. f. of the GDPR, we use “Google Analytics”, a web analysis service of Google Inc. (“Google”) Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google is certified under the Privacy Shield Agreement and hereby offers a guarantee of compliance with European data protection law:
Google will, at our behest, use the information to evaluate the use of our online presence by users, in order to compile reports on the activities within this online presence and to provide additional services to us, connected with the use of this online presence and Internet use. In so doing, use profiles of users with pseudonyms may be created from the processed data.
We use Google Analytics in order to present advertising within the publicity services of Google and its partners to such users as have shown an interest in our online presence or show specific characteristics (e.g. interest in specific topics or products, determined through the visited websites), which we transmit to Google (so-called “remarketing”, or “Google Analytics Audiences”). Using the Remarketing Audiences, we also wish to ensure that our advertisements correspond to the potential interest of the users and are not a burden.
When using Google Analytics, we also use the Universal Analytics function. Universal Analytics allow us to analyse the activities on our pages across multiple devices (e.g. for access from a laptop and later from a tablet). This is done by the assignment of a user ID to a user as a pseudonym. Such an assignment occurs, for example, when you register for a customer account or log into your customer account. However, no personal data is forwarded to Google. Although Universal Analytics adds additional functions to Google Analytics, this does not mean that there is a restriction of data protection measures, such as IP masking or the browser add-on.
We only use Google Analytics with activated IP anonymisation. This means that Google will shorten the user’s IP address within the member states of the European Union or in other states which are members of the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
The IP address transferred by the user’s browser will not be combined with other data by Google. The user can prevent storing of the cookies using the appropriate setting in their browser software. In addition, users can prevent collection of the data generated by the cookie and related to their use of the online presence by Google, as well as the processing of this data by Google, by downloading and installing the browser plug-in available at the following link:
You can find further information on data use by Google, and setting and revocation options here:
You can also prevent Google Analytics from collecting your data (in particular with mobile terminals that do not permit installation of the above browser software) by clicking on the following link. An opt-out cookie is set, which prevents collection of your data when you visit this website in future:Deactivate Google Analytics
5. Google Tag Manager
This website uses the Google Tag Manager. This service allows website tags to be managed via an interface. The Google Tag Manager only implements tags. This means: No cookies are used and no personal data is collected. The Google Tag Manager activates other tags that may in turn collect data. However, the Google Tag Manager does not access this data. A deactivation made at domain- or cookie-level applies to all tracking tags, as long as they are implemented with the Google Tag Manager.
6. Google Doubleclick
Doubleclick by Google is a service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA (“Google”).
7. Integration of YouTube videos
Based on our legitimate interest as defined by Art. 6 Para. 1 lit. f. of the GDPR, we use YouTube videos, which are stored at www.YouTube.com and can be played directly from our website, for publicising our online services. YouTube belongs to Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA.
Google is certified under the Privacy Shield Agreement and hereby offers a guarantee of compliance with European data protection law:
The videos are all embedded in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. Only when you play the videos is the data listed below transmitted. We have no influence on this data transmission.
By visiting the website, YouTube receives the information that you have opened the corresponding subpage of our website. In addition, the data named under B. Point 2.1 of this data protection declaration is transmitted. This takes place independently of whether YouTube makes a user account available, via which you are logged in, or whether there is no user account. If you are logged into Google, then your data will be allocated directly to your account. If you do not want the allocation to your YouTube profile, then you must log out before activating the button. YouTube saves your data as a use profile and uses it for purposes of publicity, market research and/or the requirement-orientated design of its website. Such an evaluation particularly takes place (even for users who are not logged in) for the provision of requirement-orientated publicity and to inform other users of the social network of your activities on our website. You have a right to revoke the formation of these user profiles, although you must make your claim to YouTube.
For further information on the purpose and scope of the data collection and its processing by YouTube, please consult the data protection declaration. There, you can obtain further information on your rights and setting options to protect your privacy: https://www.google.de/intl/en/policies/privacy.
8. Facebook pixel
On this website we use the Facebook pixel tool provided by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
This tool is only active if you have consented to its use.
It can evaluate the behaviour of visitors to our website who reached our site via a Facebook advertisement. We use this tool to improve our Facebook advertisements. The data is collected and stored by Facebook. We cannot view the data; it can only be used in connection with placing advertisements. Cookies are also set through the use of Facebook pixel codes.
Through the use of the Facebook pixel, visits to our website are reported to Facebook in order to display suitable advertising on Facebook to those visitors.
If you have a Facebook account and are logged in, your visit to our website is linked to your Facebook user account.
Additional details on how the Facebook pixel is used for advertising campaigns can be found at https://www.facebook.com/business/learn/facebook-ads-pixel.
If you are logged in to Facebook, you can adjust the settings for ads appearing on Facebook at http://www.facebook.com/ads/preferences/?entry product=ad settings screen.
9. Use of functions and offers on our website
If you take advantage of services offered on our website, such as chargeable bookings in our online shop or subscription to our newsletter, then it will be necessary for you to state other personal data. Refer to the regulations below for individual details.
9.1 Contact form
(1) With the voluntary use of our contact forms, you will be asked to state your company, first name and surname, and your e-mail address, where these are marked as mandatory information. You also have the option to provide additional information as needed to optimise your personal accessibility and addressability, e.g. telephone number, profession and the reason for your enquiry/contact or your message.
(2) When you send your enquiry, we save the IP address you have used and the login time. The purpose of this procedure is to be able to prove your enquiry and, if necessary, to clarify possible abuse of your personal data.
(3) The legal basis for the processing of your personal data is, first, the authorisation expressly given by you according to Art. 6 Para. 1 lit. a of the GDPR. Moreover, data processing enables us to answer the initiated enquiry and thus also (pre-) contractual purposes as defined by Art. 6 Para. 1 lit. b of the GDPR. Further, data processing takes place on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR in answering your enquiry regarding our services and offers and proof of possible abuse of the e-mail address used for it. To the extent that mandatory information and voluntary information are differentiated, mandatory information as defined by Art. 5 Para. 1 lit. c, Art. 25 of the GDPR is only such data that would typically be transmitted through other enquiry paths – e.g. through the e-mail signature of the enquirer – and for which experience has shown that this data (see Paragraph 2) is necessary for answering the enquiry. Typically we require this data to, for example
- assign the enquirers to the correct sales region;
- assign the enquirers to the correct field sales representative;
- invite the enquirers to trade fairs, seminars, etc;
- send the enquirers certificates for seminar participation;
- send the enquirers print material;
- supply the enquirers with material/samples, etc.;
- recommend local wholesalers to the enquirer.
(4) Voluntary information, such as your profession or the background of your enquiry, help us serve you as best we can without having to ask for more information, as we provide different products and information for different professional categories, for example. A legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR finally consists of using the data you provided to be able to contact you later for the purposes of (potential) customer service and to inform you of our offers and services.
(5) We will erase the data you provided as soon as their storage is no longer required for the above-named purposes. If you have revoked your authorisation for data processing, which is possible at any time with future effect but does not affect data processing up to the time of the revocation, and/or objected to data processing as a legitimate interest (Art. 6 Para. 1 lit. f of the GDPR), we will erase the data without delay. This does not apply only if, and to the extent that, another legal reason (e.g. that of pre- and post-contractual fulfillment from Art. 6 Para. 1 lit. b of the GDPR) justifies further processing or legal requirements to maintain the data prevent immediate deletion (Art. 6 Para. 1 lit. c of the GDPR).
(6) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies) with whom we have appropriate order processing agreements according to Art. 28 of the GDPR, and possibly subsidiaries whose services and/or products are referred to in your enquiry. If these subsidiary companies are in a third country, then we shall only forward your data if they have completed EU standard contractual clauses with us.
9.2 Newsletter (OBO News)
(1) With your authorisation and subject to provision of your e-mail address, you will be able to subscribe to our newsletter, through which we will inform you of our current interesting offers, services and products, as well as news from our company and additional current OBO topics. Only your e-mail address is mandatory for subscription to the newsletter. Alternatively, or additionally, you can request OBO News via a checkbox, which is specially tailored to your interests/requirements. With the voluntary use of this request, you will be asked to state your first name and surname, the postal address of your customer, your customer group and your e-mail address, where these are marked as mandatory information. You also have the option to provide additional information as needed to optimise your personal accessibility and addressability (e.g. telephone number).
(2) We use the so-called double opt-in method for subscription to our newsletter. This means that, after you have registered, we will send an e-mail to the stated e-mail address, in which we ask for your confirmation that you wish to subscribe to the newsletter. If you do not confirm your subscription within 72 hours, your information will be blocked and deleted automatically. In addition, we save the IP address you have used and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify possible abuse of your personal data. After you confirm your ordering of the newsletter, we will save the data you have provided in accordance with Para. 2 for the purpose of sending the newsletter and identify possible misuse of your e-mail address.
(4) The legal basis for the processing of your personal data is, first, the authorisation expressly given by you in accordance with Art. 6 Para. 1 lit. a of the GDPR and, with regard to the data processed according to Para. 2, our legitimate interest in accordance with Art. 6 Para. 1 lit. f of the GDPR to identify possible misuse of the e-mail address used for it.
(5) You can revoke your authorisation for sending the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking the link available in each newsletter e-mail or sending an e-mail to firstname.lastname@example.org or through a message to the contact data specified in the imprint.
(6) To send the newsletter, your e-mail address will only be saved for length of the desired subscription. We will delete the other data saved according to Para. 1 of the GDPR after a period of max. one month after you unsubscribe.
(7) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies) with whom we have appropriate order processing agreements according to Art. 28 of the GDPR.
(8) Recipients of the data processed according to this regulation are IT service providers (particularly hosting companies) with whom we have appropriate order processing agreements according to Art. 28 of the GDPR and possible subsidiary companies who carry out the sending of the newsletter. If these subsidiary companies are in a third country, then we shall only forward your data if they have completed EU standard contractual clauses with us.
9.3 OBO Construct
(1) Through our website, we offer our customers, employees and potential new customers, as well as contract partners, the opportunity to use our OBO Construct software in different application levels. It is available as download or as web application. If you download and/or use our software, you have to make a corresponding contract for use with us, even though use is free of charge.
To download the software, information about the user must be stored beforehand in the download form. This information is in particular master data, meaning the name, address and e-mail address of the user, which we need to be able to identify and contact the user as a contract partner, if necessary (Art. 6 Para. 1 lit. b of the GDPR). The user’s profession is also requested so we can assign the users of the respective products to various occupational areas and align the products on the occupational categories that use the software the most. This data processing thus is in our legitimate interest (Art. 6 Para. 1 lit. f of the GDPR). Further, data processing also takes place in accordance with Art. 6 Para. 1 lit. a of the GDPR based on your consent, as you are completely free to use the software offered at no charge and to provide your data to obtain it.
Besides the option to download software, with some OBO Construct products (e.g. OBO Construct for underfloor systems and OBO Construct for earthing systems) we offer you the option to register oneself for use of the software and create a password for later logins. In the registration, the same data is requested as through the previously described download form for the same processing purposes, so it is referred to first. Your e-mail address is also collected in order to complete the registration process, as you must confirm your registration through a link in the e-mail to activate the account. Further, your e-mail address is required so we can store and allocate your configurations for you. With your e-mail address and the password, you can log in as a user and see all your projects and configurations.
As soon as you have an account, you can create any number of projects. The only required fields are the project name and order date. The date is preset to the current date whilst the project name is preset with the name “New project”. Here, you can create a project directly without providing additional information on the project itself. But you also have the option to change the project name and update other project-related information (such as project abbreviation, project number, customer number, customer name, customer address). The data you created in these actions is stored on our server and can be requested by the respective user (that is, you) only through use of the stored password.
Processing of the above-mentioned data is done in accordance with your consent granted in the registration procedure in accordance with Art. 6 Para. 1 lit. a of the GDPR as well as for fulfilling the contract in accordance with Art. 6 Para. 1 lit. b of the GDPR. Moreover, we have a legitimate interest as defined in Art. 6 Para. 1 lit f of the GDPR to make available to our (potential and/or former) customers as well as our employees and contract partners a practical software, tailored to their needs, which must be continuously optimised. Use of the software must be analysed to be able to continuously optimise it. Software use in web applications is analysed with Google Analytics (see B 3 above for this and for the opportunities to object). Your personal data stored in the project is not accessed for this.
In order to fulfil the contract (Art. 6 Para. 1 lit. b of the GDPR), and also in our legitimate interest (Art. 6 Para. 1 lit f of the GDPR) it is required that we can contact you through the contact data you stored, so we can ask for feedback on the software used and/or make contact with you to obtain recommendations for improvement or inform you of new opportunities for the already used application or sensible extensions/other applications.
(2) We shall not forward your personal data to third parties outside the contractual relationship, except for the software developers we assigned, without your express agreement or a legal basis for doing so. We will pass your contact data to the assigned software developers, so they can provide you with the necessary technical information and updates of the software you use. We would like to point out that this is order data processing in accordance with Art. 28 of the GDPR. The affected software developers have made a contractual obligation to us to comply with the data protection conditions required by law.
(3) After contractual completion, your data shall be blocked for further use. After expiry of the taxation and commercial law requirements, this data shall be deleted unless you have expressly agreed to their continued use. Data that is processed for customer retention or direct contact in accordance with Art. 6 Para. 1 lit f of the GDPR will be processed until the legitimate interest no longer applies and then deleted, but not later than your declaration of objection to the processing of the data. Legal retention obligations are also granted with regard to this data.
(4) With provision of the software via an app store, the information provided by the provider of the app store on the handling of your data should also be taken into account. Only the providers of the app stores shall be responsible for the use of this data.
You can also register for seminars via the OBO website. The legal basis for these registrations is Art. 6 Para. 1 S. 1 lit. b of the GDPR. Here, data collection takes place for the purposes of the execution of the appropriate seminar, to issue attendance certificates as well as copies for statistical evaluation and payment processing. For this, we collect data in the categories “Identification data”, “Invoicing data”, “Contractual data” and, possibly, “Performance data” (for further training events). The data is made available to any service provider or co-organisation charged with the organisation and execution of the event or the speaker of the event. Transmission of the data to third countries is not planned. The storage periods result from the basic legal principles. With regard to invoices, these are ten years.
10. Google Maps
This website uses Google Maps to depict interactive maps and prepare route descriptions. Google Maps is a map service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California 94043, USA. This service shows you our location and makes it easier to find us, if desired. This represents a legitimate interest as defined in Art. 6 Para. 1 lit. f of the GDPR.
Through the use of Google Maps, information about your use of our website, including your IP address and the (start) address entered into the route planner function, is transmitted to a Google server in the USA. When you call up one of our Internet websites that contains Google Maps, your browser makes a direct connection to Google’s servers. The map contents are transmitted by Google directly to your browser, and from there included in the website. We therefore have no influence on the extent of the data collected by Google in this way. To the best of our knowledge, this includes at least the following data:
- Date and time of the visit to the website involved;
- Internet address or URL of the called-up website;
- IP address together with the starting address entered in the route planner.
This takes place independently of whether Google makes available a user account through which you are logged in, or whether there is no user account. If you are logged into Google, then your data will be allocated directly to your account. If you do not want the allocation to your Google profile, then you must log out before activating the button. Google saves your data (even for users who are not logged in) as usage profiles and evaluates them. Such an evaluation takes place particularly in accordance with Art. 6 Para. 1 lit. f of the GDPR based on the legitimate interests of Google in showing personalised advertising, market research and/or needs-based design of its website.
Google LLC, with headquarters in the USA, is certified for the US-European Privacy Shield data protection convention, which ensures compliance with the data protection level applicable in the EU according to the (criticised) opinion of the EU Commission.
Through the use of our website, you declare your agreement to Google using the data collected from you through the Google Maps Route Planner in the way described above and for the purpose described above.
11. Security measures
We take organisational, contractual and technical security measures according to the state of the art, in order to ensure that the data protection regulations are complied with and that the data we process is protected against random or intentional manipulations, loss, destruction or access by unauthorised persons. The security measures particularly include encrypted transmission of data between your browser and our server.
Special features of data processing via social networks
No social plug-ins are used on our website. We only maintain links to various social media services.
Social media platforms process your personal data when you access our specific channels.
The legal basis for the processing of your personal data results from a legitimate interest (Art. 6 Para. 1 lit f) of the GDPR. The legitimate interest is the communication with interested parties and customers active there, to answer queries and provide information about our products. If you have been requested to consent to the described processing by the provider of the respective social media platform, the legal basis is Art. 6 Para. 1 lit a of the GDPR.
Please refer to the data protection information of the individual service provider regarding which personal data is collected by the service provider and information about your options for opting out and your data protection rights. We refer you to the following links of the platform providers.
User data may be processed in third countries (countries outside the European Economic Area “EEA”). With regard to US providers that are certified under the Privacy Shield, we would like to point out that they have committed to complying with the EU data protection standards. However, this may still entail some risks for users, e.g. the enforcement of user rights could be made more difficult.
You can find additional information at the following links of the individual platform provider.
Generally, data is processed for market research and advertising purposes. They can be used, for example, to create user profiles based on user behaviour and the resulting interests of the users. These user profiles may be used to display advertisements both inside and outside these platforms, which are presumed to correspond to the users’ interests.
For this purpose, cookies containing information about the users’ behaviour and interests are stored on the users’ computers.
A detailed description of the individual processing and opt-out options can be found at the following links of the individual platform providers.
In the case of requests for information and enforcement of user rights, we point out that these can be most effectively asserted with the service providers. Only the providers have access to the user data and can take appropriate action or provide information. However, should you still require assistance, please do not hesitate to contact us.
You can comment on the content we publish on the OBO Bettermann social media channels. Personal data is collected when you click the “Send comment” button. The exact details of this personal data, as well as further data protection information, can be found in the data protection declaration of the individual service provider. Your comment will be published with your username on the relevant social media profile.
If you “like” our social media channels or subscribe to updates, personal data is collected about you. You can find out which data is collected by reading the data protection declaration of the individual platform provider.
The basis is an agreement on joint processing pursuant to Article 26 of the GDPR.
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) and OBO Bettermann Holding GmbH & Co. KG are jointly responsible for processing your data on our fan page.
Opt-out: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active
Your behaviour in relation to our fan page is recorded using the “Page Insights” service. The analyses we can view do not allow us to analyse usage behaviour of individual people. We can only see aggregated data (e.g. number of hits, likes, followers, region of origin, age group, sex).
Additional information at: https://www.facebook.com/legal/terms/page_controller_addendum and https://www.facebook.com/legal/terms/information_about_page_insights_data.
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active
(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland)
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active
Xing (XING AG, Dammtorstrasse 29‒32, 20354 Hamburg, Germany)
LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) –
Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0&status=Active
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)