Name and contact details of the data controller
Our data controller (hereinafter referred “responsible person”) within the meaning of Art. 4 clause 7 GDPR is:
OptiSense GmbH & Co. KG
45721, Haltern am See, Deutschland
Managing Director: Dr. Jens Heymans, Joachim Menke
Commercial register/No: HRA 4517
Register court: Amtsgericht Gelsenkirchen
Fax: 02364 50882-11
Email address: email@example.com
Types of data, purposes of processing and categories of data subjects
In the following text, we will inform you as to the type, scope and purpose of the collection, processing and use of personal data.
- Types of data that we process
usage data (access times, websites visited, etc.), inventory data (name, address, etc.), contact details (telephone number, email, fax, etc.), payment information (bank details, account data, payment history, etc.), Contract data (subject matter of the contract, duration, etc.), content data (text input, videos, photos, etc.), and communication data (IP address, etc.).
- Purposes of processing in accordance with Art. 13 Para. 1 c) GDPR
processing contracts, optimising the website from a technical and economic standpoint, facilitating easy access to the website, fulfilling contractual obligations, establishing contact in the event of legal complaints by third parties, fulfilling legal storage obligations, optimisation and statistical analysis of our services, supporting commercial use of the website, improving user experience, making the website user-friendly, operating advertising and the website in a cost-effective manner, marketing/sales/advertising, creating statistics, avoiding spam and abuse, handling an application procedure, providing customer service and customer care, handling contact requests, providing websites with functions and content, implementing security measures, and operating our website in a secure and uninterrupted manner.
- Categories of data subjects according to Art. 13 Para. 1 e) GDPR
Visitors/users of the website, customers, suppliers, interested parties, applicants, employees, and employees of customers or suppliers.
The data subjects are collectively referred to as „users“.
Legal basis of the processing of personal data
In the following text, we will inform you as to the legal basis for processing personal data:
- If we have obtained your consent for the processing of personal data, Art. 6 Para. 1 clause 1 lit. a) GDPR will serve as the legal basis.
- If the processing is necessary for the fulfillment of a contract or for the execution of pre-contractual measures, which take place on your request, then Art. 6 Para. 1 clause 1 lit. b) GDPR will serve as the legal basis.
- If the processing is necessary to fulfil a legal obligation to which we are subject (e.g. legal storage obligations), Art. 6 Para. 1 clause 1 lit. c) GDPR will serve as the legal basis.
- If the processing is necessary to protect our legitimate interests or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not prevail in this regard, Art. 6 Para. 1 clause 1 lit. f) GDPR will serve as the legal basis.
Disclosure of personal data to third parties and processors
No data is passed on to third parties by us without your consent. Should this be the case, however, this data will be passed on based on the legal bases mentioned above, for example, in the event that data is passed on to online payment providers for the fulfilment of a contract based on either a court order or a legal obligation to pass on the data for the purposes of prosecution, averting danger or enforcing intellectual property rights.
We use processors (external service providers used for the web hosting of our websites and databases, for example) to process your data. If data is passed on to processors within the framework of a processing agreement, this is always carried out in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly, and have been granted the right to issue instructions regarding the data. Processors must also have taken appropriate technical and organisational measures and complied with the data protection provisions in accordance with the German Federal Data Protection Act as amended and the GDPR.
Passing on data to third countries
The adoption of the European General Data Protection Regulation (GDPR) has created a common basis for data protection in Europe. Your data will therefore mainly be processed by companies for whom the GDPR applies. Should the processing be carried out by services of third parties outside the European Union or the European Economic Area, these third parties must fulfil the special conditions of Art. 44 et seqq. GDPR. This means that the processing will be carried out on the basis of specific guarantees such as the determination, officially recognised by the EU commission, of a level of data protection appropriate to the EU or the observance of special contractual obligations, so-called "standard contractual clauses".
Based the ineffectiveness of the so-called "Privacy Shield", insofar as we obtain your express consent to pass on data to the USA, in accordance with Art. 49 Para. 1 clause 1 lit. a), we would like to highlight the risk in this regard of secret access by US authorities and use of the data for the purposes of surveillance, possibly without legal remedies for EU citizens.
Deletion of data and storage duration
Existence of automated decision-making
We do not use automatic decision-making or a profiling system.
Provision of the website and creation of log files
If you use our website solely for information purposes (i.e. no registration and no other transmission of information), we collect only the personal data passed on to our server by your browser. If you would like to view our website, we will collect the following data:
- IP address;
- internet service provider of the user;
- date and time of access;
- browser type;
- language and browser version;
- content of visit;
- time zone;
- access status/HTTP status code;
- volume of data;
- websites from which the request originates;
This data is not stored together with any other personal data pertaining to you. The IP address is not stored in full, rather 2 bytes of the IP address are masked (e.g. 195.173.xxx.xxx). This renders attribution of the shortened IP address to the computer accessing the website impossible.
- This data serves to make our website available to you in a user-friendly, functional and secure manner with functions and content as well as the associated optimisation and statistical analysis.
- The legal basis for this is our legitimate interest in data processing in accordance with Art. 6 Para. 1 clause 1 lit. f) GDPR.
- For security reasons, we store this data in server log files for a storage period of 60 days. After this period this data is automatically deleted unless we are required to keep it for evidentiary purposes in the event of attacks on the server infrastructure or other legal violations.
A distinction is made between the following types of cookies:
- Necessary, essential cookies: Essential cookies are cookies which are absolutely necessary for the operation of the website in order to save certain functions such as logins, the shopping cart or user inputs relating to, for example, the language of the website.
- Session cookies: Session cookies are required to recognise multiple uses of content by the same user (for example, if you have logged in to determine your login status). When you access our website again, these cookies provide information which allows you to be automatically recognised. Information contained in the cookies is used to optimise our content and provide you easy access to our site. When you close the browser or log out, the session cookies will be deleted.
- Persistent cookies: These cookies are saved even after the browser has been closed. These are used to store the login information, measure reach, and for marketing purposes. These are automatically deleted after a specified period which may vary depending on the cookie. You can delete cookies at any time in the security settings of your browser.
- Third-party cookies (especially from advertisers): You can configure your browser settings according to your wishes and, for example, refuse either third-party cookies or all cookies. Please note that in doing this you may then not be able to use all functions of this website. More can be read about these cookies in the respective privacy policies of the third parties.
- Data categories: user data, cookies, user ID (in particular pages visited, device information, access times and IP addresses).
- Purposes of processing: The information obtained in this way is used to optimise our website from a technical and economic standpoint and to enable you to access our website more easily and securely.
- Legal bases: If we process your personal data with the help of cookies based on your consent (opting in), Art. 6 Para. 1 clause 1 lit. a) GDPR will serve as the legal basis. In addition to this, we also have a legitimate interest in the effective functioning, improvement and economic operation of the website; in this case Art. 6 Para. 1 clause 1 lit. f) GDPR will serve as the legal basis. The legal basis will also be Art. 6 Para. 1 clause 1 lit. b) GDPR if the cookies are stored to initiate contracts, for orders, for example.
- Storage period/deletion: The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. If the data was collected in order to provide access to the website, it will be deleted once your session on our site ends.
You can find information on deleting cookies by browser here:
Internet Explorer: https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/en-us/help/4027947/windows-delete-cookies
- Rejection and opting out: In general, cookies can be prevented from being saved on your hard drive, regardless of consent or legal permission, by selecting “do not accept cookies” in your browser settings. This may, however, limit the functionality of our website. You can reject the use of third-party cookies used for advertising purposes by opting out using this American website (https://optout.aboutads.info) or this European website (https://www.youronlinechoices.com/uk/your-ad-choices).
Contact via the contact form/email/fax/post
- When contacting us via contact form, fax, post or email, your details will be processed for the purpose of processing the contact request.
- The legal basis for processing the data, if the user's consent to this has been obtained, is Art. 6 Para. 1 clause 1 lit. a) GDPR. The legal basis for processing the data passed on in the course of sending the contact form, an email, a letter or a fax is Art. 6 Para. 1 clause 1 lit. f) GDPR. The data controller has a legitimate interest in the processing and storage of the data so as to be able to answer user queries, to preserve evidence for liability reasons and, where applicable, to be able to comply with its statutory storage obligations for business letters. If the purpose of the contact is to conclude a contract, then an additional legal basis for the processing is Art. 6 Para. 1 clause 1 lit. b) GDPR.
- We are able to store both your details and your contact request in our Customer Relationship Management System ("CRM System") or a similar system.
- The data will be deleted as soon as it is no longer required to fulfil the purpose for which it was collected. For the personal data from the contact form input screen and the data that was sent by email, this purpose will have been fulfilled when the respective conversation with you has ended. The conversation will have ended when the circumstances indicate that the matter in question has been conclusively resolved. We store requests from users who have an account or contract with us for a period of two years after the contract has ended. In the case of statutory archiving obligations, deletion will occur after these expire: end of commercial law (6 years) and tax law (10 years) storage obligation.
- You are able to withdraw your consent to the processing of personal data at any time in accordance with Art. 6 Para. 1 clause 1 lit. a) GDPR. If you contact us by email, you can object to the storage of your personal data at any time.
- You can subscribe to our newsletter with your voluntary consent by entering your email address. Only your email is required. The provision of further data is voluntary and serves only the purposes of addressing you personally. We use the so-called "double opt-in procedure" for registration. After you have registered using your email, you will receive an email from us with a link to confirm your registration. By clicking on this confirmation link, your email will be added to the newsletter distribution list and saved for the purpose of sending emails. If you do not click on the confirmation link within 48 hours, your login data will be blocked and automatically deleted after 30 days.
- We also log the IP address you used when you registered, as well as the date and time of the double opt-in (registration and confirmation). The purpose of this storage is to fulfil the legal requirements regarding proof of your registration and to prevent your email from being misused.
- Within the scope of your declaration of consent, the contents (e.g. advertised products/services, offers, advertising and topics) of the newsletter are described in specific terms.
- We use the following mail service provider to send emails:
Clever Reach (Schafjückenweg 2, 26180 Rastede, Germany), whose data protection declaration can be found at https://www.cleverreach.com/en/privacy-policy/. We have concluded an order processing agreement with the mail service provider in accordance with Art. 28 GDPR.
- When sending the newsletter, we analyse your user behaviour. The newsletters contain so-called "web beacons" or "tracking pixels" which are opened when the newsletter is opened. For the purposes of analysis, we link the web beacons to your email address and a personal ID. Links included in the newsletter also contain this ID. The data is collected exclusively in a pseudonymised manner, IDs are therefore not linked with your other personal data. It is not possible to link the data to your person. With this data we can determine if and when you opened the newsletter and which links were clicked in the newsletter. This serves to optimise and statistically analyse our newsletter.
- The legal basis for the sending of the newsletter, assessment of success, and the storage of the email is your consent in accordance with Art. 6 Para. 1 clause 1 lit. a) GDPR together with Section 7 Para. 2 no 3 of the German Unfair Competition Act [UWG] and for the recording of consent Art. 6 Para. 1 clause 1 lit. f) GDPR, as this serves our legitimate interest of legal provability.
- You can object to tracking at any time by clicking the unsubscribe link at the end of the newsletter. You would, however, cease to receive the newsletter in doing this. Deactivating images being displayed in your email software also renders tracking impossible. This may, however, restrict the functions of the newsletter and the images contained will not be displayed.
- You can revoke your consent to receiving the newsletter at any time. You can exercise your right of withdrawal by clicking the unsubscribe link at the end of the newsletter, or sending an email or message to to our contact information listed above. We store your data for as long as you are subscribed to the newsletter. After logging out, your data will only be stored anonymously for statistical purposes.
- To allow prize promotions to be conducted, your contact email address is saved and, should you win, your address information is also saved to allow the prize to be sent. The address information can be passed on to a mail service provider as part of the order data processing. This data will not be passed on to other third parties. Only those over the age of 18 may participate in the prize promotion.
- The legal basis is Art. 6 Para. 1 clause 1 lit. b) GDPR.
- The data will be deleted 2 months after the prize has been determined.
- We have included YouTube videos from youtube.com on our website using the embed function so that they can be accessed directly on our website. YouTube belongs to Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland.
- Data category and description of data processing: Usage data (e.g. website accessed, content and access times). We have integrated the videos into a so-called "extended data protection mode" without having cookies record usage behaviour to personalise video playback. Video recommendations are rather based on the video playing at that time. Videos played in an embedded player in extended data protection mode do not affect which videos you are recommended for viewing on YouTube. When you start a video (click on the video) you are consenting to YouTube tracking the information on your accessing the corresponding subpage or video on our website and that this data is used for advertising purposes.
- Purpose of processing: Providing of a user-friendly offering, optimisation, and improvement of our content by displaying videos.
- Legal basis: If you have given your consent to the processing of your personal data by the third-party using "etracker" (opt in), then Art. 6 Para. 1 clause 1 lit. a) GDPR will serve as the legal basis. Also serving as a legal basis is our legitimate interest in data processing in accordance with Art. 6 Para. 1 clause 1 lit. f) GDPR. For services provided as part of a contract, tracking and analysis of user behaviour is carried out in accordance with Art. 6 Para. 1 clause 1 lit. b) GDPR, in order to be able to offer optimised services to fulfill the purpose of the contract with the information obtained thereby.
- Data transfer/recipient category: Please note that this service can transfer data outside of the European Union and the European Economic Area to a country which does not offer a sufficient level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes and it is possible that you may have no legal remedies. This will occur even without a Google user account. If you are logged into your Google account, Google can attribute the data listed above to your account. If you wish to prevent this, you must to log out of your Google account. Google creates user profiles from such data and uses this for the purposes of advertising, market research or optimisation of its websites.
- Storage period: Cookies for up to 2 years or until the cookies are deleted by you as the user.
- The contact form for the data protection officer of the processing company can be found here: https://support.google.com/policies/contact/general_privacy_form.
- We have integrated maps from “Google Maps” (provider: Google Ireland Limited, register no.: 368047, Gordon House, Barrow Street, Dublin 4, Irland) into our website.
- Data category and description of data processing: usage data (e.g. IP, location, page accessed). Using Google Maps enables us to display the location of addresses and route descriptions directly on our website in interactive maps and enables you to use this tool. When you visit our website, where Google Maps is integrated, you will connect to Google's servers in the USA. In doing this, your IP and location can be passed on to Google. Google is also informed that you have visited the page in question. This will occur even without a Google user account. If you are logged into your Google account, Google can attribute the data listed above to your account. If you wish to prevent this, you must to log out of your Google account. Google creates user profiles from such data and uses this for the purposes of advertising, market research or optimisation of its websites.
- Purpose of processing: Providing a user-friendly, economical and optimised website through the use of interactive maps.
- Legal basis: If you have given your consent to the processing of your personal data by the third-party using "Google Maps" (opt in), then Art. 6 Para. 1 clause 1 lit. a) GDPR will serve as the legal basis. Also serving as a legal basis is our legitimate interest in data processing in accordance with Art. 6 Para. 1 clause 1 lit. f) GDPR.
- Data transfer/recipient category: Please note that this service can transfer data outside of the European Union and the European Economic Area to a country which does not offer a sufficient level of data protection. If the data is transferred to the USA, there is a risk that your data may be processed by US authorities for control and monitoring purposes and it is possible that you may have no legal remedies.
- Storage duration: Cookies for up to 6 months or until you delete them. Failing this, as soon as they are no longer required for processing purposes.
- The contact form for the data protection officer of the processing company can be found here: https://support.google.com/policies/contact/general_privacy_form
Presence on social media
- Data categories and description of data processing: usage data, contact data, content data, inventory data. User data is also generally processed for market research and advertising purposes. For example, user profiles can be created based on user behaviour and the user interests taken therefrom. The usage profiles can in turn be used, for example, to display advertisements which presumably correspond to the interests of the users both within and outside of the platforms. For these purposes, cookies are usually stored on the user's computer, in which the user's usage behavior and interests are stored. Furthermore, data can also be stored in user profiles separate from the devices used by the users (especially if the users are members of the respective platforms and are logged in). For a detailed description of the respective forms of processing and the possibilities for objection (opt out), we would direct you to the privacy policies and information of the operators of the respective networks. We would like to point out that requests for information and the assertion of user rights are also directed most effectively to the providers. Only the providers have access to the user data and can take appropriate measures and provide information directly. Should you still require assistance, you can contact us.
- Purpose of processing: communication with users connected with and registered on social networks; information and advertising for our products, offers and services; external representation and image maintenance; evaluation and analysis of users and content of our presence on social media.
- Legal basis: The legal basis for the processing of personal data is our legitimate interest in the purposes listed above in accordance with Art. 6 Para. 1 clause 1 lit. f) GDPR. If you have given your consent to the processing of your personal data to the data controller for the social network, the legal basis is Art. 6 Para. 1 clause 1 lit. a) together with Art. 7 GDPR.
- Data transmission/recipient category: social network.
- The privacy notices, opportunities to obtain information on and to object (opt out) to the respective networks/service providers can be found here:
Data protection in applications and in the application procedure
- Applications sent electronically or by post to the data controller will be processed electronically or manually for the purposes of processing the application procedure.
- We expressly point out that application documents with "special categories of personal data" in accordance with Art. 9 GDPR (e.g. a photo that provides information about your ethnic origin, religion or marital status), with the exception of any severe disabilities which you may wish to disclose freely, are not desired. Your application should be submitted without this data. This does not affect your success of your application.
- The legal basis for the processing is Art. 6 Para. 1 clause 1 lit. b) GDPR and Section 26 BDSG as amended.
- If, after the application process has been completed, the applicant enters into an employment relationship, the applicant data will be stored in compliance with the relevant data protection regulations. If you are not offered a position after completing the application process, your application letter and documents will be deleted 6 months after the rejection has been sent so as to be able to satisfy any claims and obligations regarding provision of evidence under the German Equal Opportunities Act [AGG].
Your rights as a data subject
Objection to or revocation of the processing of your data
Insofar as the processing is dependent upon your consent in accordance with Art. 6 Para. 1 clause 1 lit. a), Art. 7 GDPR, you have the right to revoke your consent at any time. The legality of the processing carried out on the basis of your consent until revocation remains unaffected.
You have the right to object, at any time, for reasons arising from your particular situation, to the processing of your personal data carried out on the basis of Art. 6 1 e) GDPR (data processing in the public interest) or Art. 6 Para. 1 f) GDPR (data processing on the basis of a balance of interests). Should you object, we will only process your personal data if we can prove compelling legitimate reasons which outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
You may of course object to the processing of your personal data for the purposes of advertising and data analysis at any time. You can exercise your right to withdraw your consent at no charge. You can inform us about your objection to the processing for advertising purposes via the following contact information:
OptiSense GmbH & Co. KG
45721, Haltern am See, Deutschland
Managing Director Dr. Jens Heymans, Joachim Menke
Commercial register/No: HRA 4517
Register court: Gelsenkirchen District Court
Email address: firstname.lastname@example.org
- Right to information
You have the right to request confirmation from us as to whether personal data relating to you is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. In particular, you may obtain information on the purposes of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, and the origin of your data, unless it has been collected from you directly.
- Right to correction
You have the right to correct incorrect data or to complete correct data in accordance with Art. 16 GDPR.
- Right to deletion
You have the right to delete your data being stored by us in accordance with Art. 17 GDPR, unless this runs contrary to statutory or contractual retention periods or other legal obligations or rights to continued storage.
- Right to restriction
You have the right to request a restriction in the processing of your personal data if one of the requirements in Art. 18 Para. 1 lit. a) to d) GDPR is met:
- if you dispute the accuracy of the personal data relating to you for a period of time, which enables the person responsible to verify the accuracy of the personally identifiable information;
- the processing is unlawful and you reject the deletion of the personal data and instead demand the restriction of the use of personal data;
- the data controller no longer requires the personal data for the purposes of processing, but they need it for the assertion, exercise or defence of legal claims, or
- you have objected to processing pursuant to Art. 21 Para. 1 GDPR and it is not yet clear whether the data controller's legitimate reasons for processing your data outweight your interests.
Right to appeal
You have the right to appeal to a supervisory authority. As a rule, you may contact the supervisory authority in the member state of your place of residence, your place of work or the location of the alleged violation in particular.
The data protection supervisory authority responsible for us is: LDI - State Commissioner for Data Protection and Freedom of Information for North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf.
We have taken appropriate technical and organisational security measures in order to protect all personal data passed on to us and ensure that we and our external service providers comply with data protection regulations. Among other things, all data between your browser and our server is therefore encrypted via a secure SSL connection.