Privacy Policy

Privacy Policy of Obermark GmbH
Obermark GmbH strives to achieve a maximum level of confidentiality and security in the processing of your data. In this Privacy Policy, you will find information on the processing of your personal data and your rights under the applicable data protection law.

Unless other information is provided, the provision of your personal data is not legally or contractually prescribed. Thus, unless otherwise stated you are not required to provide any personal data. The precise scope of your personal data processing may vary depending on the services used thus not all the processing listed in this statement may be applicable.

Data Controller

The responsible controller is:
Obermark GmbH
Burgweg 10
61476 Kronberg i.Ts.
Germany
T +49 6173 78 298 30
F +49 6173 78 298 40
E info@obermark.eu

Categories of affected persons
Depending on the nature and extent of the services used, all or parts of this privacy policy apply. The groups affected include:

  • Visitors of our Websites
  • (Job-)Applicants

The above-mentioned persons are also referred to as «users».

Purpose of processing
The purposes of processing personal data on our websites include:

  • Providing the online offering, its features and content
  • Answering contact requests and communicating with users
  • Evaluating applicants and entering into employment agreements
  • Safety precautions

Legal basis for personal data processing
As a legal basis for the processing of personal data we rely mainly on our legitimate interests in accordance with Article 6 (1) (f) GDPR for the implementation of our business processes and targeted information of potential customers. This includes regularly expected cookies that allow us to display content that is interesting to the user. Furthermore, we process personal data on the basis of our legitimate interest in recognizing and avoiding spam. You have the right at any time - for reasons arising from your particular situation - to object to the processing of your personal data that is based on Article 6 (1)(f) GDPR.

For the fulfillment of our contractual obligations with the user, Article 6 (1) (b) GDPR applies as the legal basis. When contacting us (e.g. Email, phone) we will process the user's information under Article 6 (1) (b) GDPR.

We also process personal data in order to comply with our legal obligations in accordance with Article 6 (1) (c) GDPR.

When processing is necessary in order to protect the vital interests of the data subject or of another natural person, Article 6 (1) GDPR will be used as the legal basis.

In individual cases, we will obtain your consent in accordance with Article 6 (1) (a) GDPR for processing.

Duration of data storage
The personal data of the person concerned will be deleted or access restricted as soon as the purpose of the processing is fulfilled, or storage is no longer required. We also store personal data for the period in which claims can be brought against our company.

Longer storage periods may apply when we are legally obligated to store your personal data for a prescribed period. Such storage obligations are for example derived from the German Civil and Commercial Law (BGB, HGB). The storage of usage data and cookies (including IP addresses) from the website is limited to the period for which they are required to ensure safe operation of the website.

Transfers to third countries
In most cases, your personal data will only be processed within Switzerland and the EU. If however, processing abroad in non-EU countries takes place, any transfer is carried out in accordance with Article 44 GDPR. This means processing is carried out, for example on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or Switzerland (e.g. for the USA by the «Privacy Shield») or compliance with officially recognized contractual obligations (so-called «standard contractual clauses»).

Server-Logfiles
Every time you access our website, usage data is transmitted through your internet browser and stored in log data (server log files). This stored data includes, for example the name of the page viewed, the date and time of retrieval, the amount of data transferred and the requesting provider as well as IP addresses. This data is processed under our legitimate interests in ensuring seamless operation of our website and online tools.

Security and Processors
In order to enable our services, we use external processors. These are bound to our instructions based on data processing agreements and ensure the safety of your data through appropriate technical and organizational measures. These processors include IT and hosting providers as well as other parties which process personal data to enable our service offering and efficient business administration.

Google Fonts
We embed the fonts ("Google Fonts") of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. This is done on the basis of our legitimate interests in the optimal presentation of the website and the associated economic operation of our online offer.

Privacy Policy: https://www.google.com/policies/privacy/

Google Maps
In our website, we use Google Maps for the representation of our location as well as for the creation of a driving description. This is a service of Google Ireland Limited, Google Building Gordon House, 4 Barrow St, Dublin, D04 E5W5, hereinafter referred to as "Google".

By being certified under the "EU-US Privacy Shield", Google ensures that the EU's data protection requirements are also observed when processing data in the USA.

Our legitimate interest lies in optimizing the functionality of our website. Google's connection to our site, enables Google to determine from which website your request has been sent and to which IP address the directions are to be transmitted.

In addition, Google Maps and the information obtained through Google Maps are used in accordance with the Google Terms of Use and the Google Maps Terms and Conditions.

Rights of the person concerned
As the data subject, you are entitled to the following rights under the GDPR:

Right to be informed
You can ask the controller to confirm whether personal data relating to you is being processed. If such processing is carried out, you have the right to receive information on the data processing in accordance with Article 15 GDPR. This includes:

  • The processing purposes.
  • The categories of personal data that are processed.
  • The recipients or categories of recipients to whom the personal data has been disclosed or is still disclosed, in particular to recipients in third countries or to international organizations.
  • If possible, the planned duration for which the personal data is stored or, if this is not possible, the criteria for determining that duration.
  • The existence of a right to correct or delete the personal data relating to them or to restrict the processing by the person responsible or a right of objection to this processing.
  • The existence of a right of appeal to a supervisory authority.
  • If the personal data is not collected from the person concerned, all available information on the origin of the data.
  • The existence of automated decision-making including profiling under Article 22 (1) and (4) GDPR and – at least in these cases – meaningful information on the logic involved, as well as the scope and impact of such processing on the data subject.

If personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate guarantees provided under Article 46 GDPR in connection with the transmission.

Right to revoke consent
You have the right to revoke your consent to the processing of your personal data at any time. By revoking consent, the legitimacy of the processing carried out until the revocation is not affected.

Right to rectify
Under Article 16 GDPR you have the right to correct and complete your personal data, provided that your personal data being processed by the controller is incorrect or incomplete. The controller must carry out such a correction immediately.

Right to erasure
You have the right to request deletion of your personal data under Art. 17 GDPR in the following situations:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed.
  • You revoke your consent, on which the processing is based under Article 6 (1)(b) or Article 9(2) (a) GDPR and there is no other legal basis for processing.
  • You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2).
  • The personal data was unlawfully processed.
  • The deletion of personal data is necessary to comply with a legal obligation under EU law or the law of Member States, to which the controller is subject.
  • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

Right to restrict processing
Under the following conditions, you can request a restriction of the processing of your personal data (Article 18 GDPR). This applies when:

  • The accuracy of the personal data is disputed. The restriction applies to the period of time required for the person responsible to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State

Right to data portability
Under Article 20 GDPR you have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  1. The processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1) and
  2. The processing is carried out by automated means.

Right to object
You have the right to object on grounds relating your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Article 6(1) GDPR, including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or is required for the establishment, exercise or defence of legal claims.

If the personal data relating to you is processed for direct advertisement, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising. This also applies to profiling to the extent that it is associated with such direct marketing.

If you object to the processing for the purposes of direct advertising, the personal data relating to you will no longer be processed for these purposes.

You have the opportunity to exercise your right to object in connection with the use of information society services by means of automated procedures using technical specifications.

Automated decision
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

This shall not apply if the decision:

  • Is necessary for entering into, or performance of a contract between the data subject and a data controller.
  • Is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests or
  • Is based on your explicit consent.

Right to lodge a complaint
Regardless of your above rights you have the right to lodge a complaint with the supervisory authority. The supervisory authority responsible is:

Der Hessische Beauftragte für Datenschutz und Informationsfreiheit
Postfach 3163
65021 Wiesbaden
Germany