§ 1 OMMAX - Websites
Thank you for your interest in our website. The protection of your personal data is important to us. Below you will find information on the handling of your data that is collected through your use of our website. Your data will be processed in accordance with the legal data protection regulations. Insofar as links are provided to other websites, we have neither influence nor control over the linked contents and the data protection regulations there. We recommend checking the data protection declarations on the linked websites to determine whether and to what extent personal data is collected, processed, used or made available to third parties.
§ 2 Summary
§ 3 Contact persons and responsibilities
Responsible entity within the meaning of data protection law:
+49 (0) 89 4141 8600
Headquarters: Munich, Registration Court: Munich Local Court, Registration Number: HRB 190936
Managing Directors: Toni Stork, Christiane Jauch, Dr. Stefan Sambol, Dr. Anja Konhäuser
Contact details of the data protection officer:
Leopoldstrasse 21, 80802 München
§ 4 Definition of personal data
Personal data is any information about the personal and actual circumstances of a particular or identifiable person. This information includes, for example, your name, e-mail address, postal address or telephone number. Information on the basis of which your identity cannot be determined without additional data is not included.
In the opinion of the supervisory authorities, IP addresses are, in particular, data that refer to personal data. The transmission of the IP address when accessing a website is a technical necessity. If necessary, the data is analysed for statistical purposes in anonymous and pseudonymised form. This means that it is not possible to identify you personally through this.
In principle, our data protection declaration should be simple and understandable for everyone. For this reason, our data protection declaration generally uses the official terms of the General Data Protection Regulation (GDPR). The official definitions are explained in Art. 4 GDPR.
§ 5 Data processing by visiting our website
When you visit our website, it is technically necessary that data is transmitted to our web server via your internet browser. The following data is recorded during a running connection for communication between your internet browser and our web server:
- Visited domain
- The date and time of the request
- Page from which the file was requested
- Access status (file transferred, file not found, etc.)
- The web browser, system language, operating system and device type used
- IP address of the requesting computer
- The amount of data transferred
We collect the listed data to ensure a smooth connection to the website and to enable a comfortable use of our website by the users. In addition, the log file serves the purpose of evaluating system security and stability, as well as providing administrative functions. The legal basis for the temporary storage of data or log files is Art. 6 para. 1 a. GDPR.
§ 6 Storage of data
If we receive personal data from you, OMMAX will store it on a server and use it exclusively for the purposes for which you have transmitted it to us. All the servers used by OMMAX are located within the European Union. We comply with legal regulations both during transmission and after receipt, taking into account the state of the art and suitable technical and organisational measures to protect personal information and data transmitted to us. However, no transmission method over the internet or electronic storage method is one hundred percent secure. As a result, we cannot guarantee absolute safety.
§ 7 Newsletter
You can register on our website to receive our newsletter. We need your e-mail address for this. In addition, we must check whether you are actually the owner of the e-mail address provided and would like to receive the newsletter, taking into account the relevant legal regulations. We therefore collect information that makes such a check possible. The data collected in this context is used to send and receive the newsletter. It has no other purpose and will not be passed on to third parties. Apart from the information required for sending the newsletter, no other data is collected from our site. As the sending and receiving of the newsletter is dependent on your consent, you can revoke this consent to the collection and storage of your data at any time without giving reasons. Please use the "Unsubscribe-Link", which is provided in the newsletter.
The newlsetter program provider is Selligent GmbH, 12 Atelierstraße, 81671 Munich, Germany.
For further information see §14.
§ 8 Use of website analytics tools (web tracking)
Like most website operators, we also use analytics tools in the form of tracking software to determine the frequency of use and the number of users of our website. According to § 15 Abs. 3 TMG (German Telemedia Act) the service provider may create user profiles for purposes of advertising, market research and for the demand-oriented design of the website, provided that these are not combined with data about the owner of the pseudonym.
§ 9 Google Analytics
This website uses Google Analytics, an internet analysis service provided by Google Inc. "("Google"). Google Analytics uses so-called "cookies" and web beacons. The information generated in relation to the use of this website is transferred by default to a Google server in the USA and stored there. We use Google Analytics only with IP anonymization enabled. This means that Google will reduce the IP address of users within Member States of the European Union or in other signatory states to the Agreement on the European Economic Area, which may exclude any personal relationship. Google Inc., based in the USA, is certified for the US-European data protection agreement "Privacy Shield", which guarantees compliance with the data protection level applicable in the EU. If you have given your consent in accordance with Art. 6 Para. 1 S. 1 lit. a DSGVO, the processing on this website carried out for website analysis purposes.
You can prevent cookies from being saved by adjusting the settings of your browser software accordingly. However, we must point out that in this case you will not be able to use all functions of this website without restrictions. You can also prevent Google from collecting the data generated by the cookie and analysing your use of the website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available at http://tools.google.com/dlpage/gaoptout?hl=en.
Information on the handling of user data at Google Analytics can be found in Google's data protection declaration:
§ 10 Hotjar
When using this tool, we pay particular attention to the protection of your personal data. This way we can only see which buttons are clicked, the course of the mouse, how far the mouse scrolls, the screen size of the device, device type and browser information, geographical location (country only) and the preferred language to display our website. Areas of the websites in which personal data of you or third parties is displayed are automatically hidden by Hotjar and are therefore at no time traceable. In order to exclude a direct personal relationship, IP addresses are only stored and processed anonymously. Hotjar uses various third-party services such as Google Analytics and Optimizely. It may therefore be the case that these services collect data that is transmitted by your browser within the framework of website enquiries. These may be cookies or your IP address, for example. In these exceptional cases, the processing is carried out in accordance with Art. 6 para. 1 lit. a GDPR on the basis of your consent for statistical analysis of user behaviour for optimisation and marketing purposes.
Hotjar offers every user the possibility to prevent the use of the tool Hotjar with the help of a "Do-not-Track-Headers", so that no data about the visit of the respective website is recorded. This is a setting that supports all common browsers in current versions. Your browser sends a request to Hotjar to deactivate the tracking of the respective user. If you use our websites with different browsers or computers, you must set up the "Do-not-Track-Headers" for each of these browsers or computers separately.
When you visit a Hotjar-based website, you can prevent Hotjar from collecting your data at any time by going to our opt-out page at https://www.hotjar.com/legal/compliance/opt-out and disabling Hotjar. For more information about Hotjar Ltd. and the Hotjar tool, please visit: www.hotjar.com
§ 11 Facebook Plug-Ins
We use so-called social plug-ins of the facebook.com network, such as the "Like" button. These plug-ins are offered and operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA, and clearly marked with the Facebook logo. An overview of the Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/.
This information (including your IP address) is transmitted directly from your browser to a server in the USA. If you interact with the plugins, for example by clicking the "I like" button or making a comment, this information is also transmitted directly to a Facebook server and stored there. The information is also published on your Facebook profile and displayed to your Facebook friends.
The described data processing processes take place in accordance with art. 6 par. 1 lit. f DSGVO on the basis of Facebook's legitimate interests in the insertion of personalised advertising in order to inform other users of the social network about your activities on our website and to design the service in line with your needs.
When you access a page that contains such a plug-in, your browser connects to Facebook's servers. The content of the plug-in is transmitted directly from Facebook to your browser and displayed accordingly in our environment. The provider therefore has no influence on the extent of the data that Facebook collects with the help of this plug-in and therefore informs users according to their level of knowledge: http://www.facebook.com/help/?faq=17512
Facebook may be able to track and associate your visit to our respective pages with a Facebook account if you are registered with Facebook or have recently visited a page on Facebook or with Facebook content. If you actively use plug-ins (e.g. press the like button), the corresponding information is also transmitted directly from your browser to Facebook without us having any influence on this. For more detailed information on the type, purpose and scope as well as the further processing and use of your data by Facebook, please refer to the data protection information on Facebook. There you will also learn more about your rights in this regard and the setting options for the protection of your privacy.
If you do not want Facebook to associate your visit to our pages with your Facebook account, please log out of your Facebook account. You can also object to the loading of the Facebook plugins and thus the data processing procedures described above with add-ons for your browser in the future, e.g. with the script blocker "NoScript" (https://noscript.net/).
Facebook Inc., based in the USA, is certified for the US European Privacy Shield, which guarantees compliance with the data protection level applicable in the EU.
It is also possible to block Facebook's social plugins with add-ons for your browser, for example with the "Facebook Blocker". Link to the Facebook Blocker: (http://webgraph.com/resources/facebookblocker/).
§ 12 Twitter Plug-In
Our pages include functions of the Twitter service. These functions are provided by Twitter Inc, Twitter, Inc. 1355 Market St, Suite 900, San Francisco, CA 94103, USA. By using Twitter and the "Re-Tweet" function, the websites you visit are linked to your Twitter account and made known to other users. Data is also transmitted to Twitter.
The described data processing procedures take place according to art. 6 par. 1 lit. f DSGVO on the basis of the legitimate interests of Twitter in the insertion of personalised advertising in order to inform other users of the social network about your activities on our website and for the demand-oriented design of the service.
You can also object to the loading of Twitter plug-ins and thus the data processing procedures described above with add-ons for your browser for the future, e.g. with the script blocker "NoScript" (http://noscript.net/).
You can change your Twitter privacy settings in your account settings at https://twitter.com/settings/account
§ 13 LinkedIn
Within our online offer we use the marketing functions (so-called "LinkedIn Insight Tag") of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. Every time you visit one of our pages that contains functions of LinkedIn, a connection to LinkedIn's servers is established. LinkedIn is informed that you have visited our website with your IP address. With the help of the LinkedIn Insight Tag we can analyse the success of our campaigns within LinkedIn or determine target groups for them based on the interaction of the users with our online offer. If you are registered with LinkedIn, it is possible for LinkedIn to associate your interaction with our online service with your user account. Even if you click on the "Recommend-Button" from LinkedIn and are logged into your LinkedIn account, LinkedIn is able to assign your visit to our website to you and your user account. LinkedIn is certified under the Privacy Shield Agreement and thus offers a guarantee to comply with European data protection law.
The described data processing procedures take place according to art. 6 para. 1 lit. f DSGVO on the basis of the legitimate interests of LinkedIn in the insertion of personalised advertising in order to inform other users of the social network about your activities on our website and for the demand-oriented design of the service.
You can also object to the loading of the LinkedIn plug-ins and thus the data processing procedures described above with add-ons for your browser in the future, e.g. with the script blocker "NoScript" (http://noscript.net/).
§ 14 Use of Selligent
(1) Selligent Marketing Cloud is a marketing automation platform that enables B2C brands to engage customers effectively across all major channels. Designed specifically for relationship marketing, the platform is the only marketing cloud with a unified code base. Selligent combines Artificial Intelligence (AI) with a Customer Data Platform (CDP) based on a universal user profile which underlies every brand interaction.
(2) This service is provided by our partner Selligent: Selligent GmbH, 12 Atelierstraße, 81671 Munich, Germany. You can find more information about Selligent's data protection at: http://www.selligent.com/de/datenschutz-grundverordnung, http://www.selligent.com/privacy-policy
§ 15 HubSpot
HubSpot is certificated for the compliance with the EU-U.S. Privacy-Shield as well as the Swiss-U.S. Privacy Shield. For further information please go to “Privacy Shield List” on the Website of the U.S. Department of Commerce, available at www.privacyshield.gov/welcome. You can permanently object the setting of cookies by ceasing your browser settings. You can object the processing of your personal data at any time with effect for the future by sending an e-mail to digital[at]ommax.de.
§ 16 Google Maps
Our homepage uses the online map service provider Google Maps via an interface. The map service provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To use the functionalities of Google Maps it is necessary to save your IP address. This information is transferred to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission. The use of the Google Maps map service is in the interest of an appealing presentation of our online offer and to make it easier to find the addresses we have listed on the website. This represents a legitimate interest within the meaning of Art. 6 para. 1 lit. f DSGVO.
§ 17 Cookies
In some cases, cookies are used to simplify website processes by saving settings (e.g. the provision of already selected options). If personal data is also processed by individual cookies implemented by us, the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR either for the execution of the contract or in accordance with Art. 6 para. 1 lit. f GDPR to safeguard our legitimate interests in the best possible functionality of the website and a customer-friendly and effective design of the page visit.
You can configure your browser in such a way that you are informed about the settings of cookies and only allow cookies in individual cases, excluding the acceptance of cookies for certain cases or in general deactivating cookies and activating the automatic deletion of cookies when closing the browser. The cookie settings can be managed using the following links for the respective browser.
Internet Explorer: http://windows.microsoft.com/de-DE/windows-vista/Block-or-allow-cookies
You can also individually manage the cookies of many companies and features used for advertising. Use the corresponding user tools, available at https://www.aboutads.info/choices/ or http://www.youronlinechoices.com/uk/your-ad-choices
Most browsers also offer a so-called "Do-Not-Track function" with which you can specify that you do not want to be "tracked" by websites. When this feature is enabled, your browser tells advertising networks, websites and applications that you do not want to be tracked for behavior-based advertising. Information and instructions on how to edit this function are available from the links below, depending on the provider of your browser:
Mozilla Firefox: https://www.mozilla.org/de/firefox/dnt/
Please note that when cookies are deactivated, the functionality of this website may be limited.
§ 18 Data transfer and recipient
We do not sell your personal data to third parties. Your personal data will not be passed on to third parties unless
- we have explicitly indicated this in the description of the respective data processing,
- you have given your explicit consent in accordance to Art. 6 para. 1 sentence 1 lit. a GDPR,
- the disclosure pursuant to Art. 6 para. 1 sentence 1 f GDPR is necessary to assert, exercise or defend legal claims and there is no reason to assume that you have an outright interest worthy of protection in not disclosing your data,
- that a legal obligation exists for the transfer pursuant to Art. 6 para. 1 sentence 1 lit. c GDPR and
- this is required under Art. 6 para. 1 sentence 1 lit. b GDPR for the processing of contractual relationships with you.
We also use external service providers, which we have carefully selected and commissioned in writing, to carry out our services. They are bound by our instructions and are regularly checked by us. With which we have concluded order processing contracts in accordance with Art. 28 GDPR, if necessary. These are service providers for web hosting, sending e-mails and maintaining our IT systems, etc. The service providers will not pass this data on to third parties.
§ 19 Duration of data storage
We adhere to the principles of data avoidance and data minimization. Accordingly, we will only store your personal data for as long as necessary to achieve the purposes stated here or in accordance with the various storage periods prescribed by law. Once the targets have been met or these deadlines have expired, the relevant data is routinely blocked or deleted in accordance with legal requirements.
§ 20 Rights of the persons concerned
In the following section you will find information on the rights of persons concerned which are granted to you by the current data protection laws with regard to the entity responsible of the processing of your personal data:
The right to request information about your personal data processed by us in accordance with Art. 15 GDPR. In particular, you may request information about the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, deletion, restriction of processing or objection, the existence of a right of complaint, the origin of your data, if these have not been collected by us, and the existence of automated decision-making including profiling and, if applicable, meaningful information regarding their details.
The right to immediately request the correction of incorrect or complete personal data stored by us in accordance with Art. 16 GDPR.
The right to request the deletion of your personal data stored by us in accordance with Art. 17 GDPR, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims.
The right, pursuant to Art. 18 GDPR, to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to have it deleted and we no longer need the data, but you need it to assert, exercise or defend legal claims or you have filed an objection against the processing pursuant to Art. 21 GDPR.
The right, in accordance with Art. 20 GDPR, to receive your personal data that you have provided to us in a structured, current and machine-readable format or to request its transfer to another person responsible.
The right to revoke your consent granted pursuant to Art. 7 para. 3 GDPR at any time with effect in the future.
The right to complain to a supervisory authority pursuant to Art. 77 GDPR. As a rule, you can contact the supervisory authority of the federal state in which we have our registered office or, if applicable, that of your usual place of residence or work.
The right to revoke consent granted pursuant to Art. 7 para. 3 GDPR: You have the right to revoke consent to the processing of data once granted at any time with effect for the future. In the event of revocation, we will delete the data concerned without delay, unless further processing can be based on a legal basis for processing without consent. The revocation of consent shall not affect the legality of the processing carried out on the basis of the consent until revocation;
Right of objection
If your personal data is processed by us on the basis of legitimate interests pursuant to Art. 6 para. 1 sentence 1 lit. f GDPR, you have the right to object to the processing of your personal data in accordance with Art. 21 GDPR, insofar as this is for reasons arising from your particular situation. If the objection is directed against the processing of personal data for the purpose of direct marketing, you have a general right of objection without the requirement to indicate a special situation.
If you wish to exercise your right of revocation or opposition or any of your other rights, simply send an e-mail to firstname.lastname@example.org. with the subject "Data protection OMMAX websites". If necessary, you must provide proof of your identity or that it is your account.
§ 21 Subject to alterations
§ 22 Disclaimer
We may also share your personal information under the following circumstances:
to the extent required by law for the purpose of subsequent performance of an information request or comparable legal action
- if we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of third parties, to investigate fraud or in response to an official request
- if OMMAX is involved in a merger, acquisition or disposal of all or part of its assets, we will notify you by e-mail and/or by posting a prominent notice on our website of changes in ownership or use of your personal information and choices regarding your personal information.
- to third parties with your prior consent.
Status of this data protection declaration: 23.05.2019