OBO visitor management system

Responsible body:

OBO Bettermann Holding GmbH & Co. KG
Hüingser Ring 52
58710 Menden, Germany

 

Contact data of the data protection officer:

Tel. +49 (0)2373 89-1351
E-mail: datenschutz@obo.de

We enter every visitor to our company in our visitor management system prior to their visit. For this reason, we need the following details from you:

Required data:

Company, name, surname, e-mail address, car registration number.

We also enter when you check in and check out on the day of your visit

Purpose:
Company, name, surname, check-in time, check-out time:  We need this data so that we can log when visitors access our company premises. This access control is a measure for fulfilling the technical and organisational measures for data processing security set out in Article 32 of the EU GDPR (EU General Data Protection Regulation).

In the event of emergencies, we also know which visitors are currently on company premises. This can be vital information for the fire service in the event of a fire, for instance.

We need the company to better identify visitors in case of identical names. 

E-mail address: 
To be able to send you the required safety briefing and data privacy information ahead of your visit and so that you can confirm that you have read and understood them. 

Car registration number: 
We enter this data to be able to notify you in the event of a parking violation or damage.

This data is not used for any reason beyond the purpose named above.

 

Legal basis:

Company, name, surname, check-in time, check-out time:
Article 6 Para. 1 lit. c of the GDPR (legal requirement for access control).

Additionally, Article 6 Para. 1 lit. d of the GDPR. Vital interests of the data subject can be better protected. Also Article 6 Para. 1 lit. f. In this case, the legitimate interest is that this data can help prevent harm to the life or physical well-being of visitors in an emergency. For example, if an evacuation should become necessary, we know which visitors are still on company premises.  The interests or rights of the data subject are not affected. 

E-mail address:
Article 6 Para. 1 lit. f of the GDPR. Our legitimate interest is to be able to send you the required safety briefing and data privacy information ahead of your visit so that you can confirm that you have read and understood them. This speeds up check-in times. The interests or rights of the data subject are not restricted.

Car registration number:
Article 6 Para. 1 lit. f of the GDPR. Our legitimate interest is to notify you straight away in the event of a parking violation or damage during your visit. This does not constitute a restriction of the vital interest.

  

Voluntary information:

Form of address, company location, telephone number, “Supervisor” checkbox. 

Purpose:

Form of address: So that we can address you based on your preference, e.g. when sending an e-mail.

Company location: If your company has multiple locations, this allows us to place you correctly.

Telephone no.: So that we can provide you with information quickly if needed, e.g. in emergencies.

“Supervisor” checkbox: This lets us know that you are the primary contact for all matters related to the visit and, if applicable, for a visitor group where not every individual visitor is registered.

This data is not used for any reason beyond the purpose named above.

 

In this case, the legal basis is

Form of address:  Article 6 Para. 1 lit. f of the GDPR. The legitimate interest here is to be able to address you based on your preference in your registration e-mail. The vital interest of the data subject is not affected, as this information is provided entirely on a voluntary basis.

Company location: Article 6 Para. 1 lit. f of the GDPR. The legitimate interest here is to be able to place you correctly if your company has multiple locations.

Telephone no.: Article 6 Para. 1 lit. d of the GDPR.

“Supervisor” checkbox: Article 6 Para. 1 lit. f of the GDPR. The legitimate interest here is for us to recognise that you are coming with a visitor group and can pass on the safety briefing to the other participants from the visitor group.

 

Deletion of data: 

The data will be deleted after 1 year. If you visit us multiple times in this period, the deadline for deleting the data will start over each time. 

 

Forwarding of data:

The data may be forwarded to data processing companies with which we have concluded an order processing agreement according to Article 28 of the GDPR.

Furthermore, the data can be forwarded to emergency services such as the fire service in the event of an emergency, for example.

The data will only be forwarded to law enforcement authorities (e.g. the police) if there is a corresponding legal basis.

Confirmation that the safety briefing and data privacy information have been read and understood.

Before your visit, we e-mail you our safety briefing and this data privacy statement. We ask you to confirm that you have read and understood the safety briefing and the data privacy information.

 

Your rights:

In accordance with the EU GDPR, you have the following rights:

Right to information according to Article 15 of the EU GDPR, right to rectification according to Article 16 of the EU GDPR, right to erasure (or right to be forgotten) according to Article 17 of the EU GDPR, right to restrict processing according to Article 18 of the EU GDPR, right to object according to Article 21 of the EU GDRP, right to data portability according to Article 20 of the EU GDPR, the right to withdraw consent as well as the right to complain to the responsible data protection authority www.ldi.nrw.de.

Liability exclusion and limitations of the OBO Bettermann Group

If non-essential contractual obligations are infringed, the User, their legal representatives and assistants shall only be liable in cases of intent and gross negligence.

In the case of damage caused by negligence, the User, their legal representatives and assistants shall only be liable in cases of the infringement of an obligation, the fulfilment of which permits the correct execution of the contract and compliance with which the visitors/employees of external companies have expected and expect (key contractual obligation/cardinal obligation), although the level shall be limited to the damage which was foreseeable at the time of contract completion and which is typical for the contract.

An explicit exception shall be made for the liability exclusions and limitations above, the injury to life and health which is the result of an intentional (§ 276 III of the German Civil Code) or negligent (§ 276 II of the German Civil Code) infringement of obligations by the User or an intentional or negligent infringement of obligations by a legal representative or assistants (§ 278 of the German Civil Code) of the User and other damage caused by a grossly negligent infringement of obligations by the User or an intentional or grossly negligent infringement of obligations by a legal representative or assistants of the User in the sense of §§ 309 Nos. 7 a) and b) of the German Civil Code. In addition, the liability exclusions and limitations above shall not apply to the infringement of an obligation, whose fulfilment enables the correct execution of the contract and compliance with which the Seller has expected and expects (key contractual obligation/cardinal obligation). Thus, only the liability restriction according to the paragraph above shall apply.