Contacts

Data protection

Data subjects:
This privacy policy is directed at all persons who visit this website. All personal designations refer to all genders and the associated linguistic forms, in particular “diverse”, “female”, and “male”. Each personal designation is to be understood with the suffix “(m/f/d)”.

Responsible party:
The party responsible for the processing described here is: OMIND platform GmbH, Karlsplatz 3, 80335 Munich, info@omind.de, represented by the managing director Ms. Aurelia Engelsberger.

Rights
(1) Data subjects have the following rights with regard to the data stored about them: the right to information, the right to rectification of inaccurate data, the right to erasure of data for which there is no longer a reason to retain it, the right to restriction of processing, and the right to data portability. Furthermore, they have the right to lodge a complaint with the supervisory authority responsible for the data controller.
(2) If the processing is based on the consent of the data subjects, the data subjects may revoke their consent at any time and with effect for the future; for example, by sending an informal message to one of the above-mentioned contact channels (controller).
(3) If the processing is based on the fulfillment of a legitimate interest, i.e., on Article 6 (1) (f) GDPR, the data subjects may object to the processing at any time; for example, by sending an informal message to one of the above-mentioned contact channels (controller). If the objection is justified, the processing will be terminated. If the legitimate interest lies in direct marketing, the objection is always justified.

Transfer to countries outside the European Union
(1) If personal data is transferred to entities outside the European Union, the controller must provide additional safeguards in accordance with Articles 44 et seq. GDPR.
(2) If the controller refers to a so-called adequacy decision in the following data protection declaration, this means that the receiving entity is located in a country, territory, or specific sector for which the EU Commission has decided that it offers an adequate level of data protection. The guarantee then follows from Article 45 GDPR.
(3) If the controller refers to the so-called EU standard contractual clauses in the following data protection declaration, this means that the receiving party has contractually committed itself to respecting the EU data protection principles and does so on the basis of the so-called EU standard contractual clauses. The guarantee then follows from Article 45 GDPR.
(4) If the controller refers to so-called binding internal data protection rules in the following data protection declaration, this means that the competent supervisory authority has approved the transfer. The guarantee then follows from Article 47 GDPR.
(5) If the controller refers to the data subjects’ express consent to the transfer to a country outside the European Union in the following data protection declaration, this means that they nevertheless consent to the transfer, despite being aware of all the associated risks. The guarantee then follows from Article 49 (1) (a) GDPR. In this context, we would like to point out the following risks: In the USA, no data protection law comparable to the GDPR has been codified. The government authorities there have approved intensive data access, whereby the principle of proportionality regulated in the EU is not applied. Furthermore, there is no effective legal protection for EU citizens there. (6) The above information is provided only as a precautionary measure. It applies only if and to the extent that reference is made to it in the following data protection declaration.

Further information
(1) Automated decision-making, including profiling, does not take place.
(2) A legal obligation to process data only exists if reference is made below to Article 6 (1) (c) GDPR.

Data processing in principle
(1) Data subjects initially use the website for information purposes, i.e., they access the website without actively interacting with it. In doing so, the controller collects the following data from data subjects, to the extent technically necessary to display the website: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its interface, language and version of the browser software. The purpose is to display the website. The legal basis is Article 6 (1) (f) GDPR, whereby the legitimate interest arises from the aforementioned purpose. (2) After the end of informational use, the data is deleted. The purpose is to fulfill a legal obligation (Article 5 (1) (a) and (e) GDPR). The legal basis is Article 6 (1) (c) GDPR.
Data processing based on a legitimate interest (1) In addition to data processing in principle, the controller processes the data of visitors to the website based on a legitimate interest. The legal basis is then Article 6 (1) (f) GDPR.
(2) Attention is drawn to the following processing operations:

Advertising contact with contractual partners.
The controller processes the email address and name of the data subjects in order to send them useful information by email at regular or irregular intervals. Furthermore, the controller stores the information that a contractual relationship exists or existed between them and the controller in order to be able to provide evidence of the legitimate interest. The legitimate interest here arises from the fact that a contractual relationship exists between the data subjects and the controller, in the context of which advertising contact by email is part of the usual expectations of the data subjects. This is supported by Recital 47, Sentence 7. The following data is processed: (1) email address, (2) name, and (3) the status data of the contractual relationship. Special note on the right of objection: Data subjects can object to the use of their data for this purpose at any time; for example, by sending an informal message to the controller (contact channels can be found at the beginning of this declaration and in the imprint). In particular, data subjects can object without incurring any costs other than the transmission costs according to the basic rates.

Rights management and, if necessary, external legal advice.
If data subjects assert claims – regardless of their nature – against the controller here, the data will be processed as follows:
The controller receives the request and stores all associated data.
The controller uses this data to examine the request. If necessary, it will seek external legal advice.
If the request is justified, it will use the data to comply with the request. Otherwise, it will use the data to inform the data subjects.
The controller shall retain the data resulting from the processing pursuant to points 1 to 3 for three years, starting on 31 December of the calendar year in which

Step 3 has taken place. The legitimate interest in points 1 to 3 arises from the interest of the data subjects in having their claims processed and from the controller’s interest in avoiding claims and sanctions. The legitimate interest in point 4 arises from the controller’s need to be able to defend itself later against civil claims as well as allegations of fines and criminal law. This storage interest according to point 4 ends with the expiration of the limitation period pursuant to Sections 193 and 195 of the German Civil Code (BGB). The following data is processed: name, contact details, and communication content.

External web hosting
The controller has commissioned third parties to provide storage space and delivery for the publication of this website. In order for these service providers to fulfill their mandate, they inevitably receive some data from the data subjects. The legitimate interest arises from the right to be able to present themselves publicly. The following data is processed: IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transferred in each case, website from which the request originates, browser, operating system and its interface, language and version of the browser software; possibly also communication and interaction data from the behavior of the data subjects.

Data processing in connection with contracts
(1) In addition to data processing in principle, the controller processes the data of visitors to the website in order to establish, execute, and/or terminate contracts. The legal basis is then generally Article 6 (1) (b) GDPR. Only in the event that the data subjects are employees (including applicants) is the legal basis Article 88 GDPR in conjunction with Section 26 (1) BDSG 2018.
(2) Attention is drawn to the following processing operations:

Form:
The controller provides a form tool on the website. This allows communication between the data subject and the controller, with the data subject’s entries being documented and transmitted to the controller. The following data is processed: data on the content, type, and extent of the entries in the respective form.
Appointment scheduling: If the data subject wishes to schedule a meeting with the controller, they can view available appointment times via an appointment booking portal integrated into this website and simply select one. The controller then receives a notification from the appointment booking portal. The following data is processed: all data collected when making the appointment (usually name, email address, appointment).

Data processing based on consent
(1) In addition to data processing in principle, the controller processes the data of website visitors based on consent. The legal basis is then Article 6 (1) (a) GDPR. Only in the event that the data subjects are employees (including applicants) is the legal basis Article 88 GDPR in conjunction with Section 26 Paragraph 2 of the BDSG 2018.
(2) Reference is made to the following processing operations:

Analysis of user behavior.
Cookies are used to analyze the user behavior of the data subjects on this website. These are text files that are stored on the data subject’s computer and thatenable an analysis of website usage. Information about usage behavior is used to compile reports on activities and interactions. The controller uses this data to regularly improve the user experience on the website. The statistics obtained can also be used to improve its offerings in order to more specifically target the interests of data subjects toward products and services that are most suitable for them. The following data is processed: cookie-based data about interactions (especially the order of interactions, length of stay).

Social media/networks:
The controller uses social media and social networks. The controller has no influence on the data collected and data processing procedures, nor is the controller fully aware of the full scope of data collection, the purposes of processing, the retention periods, and the circumstances of the deletion of personal data. If data subjects visit the controller’s company and product pages on social media or view advertisements (so-called ads), it is possible that the providers of the social media and networks will save the data collected about them as user profiles and use them for the purposes of advertising, market research, and/or tailoring their websites to meet their needs. Data subjects have the right to object to the creation of these user profiles; to exercise this right, they must contact the respective provider. To the extent that the controller can influence the nature and scope of the associated processing of personal data, its purpose is to present the controller, analyze the data subjects’ usage behavior with regard to their interaction with the company and/or product page maintained there, and communicate with the data subjects via this social network (possibly for advertising purposes).

If and to the extent that the controller analyzes visitor interactions with its company page, both it and the respective provider of the social network or medium are jointly responsible under data protection law; this is in accordance with Article 26 GDPR. In all other cases, the respective provider of the social network or medium will be commissioned in accordance with Article 28 GDPR.
In addition to the general statements on the legal basis, the following must be stated: If the data subjects maintain a profile on the respective social network or medium, the legal basis is also the consent within the meaning of Article 6 (1) (a) GDPR, which they have given to the provider of the respective social network.
The following data is processed: Cookie- or pixel-based data about interactions with the website and the company and/or product pages of the controller, if applicable, the email address, the name, and the communication data.

Video playback:
A video playback tool is used to present its and/or third-party videos to the data subjects within the framework of this website, but also possibly on the controller’s channel. When the data subjects start these videos, the controller documents them in order to subsequently display information and ads tailored to their interests to the data subjects. The following data is processed: Cookie-based data that transports the following information: (1) Information that the data subject has visited this website (possibly also the specific subpage), (2) Information that a specific video has been clicked.

Data processing to fulfill a legal obligation (1) In addition to data processing in principle, the controller processes the data of visitors to the website in order to fulfill a legal obligation. The legal basis is then Article

6 (1) (c) GDPR. (2) Attention is drawn to the following processing operations:
Retention of data in connection with contracts. If the controller collects data to establish, execute, and/or terminate contracts, it will generally retain data relevant to the controller’s taxation for six years. By way of derogation from this, data will be retained for ten years. The respective period begins in the year in which the document was created. The purpose is to fulfill the legal retention obligation under Section 147 of the German Fiscal Code (AO).

Retention of data proving consent.
If the controller processes data based on consent, it will store the data proving consent for three years. The period begins when the consent is revoked or the processing subject to the consent ends, whichever occurs first. The purpose is to fulfill the retention obligation under Article 7 (1) GDPR in conjunction with Article 5 (2) GDPR. The period is determined by the limitation periods for administrative offenses pursuant to Section 31 Paragraph 2 Number 1 of the German Administrative Offenses Act (OWiG) in conjunction with Article 83 Paragraphs 4 and 5 of the GDPR.

Processors and third parties receiving data:
The following third parties receive access to the personal data of website visitors as part of the data processing described above:
Third-party providers: The web host “IONOS” of IONOS SE (EU – Germany) is used, which has also been commissioned in accordance with Article 28 of the GDPR. Further details on the processing methods used by this third-party provider can be found here: https://www.ionos.de/hosting/webhosting.
WordPress plugin: The WordPress plugin Contact Form 7 is used to create and manage forms. Details on data processing by this plugin can be found here: https://de.wordpress.org/plugins/contact-form-7/.

Third-party providers: The appointment booking tool “Zoho Calendar” is used. Regarding the identity of the provider, the following must be stated: There are numerous companies that operate under the name “Zoho” (see https://www.zoho.com/de/contactus.html). Given that the controller is a company based within the European Union, it is connected to two contractual partners. As far as the contractual obligation to provide the aforementioned tool is concerned, the contractual partner is Zoho Corporation B.V. (Netherlands – EU). As far as personal data is processed on its behalf as part of the use of the aforementioned tool, its second contractual partner or processor, in addition to Zoho B.V. (Netherlands, see above), is ZOHO CORPORATION PVT. LTD. (India). In other words: As far as the exchange of services and payment is concerned, Zoho B.V. (Netherlands, see above) is the contractual partner. And only insofar as it concerns the processing of personal data, Zoho B.V. (Netherlands, see above) and ZOHO CORPORATION PVT. LTD. (India, see above) are its contractual partners. The fact that ZOHO CORPORATION PVT. LTD. (India) is based outside the European Union does not preclude its engagement, as ZOHO CORPORATION PVT. LTD. (India) has committed itself to the EU standard contractual clauses. Further details on the processing methods used by this third-party provider are described here: https://www.zoho.com/de/calendar/schedule-appointments.html.

Third-party provider:
In connection with the analysis of user behavior, the analysis tool “Google Analytics” from Google Ireland Ltd. (Ireland – EU) is used, which was commissioned in accordance with Article 28 of the GDPR. Further details on the processing methods used by this third-party provider are described here: https://support.google.com/analytics/answer/9306384?hl=de. Please note: IP addresses are shortened by the provider within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a server of the provider in the USA and shortened there. The IP address transmitted by the browser when using this tool will not be merged with other data by the provider. The tool is also used for cross-device analysis of visitor flows, which is carried out via a user ID. Those affected can deactivate cross-device analysis in their customer account under “My data”, “Personal data”. For information purposes, it should be noted that this tool is used with the extension “_anonymizeIp()”. This means that IP addresses are further processed in shortened form, which can prevent them from being traced back to individuals. Insofar as the data collected about the data subjects is personally identifiable, this is immediately excluded and the personal data is deleted immediately. The fact that the data is transmitted to the USA, possibly in cooperation with Google LLC (USA), does not prevent the processing. This is because personal data is only processed if the data subjects consent to the associated data transfer to the USA (see Article 49 (1) (a) GDPR).

Third-party provider: The social network “Instagram” of Meta Platforms Ireland Limited (Ireland – EU) is used. However, it cannot be ruled out that data may be transferred to or integrated with the parent company, Meta Platforms Inc. (USA). To the extent that the controller and the provider of the social network or medium presented here are jointly responsible, the agreement can be found here: https://www.facebook.com/legal/terms/page_controller_addendum. All information on the scope of application and the allocation of tasks can be found there. In all other cases, the provider of the social network or medium has been commissioned in accordance with Article 28 GDPR. Further details on the processing methods used by this third-party provider are described here: https://help.instagram.com/519522125107875. The use of this third-party provider is not precluded by the fact that data transfer to or integration with the parent company based in the USA cannot be ruled out. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (see Article 49 (1) (a) GDPR). This occurs vis-à-vis the local controller to the extent that they control the data processing. If the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is no transfer by the controller to the USA, so the local controller does not need to provide any further guarantee within the meaning of Articles 44 et seq. GDPR. In this case, a relationship within the meaning of Article 26 GDPR exists between the local controller and the provider of the social network.

The controller also maintains a company or product page with this provider, which is also linked to this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the profile of the controller. Third-party provider: The social network “LinkedIn” of the LinkedIn Ireland Unlimited Company (Ireland – EU) is used. However, it cannot be ruled out that data will be transferred to or integrated with the parent company, LinkedIn Corporation (USA). Further details on the processing methods used by this third-party provider are described here: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.. The use of this third-party provider is not precluded by the fact that data will not be transferred to or integrated with the parent company based in the USA. This is because the processing of personal data via this tool only takes place if the data subjects consent to the associated data transfer to the USA (cf. Article 49 (1) (a) GDPR). This is done vis-à-vis the controller here, insofar as they control the data processing.

If the provider of the social network or medium presented here controls the processing (for example, if the data subjects visit the social network independently of an action on this website), there is no transfer by the controller to the USA, so the controller here does not need to provide any further guarantee within the meaning of Articles 44 et seq. GDPR. In this case, a relationship within the meaning of Article 26 GDPR exists between the controller here and the provider of the social network.
The controller also maintains a company or product page with this provider, which is also linked on this website. If the data subjects click on this link (meaning the link to the company or product page), they will be taken to the controller’s profile.

Third-party provider: The WordPress cookie consent plugin Borlabs Cookie from the developer Benjamin A. Bornschein (Germany – EU) is used. Further details on the processing methods used by this third-party provider are described here: https://de.borlabs.io/borlabs-cookie/.