OHB Digital Connect // We.Connect.Space.

Menu
Menu
Menu

Data protection

Privacy Policy

English

We are delighted by your interest in our company. Data protection is of paramount importance to the management of OHB Digital Connect GmbH. Use of the OHB Digital Connect GmbH website is generally possible without providing any personal data. However, if a data subject wishes to use special services offered by our company via our website, processing of personal data may become necessary. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the data subject's consent.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation (GDPR) and in compliance with the country-specific data protection regulations applicable to OHB Digital Connect GmbH. This privacy policy aims to inform the public about the nature, scope, and purpose of the personal data we collect, use, and process. Furthermore, this privacy policy informs data subjects about their rights.

OHB Digital Connect GmbH, as the data controller, has implemented numerous technical and organizational measures to ensure the most complete possible protection of personal data processed via this website. However, internet-based data transmissions can fundamentally have security vulnerabilities, meaning absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us via alternative means, such as by telephone.

1. Definitions

The privacy policy of OHB Digital Connect GmbH is based on the terms used by the European legislator when enacting the General Data Protection Regulation (GDPR). Our privacy policy is intended to be easily readable and understandable for both the general public and our customers and business partners. To ensure this, we would like to explain the terminology used beforehand.

In this privacy policy, we use, among other things, the following terms:

a. Personal data

Personal data is any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Affected person

A data subject is any identified or identifiable natural person whose personal data is processed by the controller.

c. Processing

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d. Profiling

Profiling is any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

e. Controller or data controller

The controller, or data controller, is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law.

f. Data processor

A data processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g. Recipient

A recipient is a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether a third party or not. However, public authorities that may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered recipients.

h. Third

A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

i. Consent

Consent means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. External Hosting

This website is hosted externally. The personal data processed on the OHB Digital Connect GmbH website is stored on the host's servers. This may include, but is not limited to, IP addresses, contact requests, metadata and communication data, contract data, contact information, names, website access data, and other data generated via a website.

External hosting is used for the purpose of fulfilling our contractual obligations to our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast, and efficient provision of our online services by a professional provider (Art. 6 para. 1 lit. f GDPR). If corresponding consent has been requested, processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and Section 25 para. 1 of the Telecommunications, Digital Services, and Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information on the user's device within the meaning of the TDDDG. Consent can be withdrawn at any time.

Our host will only process your data to the extent necessary to fulfill its contractual obligations, and only in accordance with our instructions.

We use the following hosting provider:

IONOS SE

Elgendorfer Str. 57

56410 Montabaur

We have concluded a data processing agreement (DPA) for the use of the aforementioned service. This is a legally required agreement under data protection law, which ensures that the service provider processes the personal data of our website visitors only according to our instructions and in compliance with applicable laws.

3. Name and address of the data controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

OHB Digital Connect GmbH

Manfred-Fuchs-Platz 2-4

28359 Bremen

4. Name and address of the data protection officer

The data protection officer of the controller is:

Jochen Zurborg

Manfred-Fuchs-Platz 2-4

D-28359 Bremen

Tel.: +49 (0)421 2020 9720

Email: datenschutz@ohb.de

Any affected person can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

5. Cookies

The websites of OHB Digital Connect GmbH use cookies. Cookies are text files that are placed and stored on a computer system via an internet browser.

By using cookies, OHB Digital Connect GmbH can provide users of this website with more user-friendly services that would not be possible without setting cookies. If the data subject deactivates the setting of cookies in their internet browser, some functions of our website may not be fully usable.

Cookies are either temporarily deleted for the duration of a session (session cookies) after you leave a website, or permanently stored on your device (persistent cookies) until you delete them yourself or your web browser deletes them automatically. Cookies allow us to optimize the information and offers on our website for the user. They also enable us to recognize returning users. The purpose of this recognition is to make it easier for users to navigate our website.

Cookies that are necessary for carrying out electronic communication, providing certain functions you have requested, or optimizing the website (essential cookies) are stored on the basis of Article 6(1)(f) GDPR, unless another legal basis is specified. OHB Digital Connect GmbH has a legitimate interest in storing essential cookies to ensure the technically flawless and optimized provision of its services. If consent to the storage of cookies and similar recognition technologies has been requested, processing is carried out exclusively on the basis of this consent (Article 6(1)(a) GDPR and Section 25(1) TDDDG); this consent can be revoked at any time.

The data subject can prevent the setting of cookies by our website at any time by adjusting the corresponding setting of the internet browser used and thus permanently object to the setting of cookies.

Information about which cookies and services are used on this website can be found in the privacy policy.

6. Collection of general data and information

The OHB Digital Connect GmbH website collects a range of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server's log files. The following data may be collected:

  • browser types and versions used
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website (so-called referrer),
  • the subpages which are accessed via an accessing system on our website,
  • the date and time of access to the website,
  • an Internet Protocol address (IP address),
  • the Internet service provider of the accessing system and
  • other similar data and information that serve to prevent threats in the event of attacks on our information technology systems.

 

When using this general data and information, OHB Digital Connect GmbH does not draw any conclusions about the data subject. Rather, this information is needed to

  • to deliver the content of our website correctly,
  • to optimize the content of our website and the advertising for it,
  • to ensure the continued functionality of our information technology systems and the technology of our website, as well as
  • to provide law enforcement agencies with the information necessary for prosecution in the event of a cyberattack.

 

OHB Digital Connect GmbH therefore uses this anonymously collected data and information for statistical analysis and to improve data protection and data security within our company, ultimately ensuring an optimal level of protection for the personal data we process. The anonymous server log file data is stored separately from all personal data provided by a data subject.

7. SSL or TLS encryption

For security reasons and to protect the transmission of confidential information, our website uses SSL/TLS encryption. You can recognize an encrypted connection by the fact that the browser's address bar changes from "http://" to "https://" and by the padlock symbol in your browser's address bar.

When SSL or TLS encryption is enabled, the data you send to us cannot be read by third parties.

8. Contact options via the website

Due to legal requirements, the OHB Digital Connect GmbH website contains information that enables quick electronic contact with our company and direct communication with us, including a general email address. If a data subject contacts the data controller via email or a contact form, the personal data transmitted by the data subject will be stored automatically. Such personal data transmitted voluntarily by a data subject to the data controller will be stored for the purpose of processing the inquiry or contacting the data subject. This personal data will not be disclosed to third parties.

9. Routine deletion and blocking of personal data

The controller shall process and store personal data of the data subject only for the period necessary to achieve the purpose of storage or as far as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the purpose for which the data was stored ceases to exist, or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

10. Rights of the data subject

a. Right to confirmation

Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may contact the data protection officer at any time.

b. Right to information

Every person whose personal data is being processed has the right to obtain from the data controller, at any time and free of charge, information about the personal data stored about him or her and a copy of this information.

If a data subject wishes to exercise this right of access, they can contact the data protection officer at any time.

c. Right to rectification

Every data subject has the right to request the immediate rectification of inaccurate personal data concerning him or her. Furthermore, taking into account the purposes of the processing, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary statement.

If a data subject wishes to exercise this right to rectification, they can contact the data protection officer at any time.

d. Right to erasure (right to be forgotten)

Any person whose personal data is being processed has the right to request from the controller that the personal data concerning him or her be erased without undue delay where the processing is no longer necessary:

If a data subject wishes to have their personal data stored by OHB Digital Connect GmbH deleted, they can contact the data protection officer at any time. The data protection officer of OHB Digital Connect GmbH will ensure that the deletion request is complied with immediately.

The data protection officer of OHB Digital Connect GmbH will, in accordance with Art. 17 para. 1 GDPR, take the necessary steps to delete data in individual cases, insofar as the processing is no longer necessary.

e. Right to restriction of processing

Any person whose personal data is being processed has the right to request from the controller the restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful, the data subject refuses to have their personal data erased and requests instead the restriction of its use.
  • The controller no longer needs the personal data for the purposes of processing, but the data subject needs it for the establishment, exercise or defense of legal claims.
  • The data subject has objected to the processing pursuant to Article 21(1) GDPR and it is not yet clear whether the legitimate grounds of the controller override those of the data subject.

 

If one of the aforementioned conditions is met and a data subject wishes to restrict the processing of their personal data stored by OHB Digital Connect GmbH, they may contact the data protection officer at any time. The data protection officer of OHB Digital Connect GmbH will then arrange for the restriction of processing.

f. Right to data portability

Every data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. He or she also has the right to transmit this data to another controller. Where technically feasible and provided that this does not adversely affect the rights and freedoms of others, the data may be transmitted directly to another controller.

To assert the right to data portability, the data subject may contact the data protection officer of OHB Digital Connect GmbH at any time.

g. Right to object

Any data subject has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) of the GDPR. This also applies to profiling based on those provisions.

OHB Digital Connect GmbH will no longer process personal data in the event of an objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or the processing serves the purpose of establishing, exercising or defending legal claims.

If OHB Digital Connect GmbH processes personal data for direct marketing purposes, the data subject has the right to object at any time to the processing of their personal data for such marketing. This also applies to profiling insofar as it is related to such direct marketing. If the data subject objects to processing for direct marketing purposes, OHB Digital Connect GmbH will no longer process the personal data for these purposes.

Furthermore, the data subject has the right to object, on grounds relating to his or her particular situation, to the processing of personal data concerning him or her which is carried out by OHB Digital Connect GmbH for statistical purposes pursuant to Article 89(1) GDPR, unless such processing is necessary for the performance of a task carried out in the public interest.

To exercise the right to object, the data subject can contact the data protection officer of OHB Digital Connect GmbH directly.

h. Automated individual decision-making, including profiling

Every person whose personal data is being processed has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

If the data subject wishes to assert rights relating to automated decision-making, they can contact the data protection officer at any time.

i. Right to withdraw consent under data protection law

If you have given us your consent to process your personal data in accordance with Section 25 Paragraph 1 Sentence 1 of the German Telemedia Act (TDDG), Article 6 Paragraph 1 Letter a or Article 9 Paragraph 2 Letter a of the GDPR, you have the right to withdraw this consent at any time. If the data subject wishes to exercise their right to withdraw consent, they can contact the data protection officer at any time.

j. Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, their place of work or the place of the alleged infringement.

11. Legal basis for processing

Article 6 I lit. a GDPR serves as the legal basis for our company for processing operations where we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the processing is based on Article 6(1)(b) GDPR. The same applies to processing operations that are necessary for carrying out pre-contractual measures, such as inquiries about our products or services. If our company is subject to a legal obligation that requires the processing of personal data, such as for the fulfillment of tax or commercial law obligations, the processing is based on Article 6(1)(c) GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or another natural person, in which case the processing would be based on Article 6(1)(d) GDPR.

Ultimately, processing operations could be based on Article 6(1)(f) GDPR. This legal basis applies to processing operations not covered by any of the aforementioned legal bases if the processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject. Such processing operations are permitted in particular because they have been specifically mentioned by the European legislator. The legislator took the view that a legitimate interest could be assumed where the data subject is a client of the controller (Recital 47, second sentence, GDPR).

If the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the conduct of our business activities for the benefit of all our employees and our shareholders.

12. Use of the web analytics service Google Analytics (with anonymization function)

We use Google Analytics on our website, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland, which enables an analysis of your use of our website.

By default, Google Analytics sets cookies when you visit our website. These cookies are small text files stored on your device and collect certain information. With the help of an add-on, Google shortens and anonymizes the IP address of the data subject's internet connection if our website is accessed from a member state of the European Union or from another contracting state of the Agreement on the European Economic Area.

Your personal data may be transferred within Google Ireland to its parent organization, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. The European Commission has recognized the level of data protection for certain US companies in an adequacy decision (the so-called EU-US Data Privacy Framework). Google LLC has self-certified under this framework and has thus committed to compliance. This self-certification permits the transfer of personal data to the USA based on the EU-US Data Privacy Framework.

Google uses the collected information on our behalf to evaluate your use of the website, to compile reports on website activity for us, and to provide other services related to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics and shortened will not be merged with other Google data.

All processing described above, in particular the setting of cookies on the device used, will only take place if you have given us your explicit consent in accordance with Art. 6 para. 1 lit. a GDPR.

Without your consent, Google Analytics will not be used during your visit to our website. You can revoke your consent at any time with effect for the future. To exercise your right of revocation, please deactivate this service using the "Cookie Consent Tool" provided on the website.

We have entered into a data processing agreement with Google that ensures the protection of our website visitors' data and prohibits unauthorized disclosure to third parties.

Further information and Google's applicable privacy policy can be found at https://www.google.de/intl/de/policies/privacy/ and at http://www.google.com/analytics/terms/de.html.

13. Google Tag Manager

We use Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that allows us to integrate tracking and analytics tools and other technologies into our website. Google Tag Manager itself does not create user profiles, store cookies, or perform independent analyses. It serves solely to manage and deploy the tools integrated through it. However, Google Tag Manager does collect your IP address, which may also be transferred to Google's parent company in the USA. The use of Google Tag Manager is based on Article 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and easy integration and management of various tools on its website. If consent has been requested, processing is carried out exclusively on the basis of Article 6(1)(a) GDPR and Section 25(1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user's device (e.g., device fingerprinting) within the meaning of the TDDDG. Consent can be withdrawn at any time.

We have concluded a data processing agreement with the service provider in accordance with Art. 28 GDPR.

14. Duration for which the personal data will be stored

The criterion for the duration of storage of personal data is the respective statutory retention period. After this period expires, the corresponding data is routinely deleted, unless it is still required for the performance of a contract or for initiating a contract.

15. Legal or contractual requirements for providing personal data; necessity for entering into a contract; obligation of the data subject to provide the personal data; possible consequences of not providing the data

We would like to inform you that the provision of personal data is sometimes required by law (e.g., tax or commercial law regulations) or may also arise from contractual provisions (e.g., information about the contracting party). In some cases, it may be necessary for a data subject to provide us with personal data that we subsequently need to process in order to conclude a contract. Before providing personal data, the data subject must contact one of our employees. Our employee will explain to the data subject, on a case-by-case basis, whether the provision of personal data is required by law or contract, or necessary for the conclusion of the contract, whether there is an obligation to provide the personal data, and what the consequences of not providing the personal data would be.

16. Existence of automated decision-making

As a responsible company, we refrain from automated decision-making or profiling.

17. Social Media Plugins

We use so-called social media buttons (also known as social media plugins) on our website. These are small buttons that allow you to share content from our website on social networks under your profile.

If you activate such a button, a connection will be established between our website and the relevant social network. In addition to the relevant content, the operator of the social network will receive further information, some of which is personal. This includes, for example, the fact that you are currently visiting our site.

The integration of social media buttons uses the so-called Shariff solution. This solution prevents a connection to a social network from being established simply by visiting a page with a social media button without activating it. This means that information is only transmitted to the social network when you actually use the button.

We use the following social media plugins:

d) LinkedIn:

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. Information is sometimes transferred to the parent company, which is based in the USA. This data transfer to the USA is based on the EU Commission's Standard Contractual Clauses. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs .

Further information on data protection at LinkedIn can be found in LinkedIn's privacy policy: https://de.linkedin.com/legal/privacy-policy

e) YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The company is certified under the EU-US Data Privacy Framework (DPF). The DPF is an agreement between the European Union and the USA that aims to ensure compliance with European data protection standards for data processing in the USA. For details on how they handle your personal data, please see YouTube's privacy policy: https://policies.google.com/privacy?hl=de

Privacy Policy

We are very pleased that you have shown interest in our company. Data protection is of a particularly high priority for the management of OHB Digital Connect GmbH. The use of the Internet pages of OHB Digital Connect GmbH is possible without any indication of personal data. However, if a person concerned wishes to make use of special services of our company via our website, it may be necessary to process personal data. If the processing of personal data is necessary and there is no legal basis for such processing, we generally obtain the consent of the data subject.

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to OHB Digital Connect GmbH. By means of this data protection declaration, our company would like to inform the public about the type, scope and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed of their rights by means of this privacy policy.

As the controller, OHB Digital Connect GmbH has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. Nevertheless, Internet-based data transmissions can generally have security gaps, so that absolute protection cannot be guaranteed. For this reason, every data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

The data protection declaration OHB Digital Connect GmbH is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we would like to explain the terms used in advance.

We use the following terms, among others, in this Privacy Policy:

a. Personal data

Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

b. Data subject

Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c. Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

d. Profiling

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

e. Controller or controller responsible for the processing

Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

f. Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

g. Recipient

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients.

h. Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

i. Consent

Consent is any given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2. External hosting

This website is hosted externally. The personal data processed on the OHB Digital Connect GmbH website is stored on the hoster's servers. This may include IP addresses, contact requests, meta and communication data, contract data, contact data, names, website accesses and other data generated via a website.

External hosting is carried out for the purpose of fulfilling the contract with our potential and existing customers (Art. 6 para. 1 lit. b GDPR) and in the interest of a secure, fast and efficient provision of our online offer by a professional provider (Art. 6 para. 1 lit. f GDPR). If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 Telecommunications Digital Services Data Protection Act (TDDDG), insofar as the consent includes the storage of cookies or access to information in the user's terminal device within the meaning of the TDDDG. Consent can be revoked at any time.

Our host will only process your data in accordance with your instructions to the extent that this is necessary to fulfill its service obligations.

We use the following hosting provider:

IONOS SE

Elgendorfer Str. 57

56410 Montabaur

We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract that is required under data protection law and ensures that it only processes the personal data of our website visitors in accordance with our instructions and in compliance with the law.

3. Name and address of the controller

The controller within the meaning of the General Data Protection Regulation, other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

OHB Digital Connect GmbH

Manfred-Fuchs-Platz 2-4

28359 Bremen

4. Name and address of the data protection officer

The data protection officer of the controller is:

Jochen Zurborg

Manfred-Fuchs-Platz 2-4

D-28359 Bremen

Phone: +49 (0)421 2020 9720

Email: datenschutz@ohb.de

Any data subject can contact our data protection officer directly at any time with any questions or suggestions regarding data protection.

5. Cookies

The Internet pages of OHB Digital Connect GmbH use cookies. Cookies are text files that are stored on a computer system via an Internet browser.

Through the use of cookies, OHB Digital Connect GmbH can provide the users of this website with more user-friendly services that would not be possible without the cookie setting. If the data subject deactivates the setting of cookies in the Internet browser used, not all functions of our website may be entirely usable.

Cookies are either stored temporarily for the duration of a session (session cookies) and deleted at the end of your visit to a website or permanently (permanent cookies) on your end device until you delete them yourself or they are automatically deleted by your web browser. Cookies can be used to optimize the information and offers on our website for the benefit of the user. Cookies enable us to recognize the users of our website. The purpose of this recognition is to make it easier for users to use our website.

Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested or to optimize the website (necessary cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified. OHB Digital Connect GmbH has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG); the consent can be revoked at any time.

The data subject can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies.

The cookies and services used on this website can be found in the privacy policy.

6. Collection of general data and information

The website of OHB Digital Connect GmbH collects a series of general data and information when a data subject or automated system accesses the website. This general data and information is stored in the server log files. The following can be recorded

  • browser types and versions used,
  • the operating system used by the accessing system,
  • the website from which an accessing system reaches our website (so-called referrer),
  • the sub-websites that are accessed via an accessing system on our website,
  • the date and time of access to the website,
  • an Internet Protocol address (IP address),
  • the Internet service provider of the accessing system, and
  • other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

 

When using these general data and information, OHB Digital Connect GmbH does not draw any conclusions about the data subject. Rather, this information is required in order to

  • to deliver the content of our website correctly,
  • optimize the content of our website and the advertising for it,
  • to ensure the long-term functionality of our information technology systems and the technology of our website, and
  • to provide law enforcement authorities with the information necessary for prosecution in the event of a cyber-attack.

 

Therefore, OHB Digital Connect GmbH analyzes anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.

7. SSL or TLS encryption

Our website uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content. You can recognize an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.

8. Contact via the website

The website of OHB Digital Connect GmbH contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by email or via a contact form, the personal data transmitted by the data subject is automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.

9. Routine deletion and blocking of personal data

The controller shall process and store the personal data of the data subject only for the period necessary to achieve the purpose of storage, or as far as this is granted by the European legislator or other legislators in laws or regulations to which the controller is subject to.

If the storage purpose no longer applies or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with the statutory provisions.

10. Rights of the data subject

a. Right to confirmation

Each data subject shall have the right granted by the European legislator to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to avail himself of this right of confirmation, he or she may, at any time, contact the data protection officer.

b. Right to information

Any person affected by the processing of personal data has the right to receive information free of charge at any time from the data controller about the personal data stored about them and a copy of this information

If a data subject wishes to exercise this right to information, they can contact the data protection officer at any time.

c. Right to rectification

Any person affected by the processing of personal data has the right to request the immediate rectification of inaccurate personal data concerning them. Furthermore, the data subject has the right to request the completion of incomplete personal data, including by means of a supplementary declaration, taking into account the purposes of the processing.

If a data subject wishes to exercise this right of rectification, they can contact the data protection officer at any time.

d. Right to erase (right to be forgotten)

Any person affected by the processing of personal data has the right to demand from the controller that the personal data concerning them be deleted immediately, provided that the processing is no longer necessary:

If a data subject wishes to request the erasure of personal data stored by OHB Digital Connect GmbH, he or she may, at any time, contact the Data Protection Officer. The Data Protection Officer of OHB Digital Connect GmbH shall promptly ensure that the erasure request is complied with immediately.

The Data Protection Officer of OHB Digital Connect GmbH will arrange the necessary erasure measures in individual cases in accordance with Article 17(1) of the GDPR, insofar as the processing is no longer necessary.

e. Right to restrict processing

Any person affected by the processing of personal data has the right to obtain from the controller restriction of processing where one of the following applies:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
  • The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

 

If one of the aforementioned conditions is met, and a data wishes subject to request the restriction of the processing of personal data stored by OHB Digital Connect GmbH, he or she may at any time contact the Data Protection Officer. The Data Protection Officer of OHB Digital Connect GmbH will arrange the restriction of the processing.

f. Right to data portability

Any person affected by the processing of personal data has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transmit this data to a third party. Insofar as it is technically feasible and the rights and freedoms of other persons are not affected by this, data may be transferred directly to another controller.

In order to assert the right to data portability, the data subject may at any time contact the Data Protection Officer of OHB Digital Connect GmbH.

g. Right to object

Any person affected by the processing of personal data has the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6(1) GDPR. This also applies to profiling based on these commissions.

OHB Digital Connect GmbH shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.

If OHB Digital Connect GmbH processes personal data for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. This also applies to profiling to the extent that it is related to such direct marketing. If the data subject objects to OHB Digital Connect GmbH to the processing for direct marketing purposes, OHB Digital Connect GmbH will no longer process the personal data for these purposes.

In addition, the data subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by OHB Digital Connect GmbH for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

In order to exercise the right to object, the data subject may directly contact the Data Protection Officer of OHB Digital Connect GmbH.

h. Automated decisions in individual cases including profiling

Any person concerned by the processing of personal data has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

If the data subject wishes to assert rights relating to automated decisions, they can contact the data protection officer at any time.

i. Right to withdraw consent under data protection law

If you have given us your consent to process your personal data in accordance with Section 25 (1) sentence 1 TDDDG, Art. 6 (1) (a) or Art. 9 (2) (a) GDPR, you have the right to withdraw this consent at any time. If the data subject wishes to exercise their right to withdraw consent, they can contact the data protection officer at any time.

j. Right to lodge a complaint with the competent supervisory authority

In the event of violations of the GDPR, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work or place of the alleged violation.

11. Legal basis of the processing

Art. 6 I lit. a GDPR serves our company as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which the data subject is party, the processing is based on Art. 6 I lit. b GDPR. The same applies to such processing operations that are necessary to carry out pre-contractual measures, for example in the case of inquiries about our products or services. If our company is subject to a legal obligation which requires the processing of personal data, such as for the fulfillment of tax or commercial law obligations, the processing is based on Art. 6 I lit. c GDPR.

In rare cases, the processing of personal data may become necessary in order to protect the vital interests of the data subject or another natural person, in which case the processing would be based on Art. 6 I lit. d GDPR.

Ultimately, processing operations could be based on Art. 6 I lit. f GDPR. This legal basis is used for processing operations which are not covered by any of the abovementioned legal grounds, if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. We are permitted to carry out such processing operations in particular because they have been specifically mentioned by the European legislator. In this respect, it took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR).

Where the processing of personal data is based on Article 6 I lit. f GDPR, our legitimate interest is the performance of our business activities for the benefit of the well-being of all our employees and our shareholders.

12. Use of the web analysis service Google Analytics (with anonymization function)

We use Google Analytics on our website, a web analysis service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, Ireland, which enables us to analyze your use of our website.

By default, Google Analytics sets cookies when you visit the website, which are stored as small text modules on your end device and collect certain information. Google uses an add-on to shorten and anonymize the IP address of the data subject's Internet connection if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

Your personal data may be transferred within Google Ireland to the parent organization Google LLC, 1600 Amphitheater Parkway Mountain View, CA 94043, USA. The European Commission has recognized the level of data protection for certain companies from the USA in an adequacy decision (so-called EU-US Data Privacy Framework). Google LLC has self-certified under this framework and is therefore committed to compliance. This self-certification means that the transfer of personal data to the USA is permitted on the basis of the EU-US Data Privacy Framework.

Google uses the information collected on our behalf to evaluate your use of the website, to compile reports on website activity for us and to provide us with other services relating to website activity and internet usage. The abbreviated IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

All processing described above, in particular the setting of cookies on the terminal device used, will only take place if you have given us your express consent to do so in accordance with Art. 6 para. 1 lit. a GDPR.

Without your consent, Google Analytics will not be used during your visit to our website. You can revoke your consent at any time with effect for the future. To exercise your right of withdrawal, please deactivate this service using the “cookie consent tool” provided on the website.

We have concluded an order processing contract with Google, which ensures the protection of the data of our website visitors and prohibits unauthorized disclosure to third parties.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/en/policies/privacy/ and under https://marketingplatform.google.com/about/analytics/terms/us/ .

13. Google Tag Manager

We use Google Tag Manager on our website. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, Google Tag Manager records your IP address, which may also be transmitted to Google's parent company in the USA. Google Tag Manager is used on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (eg device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

We have concluded a data processing agreement with the service provider in accordance with Art. 28 GDPR.

14. Duration for which the personal data is stored

The criterion for the duration of the storage of personal data is the respective statutory retention period. After this period has expired, the corresponding data is routinely deleted, provided that it is no longer required for contract fulfillment or contract initiation.

15. Legal or contractual provisions for the provision of personal data; necessity for the conclusion of the contract; obligation of the data subject to provide the personal data; possible consequences of non-commission

We inform you that the provision of personal data is partly required by law (eg tax or commercial law regulations) or may also result from contractual regulations (eg information on the contractual partner). Sometimes it may be necessary for a contract to be concluded for a data subject to provide us with personal data that must subsequently be processed by us. Before the data subject provides personal data, the data subject must contact one of our employees. Our employee will inform the data subject on a case-by-case basis whether the provision of the personal data is required by law or contract or is necessary for the conclusion of the contract, whether there is an obligation to provide the personal data and what the consequences would be if the personal data were not provided.

16. Automated decision-making

As a responsible company, we do not use automated decision-making or profiling.

17. Social media plugins

We use social media buttons (also known as social media plugins) on our website. These are small buttons that you can use to publish content from our website on social networks under your profile.

If you activate such a button, a connection is established between our website and the relevant social network. In addition to the relevant content, the operator of the social network receives further information, some of which is personal. This includes, for example, the fact that you are currently visiting our site.

The social media buttons are integrated using the so-called Shariff solution. This solution prevents a connection to a social network from being established simply because you access a page with a social media button without activating it. This means that information is only transmitted to the social network when you use the button.

We use the following social media plugins:

a. LinkedIn:

We have a profile on LinkedIn. The provider is LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies. In some cases, information is transmitted to the parent company based in the USA The data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs .

Further information on data protection at LinkedIn can be found in LinkedIn's privacy policy: https://www.linkedin.com/legal/privacy-policy?

b. YouTube

We have a profile on YouTube. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the USA, which is intended to ensure compliance with European data protection standards for data processing in the USA. Details on how they handle your personal data can be found in YouTube's privacy policy: https://policies.google.com/privacy?hl=en .