Privacy Policy

We are pleased that you are visiting our website. Below, we would like to inform you about the processing of your personal data on our website.

Controller

OTE GmbH
Fritz-Reichle-Ring 16/1
78315 Radolfzell am Bodensee
Germany
Phone: +49 7732 302 77 10
Email: info@ote.de

Data Protection Officer

DDSK GmbH
Dr.-Klein-Str. 29
88069 Tettnang
Germany
Phone: +49 7542 94921 00
Email: datenschutz@ote.de

Definitions

The technical terms used in this Privacy Policy shall have the meanings assigned to them in Article 4 GDPR.
The terms “user” and “website visitor” are used synonymously throughout this Privacy Policy.

Recipients of Data

Recipients of data are identified within the relevant sections and headings of this Privacy Policy.

Categories of Data Subjects

The categories of data subjects include website visitors and other users of online services.


General Information on Data Processing on This Website

Automated Data Processing (Log Files, etc.)

Our website can be visited without actively providing personal information. However, each time the website is accessed, we automatically store access data (server log files), such as the name of the internet service provider, the operating system used, the website from which the user accessed our website, the date and duration of the visit, the name of the requested file and, for security purposes, such as detecting attacks on our website, the IP address of the device used for a period of 7 days. This data is not combined with other data sources. We process and use this data for the following purposes: provision of the website, prevention and detection of errors or malfunctions, prevention and detection of misuse of the website.

Categories of Data

Meta and communication data (e.g. IP address, date and time of access, type of HTTP request, website from which access was made (referrer URL), browser used and, where applicable, the operating system of the accessing device (user agent))

Purpose of Processing:

Prevention and detection of errors and malfunctions, detection of misuse of the website

Legal Basis:

Legitimate interest pursuant to Article 6(1)(f) GDPR

Legitimate Interests:

Fraud prevention for the purpose of detecting misuse of the website

Essential Cookies (Functionality, Opt-Out Links, etc.)

To enable the use of the basic functions of our website and to provide the service requested by the user, we use so-called cookies on our website. Cookies are a standard internet technology for storing and retrieving information for website users. Cookies constitute information and/or data that may, for example, be stored on the user’s device. In traditional cookie technology, the user’s browser receives instructions, when accessing a specific website, to store certain information on the user’s device.

Strictly necessary cookies are used to provide a digital service expressly requested by the user, for example:

  • Cookies for error analysis and security purposes
  • Cookies zur Speicherung von Logins
  • Cookies for storing data in online forms where the form extends across multiple pages
  • Cookies for storing language preferences
  • Cookies for storing items placed in a shopping cart in order to complete a purchase
  • Cookies for storing consent or withdrawal preferences (opt-in, opt-out

Some of the cookies used (so-called session cookies) are deleted after the end of the browser session, i.e. when the browser is closed.

Users can delete cookies at a later time in order to remove data that the website has stored on their device.

The data processing described above may also relate to information that is not personal data but nevertheless constitutes information within the meaning of the German Telecommunications Digital Services Data Protection Act (TDDDG). In such cases, this information may be required for the use of a service expressly requested by the user and may therefore be stored pursuant to Section 25 TDDDG.

Opt-Out:

Firefox:
https://support.mozilla.org/de/kb/wie-verhindere-ich-dass-websites-mich-verfolgen

Google Chrome:
https://support.google.com/chrome/answer/95647?hl=de

Microsoft Edge:
https://support.microsoft.com/de-de/microsoft-edge/inprivate-browsen-in-microsoft-edge-cd2c9a48-0bc4-b98e-5e46-ac40c84e27e2

Opera:
https://help.opera.com/en/latest/security-and-privacy/

Safari:
https://support.apple.com/de-de/HT201265

Legal Bases:

Berechtigte Interessen (Art. 6 Abs. 1 lit. f) DSGVO i. V. m. § 25 Abs. 2 Nr. 2 TDDDG), Einwilligung (Art. 6 Abs. 1 lit. a) DSGVO i. V. m. § 25 Abs. 1 TDDDG

Legitimate Interests:

Storage of opt-in preferences, ensuring the functionality of the website, maintaining user status across the entire website

Storage and Processing of Non-Essential Information and Data

Beyond what is strictly necessary, user data may be processed by means of cookies, similar technologies or application-based technologies, for example for the purpose of cross-site tracking or personalised advertising. In this context, data may be transferred to third-party providers. The storage and further processing of user data that is not strictly necessary for providing the digital service is carried out on the basis of consent within the meaning of Article 6(1)(a) GDPR (where applicable in conjunction with Section 25(1) TDDDG).

Consent Management Platforms

We use a consent management process on our website in order to store and manage the consent given by website visitors in a verifiable manner and in accordance with data protection requirements.

The consent management platform we use helps us identify and manage all cookies and tracking technologies based on the user’s consent status. At the same time, visitors to our website can use the integrated consent management service to manage the consents and preferences they have granted (optional cookies and other non-essential technologies) or withdraw their consent at any time via the corresponding button.

The consent status is stored on the server and/or in a cookie (so-called opt-in cookie) or a comparable technology in order to associate the consent with a user or their device. In addition, the time at which consent was granted is recorded.

Categories of Data:

Consent data (consent ID and consent number, time consent was granted, opt-in or opt-out status), meta and communication data (e.g. device information, IP addresses)

Purposes of Processing:

Fulfilment of accountability obligations, consent management

Legal Bases:

Legal obligation (Article 6(1)(c) GDPR in conjunction with Article 7 GDPR)

Manage Consent / Withdrawal

Borlabs

Recipient: BORLABS GmbH, Hamburger Str. 11, 22083 Hamburg, Germany
Transfer to Third Countries: Does not take place.
Privacy Policy: https://de.borlabs.io/datenschutz/

Hosting

Our website is hosted by an external service provider. Data of visitors to our website, in particular log files, are stored on the servers of our service provider. By using a specialised hosting provider, we are able to provide our website efficiently. The hosting provider does not process the data for its own purposes.

Categories of Data:

Usage data (e.g. visited websites, interest in content, access times), meta and communication data (e.g. device information, IP addresses)

Purposes of Processing:

Proper presentation and optimisation of the website, faster and location-independent availability of the website

Legal Bases:

berechtigte Interessen (Art. 6 Abs. 1 lit. f) DSGVO)

Legitimate Interests:

Avoidance of downtime, high scalability, reduction of bounce rates on the website


Website Support and Consulting, Web Agency

We have commissioned a web agency to support and advise us regarding services and applications on our website. The agency assists us with all activities related to the design and functionality of our website. In this context, the selected web agency receives access credentials to our website in order to carry out necessary adjustments and modifications, such as the design of forms or other programming activities.

The web agency also supports us in the administration and management of our social media accounts, our content management system and our accounts with search engine providers.

Access to personal data, such as data submitted through forms or log data of website visitors, cannot be completely excluded. The web agency therefore acts as a processor on our behalf and only processes data in accordance with our instructions. Data is not processed for any other purposes.

Categories of Data:

Usage data (e.g. access times), meta and communication data (e.g. device information, IP addresses), contact data (e.g. email address), content data (e.g. text entries), analytics data from social media accounts (e.g. anonymised statistics)

Purposes of Processing:

Support with web analytics and optimisation, analysis of website usage behaviour (website interactions) for website optimisation and reach measurement, monitoring website utilisation

Legal Bases:

Legitimate interests (Article 6(1)(f) GDPR)

Legitimate Interests:

Support and assistance in website management through specialised expertise, efficiency through outsourcing

Pier 9

Recipient: Pier 9 GmbH & Co. KG, Niemannsweg 69, 24105 Kiel, Germany
Transfer to Third Countries: Does not take place.
Privacy Policy: https://pier9.de/datenschutzerklarung/


Web Analytics and Optimisation

We use procedures on our website to analyse user behaviour and measure reach. For this purpose, information about visitors’ behaviour, interests or demographic characteristics is collected in order to determine whether and where our website requires optimisation or adjustment, for example forms on the website, improved placement of buttons or call-to-action elements.

In addition, we can measure the clicking and scrolling behaviour of website visitors. This helps us identify, among other things, the times at which our website, its functions or its content are used most frequently.

The collection of this data is made possible through the use of certain technologies, such as cookies. These technologies are stored on users’ devices as part of client-side tracking when they visit our website.

We take measures to protect the identity of our website visitors. For the purposes described above, we do not process directly identifiable personal data of website visitors.

Website visitors are assigned an ID (identification number) when visiting our website in order to recognise them during future visits. The IDs and associated information are stored in user profiles. In addition, IP addresses are anonymised and cookie retention periods are reduced.

Categories of Data:

Usage data (e.g. visited websites, interest in content, access times), demographic characteristics (age, gender), meta and communication data (e.g. device information, anonymised IP addresses, location data), contact data (e.g. email address), content data (e.g. text entries)

Purposes of Processing:

Verification of goal achievement and performance monitoring of all online activities, analysis of website usage behaviour (website interactions) for website optimisation and reach measurement, monitoring website utilisation, lead evaluation, revenue growth, budget control

Legal Bases:

Consent (Article 6(1)(a) GDPR), legitimate interests (Article 6(1)(f) GDPR)

Legitimate Interests:

Provision of information about products and services for business customers, ensuring technical functionality, optimisation of the website, reach measurement, prevention of misuse

Google Analytics

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Transfer to Third Countries: Based on the adequacy decision of the European Commission for the United States.
Privacy Policy: https://policies.google.com/privacy?hl=en-US

Content Management System

Web-based application with data transmission to CMS providers through installed plugins

We use a content management system (CMS) to create, organise and present digital content on our website. The application is used via the provider’s servers.

The CMS enables us to create, edit and manage our website and equip it with the necessary functions, such as forms, blogs, images and other digital content. In addition, the website structure created through the CMS helps improve the visibility of our website in search engine results pages (SERPs).

The integrated firewall within the CMS helps protect our website against external attacks and prevents misuse of the website. This is achieved through the additional installation of security plugins within the CMS. A plugin is third-party content that stores, logs and automatically transfers website usage data to the third-party provider. The plugin is used for error analysis and vulnerability detection.

We also ensure that the CMS receives regular updates and patches in order to maintain the security of our website.

Categories of Data:

Usage data (e.g. visited websites, access times), meta and communication data (e.g. device information, anonymised IP address), interaction data (interest in content, etc.)

Purposes of Processing:

Creation, editing and management of website content, storage and archiving of data, creation of landing pages, statistics, reach measurement

Legal Bases:

Consent (Article 6(1)(a) GDPR), legitimate interests (Article 6(1)(f) GDPR)

WordPress

Recipient: Automattic Inc., 60 29th Street #343, San Francisco, CA 94110, United States of America
Transfer to Third Countries: Based on the adequacy decision of the European Commission for the United States.
Privacy Policy: https://automattic.com/de/privacy/


Onlinemarketing

Search Engine Marketing

We use search engine marketing procedures. Search engine marketing includes all measures aimed at improving the visibility of our website in organic and non-organic search engine results, increasing our reach and thereby generating more traffic to our website. In addition, search engine marketing enables us to generate new prospects (leads). For this purpose, the search engine provider sells advertising space to us on search engine results pages or on websites of the search engine provider’s partners.

Advertising may therefore be displayed on various external platforms or websites. Advertisements are shown to users in the form of text, display or video ads.

Using our tracking tool, we first create a campaign for search engine advertising and define various dimensions to be recorded by the selected search engine provider, such as user location, device information and target groups (demographic characteristics). This enables us to gain further insights into interest in our content and products and, where applicable, identify trends.

This process is implemented through the use of a cookie or similar technology. When a visitor accesses our website or searches for a specific keyword within the search engine used (e.g. Google), a cookie or similar technology is stored on the visitor’s device. This data may include user location and device information, which is transmitted to the servers of the search engine provider. The search engine provider aggregates this data and provides it to us in the form of statistical evaluations via a dashboard within our account.

These statistics inform us how often our advertisements were clicked, at what cost and whether our marketing activities resulted in an event (e.g. downloading a PDF or playing a video) or a conversion (e.g. purchasing a product or registering on our website). This evaluation is used to analyse the success of our online activities. Since each click on an advertisement generates costs for us, clicks on external platforms and websites are recorded through our tracking tool. This serves budget monitoring and performance measurement purposes. Individual users cannot be identified on the basis of this information.

Notice:

Data of website visitors (e.g. name and email address) may be directly associated with them if they are logged into their account with the search engine provider. If users do not wish such an association to be made through their profile, they should log out of the search engine provider before visiting our website.

Categories of Data:

User and interaction data (e.g. visited websites, interest in content, access times), meta and communication data (e.g. device information, anonymised IP addresses), where applicable location data, contact data (e.g. email addresses)

Purposes of Processing:

Increasing revenue and reach, conversion tracking, audience creation, identification of trends for the development of marketing strategies

Legal Bases:

Consent (Article 6(1)(a) GDPR), legitimate interests (Article 6(1)(f) GDPR)

Google Ads

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Transfer to Third Countries: Based on the Angemessenheitsbeschlusses der Europäischen Kommission for the United States.
Privacy Policy: https://policies.google.com/privacy?hl=en-US

Social Media Presences

We maintain company profiles on social networks and career platforms in order to increase visibility among potential customers and interested parties and to make our company publicly accessible.

Social networks help us increase our reach and actively promote interaction and communication with users. Activity and communication on social media play an important role in attracting new customers and employees. Through social media and our website, relevant information about our company can be shared, events can be promoted and important announcements and job vacancies can be communicated. In addition, social media enables us to communicate with users quickly and conveniently.

Based on user behaviour, such as interests indicated through likes or shares, social media platform operators create user profiles. These profiles are used to tailor advertising to the interests of target groups. When users are active on social media channels, cookies and other technologies are regularly stored on their devices, in some cases regardless of whether they are registered users of the social network.

Insights (Statistics)

The data analysed by social media platform operators is provided to us in the form of anonymised statistics, meaning that it no longer contains personal data relating to individual users. These statistics allow us, for example, to determine how often and at what times our social media profile is visited. At present, operators of social media pages cannot disable this functionality. We therefore have no influence over the extent to which social media platforms process data.

Social Media Messenger

In connection with our use of social media, we may also use the associated messenger services in order to communicate with users in a simple and convenient manner. The security of individual services may depend on the user’s account settings. Even where end-to-end encryption is used, the social media platform operator may still be able to determine that and when users communicate with us. Location data may also be collected.

Depending on where the social network is operated, user data may be processed outside the European Union or the European Economic Area. This may result in risks for users, as the enforcement of their rights may become more difficult.

Categories of Data:

User names (e.g. first name, surname), contact data (e.g. email address), content data (e.g. text entries, photographs, videos), usage and interaction data (e.g. visited websites, interests, likes, shares, access times), meta and communication data (e.g. device information, IP address, where applicable location data)

Purposes of Processing:

Increasing reach, raising brand awareness, facilitating communication and networking

Legal Bases:

Legitimate interests (Article 6(1)(f) GDPR), consent (Article 6(1)(a) GDPR)

Legitimate Interests:

Interaction and communication through social media presences, increasing business opportunities, gaining insights into target groups

LinkedIn

Recipient: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Legal Basis: Consent (Article 6(1)(a) GDPR)
Transfer to Third Countries: Does not take place.
Privacy Policy: https://www.linkedin.com/legal/privacy-policy

Facebook

Recipient: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Legal Basis: Consent (Article 6(1)(a) GDPR)
Transfer to Third Countries: Does not take place.
Privacy Policy: https://www.facebook.com/privacy/explanation and
https://www.facebook.com/legal/terms/page_controller_addendum

Instagram

Recipient: Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland
Legal Basis: Consent (Article 6(1)(a) GDPR)
Transfer to Third Countries: Does not take place.
Privacy Policy: https://help.instagram.com/519522125107875 and https://www.facebook.com/about/privacy

Plugins and Embedded Third-Party Content

Our website includes functions and elements provided by third parties. These may include videos, visual content, buttons, map services (maps) or posts (hereinafter referred to as “content”). When website visitors access such third-party content (e.g. by clicking or playing content), information and data are collected and linked to the visitor’s device by means of cookies or other technologies (e.g. pixels, JavaScript commands or WebAssembly) and transmitted to the server of the respective third-party provider. The third-party provider thereby receives usage and interaction data relating to the website visitor and provides us with statistical information via a dashboard. The statistics made available to us do not contain any directly identifiable personal data.

Without this processing operation, the loading and display of such third-party content would not be possible.

To protect the personal data of website visitors, we have implemented measures to prevent the automatic transmission of such data to third-party providers. Data is only transmitted when users actively use the respective functions and click on the embedded third-party content.

Categories of Data:

Usage data (e.g. visited websites, interests, access times), meta and communication data (e.g. device information, anonymised IP address)

Purposes of Processing:

Sharing posts and content, interest-based and behaviour-based marketing, statistical analysis, cross-device tracking, increasing reach on social media

Legal Bases:

Consent (Article 6(1)(a) GDPR), legitimate interests (Article 6(1)(f) GDPR)

Google Maps

Recipient: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Transfer to Third Countries: Based on the adequacy decision of the European Commission for the United States.
Privacy Policy: https://policies.google.com/privacy?hl=en-US

Vimeo

Recipient: Vimeo Inc., 555 West 18th Street, New York, NY 10011, USA
Transfer to Third Countries: Based on the adequacy decision of the European Commission for the United States.
Privacy Policy: https://vimeo.com/privacy

YouTube

Recipient: Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA
Transfer to Third Countries: Based on the adequacy decision of the European Commission for the United States.
Privacy Policy: https://policies.google.com/privacy?hl=de&gl=de

Kununu

Recipient: New Work SE, Dammtorstr. 30, 20354 Hamburg, Germany
Legal Basis: Consent (Article 6(1)(a) GDPR)
Transfer to Third Countries: Does not take place.
Privacy Policy: https://privacy.xing.com/de/datenschutzerklaerung


Internal Area and Digital Services

Contact

We provide website visitors with the opportunity to contact us directly or obtain information through various contact options.

If contact is made, we process the data of the enquiring person to the extent necessary for responding to and handling the request. Depending on the communication channel used to contact us, the data processed may vary.

Categories of Data:

Master data (e.g. name, address), contact data (e.g. email address, telephone number), content data (e.g. text entries, photographs, videos), usage data (e.g. interests, access times), meta and communication data (e.g. device information, IP address)

Purposes of Processing:

Handling enquiries

Legal Bases:

Consent (Article 6(1)(a) GDPR), performance of a contract or pre-contractual measures (Article 6(1)(b) GDPR)

Further Mandatory Information on Data Processing

Data Transfers

No transfer of data to a third country or international organisation takes place unless explicitly stated in this Privacy Policy.

Data Processing on Our Behalf

Recipients engaged by us may act as processors on our behalf. We have concluded data processing agreements with these processors in accordance with Article 28(3) GDPR. This means that processors may only process your personal data in accordance with our documented instructions. Processors implement appropriate technical and organisational measures to process your data securely and in compliance with our instructions.

Retention Period

We store visitor data for as long as necessary to provide our services or as required by the European legislator or other legislators through laws or regulations to which we are subject. In all other cases, we delete personal data once the purpose of processing has been fulfilled, except where we are required to retain data in order to comply with legal obligations. For example, we may be required under tax and commercial law retention periods to retain documents such as contracts and invoices for a specified period.

Retention Period for Essential Cookies: 30 Days.

Retention Period for Non-Essential Cookies and Technologies:

Following the expiry of 30 days and upon withdrawal of consent by the data subject.

Legal Bases

The relevant legal bases arise primarily from the GDPR. These are supplemented by national laws of the Member States and may apply together with or in addition to the GDPR.

Consent:

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we have obtained consent for a specific processing purpose.

Performance of a Contract:

Article 6(1)(b) GDPR serves as the legal basis for processing that is necessary for the performance of a contract to which the data subject is a party or for carrying out pre-contractual measures at the request of the data subject.

Legal Obligation:

Article 6(1)(c) GDPR serves as the legal basis for processing that is necessary for compliance with a legal obligation.

Public Interest:

Article 6(1)(e) GDPR serves as the legal basis for processing that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Legitimate Interests:

Article 6(1)(f) GDPR serves as the legal basis for processing that is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring protection of personal data, in particular where the data subject is a child.

Rights of Data Subjects

Art. 6 Abs. 1 lit. f) DSGVO dient als Rechtsgrundlage für Verarbeitung, die zur Wahrung der berechtigten Interessen des Verantwortlichen oder eines Dritten erforderlich sind, so-fern nicht die Interessen oder Grundrechte und Grundfreihei-ten der betroffenen Person, die den Schutz personenbezoge-ner Daten erfordern, überwiegen, insbesondere dann, wenn es sich bei der betroffenen Person um ein Kind handelt.

Rights of Data Subjects

Recht auf Auskunft:

Pursuant to Article 15 GDPR, data subjects have the right to obtain confirmation as to whether we process personal data concerning them. They may request access to such data, the information specified in Article 15(1) GDPR and a copy of their personal data.

Right to Rectification:

Pursuant to Article 16 GDPR, data subjects have the right to request the rectification of inaccurate personal data concerning them or the completion of incomplete personal data processed by us.

Right to Erasure and Restriction of Processing:

Pursuant to Article 17 GDPR, data subjects have the right to request the immediate deletion of personal data concerning them. Alternatively, pursuant to Article 18 GDPR, they may request the restriction of the processing of their personal data.

Right to Data Portability:

Pursuant to Article 20 GDPR, data subjects have the right to receive the personal data they have provided to us and to request its transmission to another controller.

Right to Lodge a Complaint:

Data subjects also have the right to lodge a complaint with the competent supervisory authority in accordance with Article 77 GDPR.

Right to Object:

Where personal data is processed on the basis of legitimate interests pursuant to Article 6(1)(f) GDPR, data subjects have the right, pursuant to Article 21 GDPR, to object to the processing of their personal data on grounds relating to their particular situation or where the objection is directed against direct marketing. In the latter case, data subjects have a general right to object, which we will implement without requiring a specific reason.


Withdrawal of Consent

Certain processing operations are only possible with the explicit consent of the data subject. You may withdraw consent that has already been granted at any time without providing reasons. An informal notification by email to: datenschutz@ote.de is sufficient. The lawfulness of processing carried out prior to the withdrawal remains unaffected by the withdrawal.

External Links

Our website contains links to online services provided by other providers. Please note that we have no influence over the content of linked websites or the compliance of their operators with applicable data protection regulations.

Changes

We reserve the right to amend the information contained in this Privacy Policy at any time in the event of changes and in compliance with applicable data protection regulations in order to ensure that it continues to meet legal data protection requirements.

This Privacy Policy was prepared by
DDSK GmbH
www.ddsk.de