OPED GmbH operates a website with general information. OPED GmbH attaches great importance to the protection of privacy and observes the legal data protection regulations. In the following, we explain how we handle your personal data.

Version 1.3 (Status: 31.10.2022)

Table of contents

1. Responsibilities
2. General data processing on our website
3. Events and webinars
4. Data processing for purchase and orders
5. Processing of your data when visiting our social media sites
6. Data security
7. Data subject rights
8. Information about your right to object according to art. 21 DSGVO
9. Change to our privacy policy

OPED GmbH
Medizinpark 1
83626 Valley/Oberlaindern
Telefon: +49 (0) 8024 / 60818-210
Telefax: +49 (0) 8024 / 60818-299
E-Mail: mail@oped.de

You can reach our external data protection officer at:

c/o activeMind AG
Management- und Technologieberatung
Potsdamer Straße 3
DE-80802 München
E-Mail: datenschutz@oped.de

a) Microsoft Dynamics 365

Nature and purpose of processing:

We use the Microsoft Dynamics 365 CRM system (hereinafter referred to as Microsoft). The provider of these services is Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft collects, collects and analyzes data about the behavior of users of our websites, our newsletter recipients. This data includes, among other things, access to our individual sub-websites and the respective time spent on these pages. In addition, we use the system to manage participants in webinars and other events and to process user requests more quickly and efficiently.

In connection with the processing of Microsoft on our behalf processes personal data arising from the following actions of the user:

• when visiting our website;
• in the context of registration for events;
• in connection with our newsletters.

Further details, in particular on the legal basis and storage period, can be found under the individual processing activities.

Since Microsoft’s headquarters are in the USA, it cannot be ruled out that the data will be processed on Microsoft servers in the USA.

We have concluded an order processing agreement with Microsoft. In addition, we have contractually ensured that the data is hosted by Microsoft on servers located in the European Union. The servers are located in Frankfurt am Main. The EU standard contractual clauses are part of the contract for order processing.

Further data protection information can be found in the Microsoft data protection declaration at https://privacy.microsoft.com/de-DE/privacystatement.

b) Collection of general information when visiting our website.

Nature and purpose of processing:

When you access our website, information of a general nature is automatically collected. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of your Internet service provider, your IP address and the like. In particular, they are processed for the following purposes:

• Ensuring that the website connection is established without any problems
• Ensuring the smooth use of our website
• Evaluation of system security and stability

We do not use your data to draw conclusions about your person. Information of this kind is statistically evaluated by us, if necessary, in order to optimize our website and the technology behind it.

Legal basis:

The processing is carried out in accordance with Art. 6 (1) lit. f DSGVO on the basis of our legitimate interest in improving the stability and functionality of our website.

Recipients:

Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Storage period:

The data is deleted as soon as it is no longer required for the purpose for which it was collected. This is generally the case for data used to provide the website when the respective session has ended.

Provision prescribed or required:

The provision of the aforementioned personal data is not required by law or contract. However, without this data, the service and functionality of our website cannot be guaranteed. In addition, individual services and services may not be available or may be limited.

c) Contact and contact form.

Nature and purpose of processing:

The data you provide will be stored for the purpose of individual communication with you. For this purpose, it is necessary to provide a valid e-mail address, first and last name and the request. This is used for the assignment of the request and the subsequent response to the same. The specification of further data is optional.

Our website contains a contact form that can be used for electronic contact. If you take advantage of this option, the data entered in the input mask will be transmitted to us and stored.

The following data is also stored at the time the message is sent:

• Date and time of the request
• URL from which the request was made
• If applicable, selected country and language

Alternatively, it is possible to contact us via the e-mail address provided. In this case, the user’s personal data transmitted with the e-mail will be stored. This includes the date and time the e-mail was sent, the e-mail address, IP addresses and information about the servers involved in the e-mail communication.

In addition, you can contact us via the telephone number provided. In this case, we collect log data that includes your telephone number and the duration of the call. As a matter of principle, we do not record conversations.

Regardless of the selected communication method, we collect the content of your request.

Legal basis:

The data is processed on the basis of a legitimate interest pursuant to Art 6 (1) lit. f DSGVO to enable you to contact us in an uncomplicated manner. The information you provide will be stored for the purpose of processing the request and for possible follow-up questions.

If you contact us to request an offer, the processing of the communicated data is carried out for the implementation of pre-contractual measures pursuant to Art 6 (1) lit. b DSGVO.

Recipients:

Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Storage period:

Data will be deleted no later than 6 months after the request has been processed.

If a contractual relationship arises, we are subject to the statutory retention periods. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision mandatory or required:

The provision of your personal data is voluntary. However, we can only process your request if you provide us with your name and, if applicable, your e-mail address and the reason for the request.

d) Cookies use.

Fundamental:

A cookie is a small data record that is created when a website is visited and is temporarily stored on the website user’s system. If the server of this website is called up again by the user of the website, the browser of the user of the website sends the previously received cookie back to the server. The server can evaluate the information obtained through this procedure. Cookies can, in particular, make it easier to navigate a website.

Detailed information on the subject of cookies, and which cookies are used on this website, can be found in the cookie settings, which you can access at any time by clicking on an icon at the bottom left of the screen.

Deleting cookies:

You can reject any cookie category, except for technically necessary cookies. To do so, click on the icon at the bottom left of your web browser and make the desired settings in the cookie settings.

You can also delete individual cookies or the entire cookie inventory via your browser settings. In addition, you will receive information and instructions on how to delete these cookies or block their storage in advance. Depending on the provider of your browser, you will find the necessary information under the following links:

• Mozilla Firefox: https://support.mozilla.org/kb/clear-cookies-and-site-data-firefox
• Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
• Google Chrome: https://support.google.com/accounts/answer/61416
• Opera: http://www.opera.com/help
• Safari: https://support.apple.com/guide/safari/sfri11471/mac

Additionally, you can prevent loading of so-called scripts by default. NoScript allows JavaScript, Java, and other plug-ins to run only on trusted domains of your choice. For information and instructions on how to edit this feature, contact your browser vendor (e.g. for Mozilla Firefox: https://addons.mozilla.org/de/firefox/addon/noscript/).

a) Webinars via ClickMeeting

Purpose, legal basis and legitimate intrest:

To conduct the live webinars, we use the webinar solution of the video conferencing tool ClickMeeeting (ClickMeeting Spółka z ograniczoną odpowiedzialnością located at ul. Arkońska 6/A4, 80-387 Gdańsk, Poland).

An encrypted connection is established between you and ClickMeeting. The audio or visual information transmitted during this session is recorded by us for quality control purposes. Statistical data is collected during and after the webinar. A pseudonymous use is possible in principle. Further information on encryption technology can be found here.

A detailed list of the categories of data collected and processed by ClickMeeeting, as well as the respective exact purpose of the processing, can be found at https://knowledge.clickmeeting.com/de/privacy-security/.

As a follow-up to a webinar, we will send you a one-time email along with a reference to our services containing the most important information from the webinar.

Legal basis:

The personal data provided during registration is processed exclusively for the purpose of conducting the webinar. The legal basis for this is, in the case of free webinars, Art. 6 para. 1 p. 1 lit. f) DSGVO, in the practical and user-friendly implementation of the webinar, including a good user experience for the purpose of external presentation of the company.

If you have given us your consent (Art. 6 para. 1 lit. a DSGVO), your data will additionally be used to send you regular offers from our product range by e-mail.

Recipients:

Recipients are technical service providers for the implementation of the webinar within the framework of order processing. In the case of the ClickMeeting solution, ClickMeeting Sp. z o.o., Arkonska 6/A4, 80-387 Gdansk, Poland.

Third Country Transfer:

Due to the use of Microsoft Dynamics 365 to provide the registration form, processing in the USA cannot be excluded.

Storage period:

Data is collected by us only in the context of the respective live session. The recording enabled by the system via ClickMeeting is prevented for all participants. Registration data is deleted after the end of its purpose. This usually takes place after a maximum storage period of six months in our system.

Provision mandatory or required:

The provision of your personal data is voluntary. We can only offer the webinar if we can carry out the associated processing.

Objection and revocation of consent:

Objection: Please read the information about your right to object according to Art. 21 DSGVO below.

Withdrawal of consent: You can revoke your consent to the storage of your personal data and its use for advertising purposes at any time. You will find a link to this effect in every e-mail. In addition, the revocation can be made via the other contact options provided on the website.

b) Application/registration for events

Nature and purpose of processing:

We offer you the possibility to register for events of OPED GmbH by providing personal data.

Legal basis:

We process the data provided by you on the basis of Art. 6 para. 1 sentence 1 lit. b) in order to register you for participation in the desired event and to inform you about any changes regarding time and place of the event.

Recipients:

Recipients of the data may be technical service providers who act as order processors for the operation and maintenance of our website.

Third Country Transfer:

Due to the use of Microsoft Dynamics 365 to provide the registration form, processing in the USA cannot be ruled out.

Storage period:

Data is deleted in compliance with the statutory retention periods, related to business letters after six years, related to invoicing after ten years.

Provision mandatory or required:

The provision of your personal data is voluntary. However, you can only participate in the events if you provide the relevant data.

a) Bestellportal

Nature and purpose of the processing:

We process the data provided by you in the context of the order for the execution or processing of your order. This also includes the return or exchange and the complaint of articles.

Your personal data will only be used to the extent necessary for the processing of this order and the delivery of the requested products and services.

In addition, order and payment data collected for the above purpose will also be used, under certain conditions and restrictions, to detect fraud and theft in connection with online sales and to comply with applicable laws (e.g. requirements under tax laws and statutory accounting).

Legal basis:

The processing of data required for the conclusion of the contract or required by law is based on Art. 6 (1) lit. b and c DSGVO.

The processing of your personal data to detect fraud and theft is based on our legitimate interest (pursuant to Art. 6 (1) lit f DSGVO) as a company.

Recipients:

Recipients of the data may be technical service providers who act as processors for the operation and maintenance of our website or, for example, when making your payment to us.

With regard to the transfer of data to recipients outside our company, it should first be noted that we only pass on necessary personal data in compliance with the applicable data protection regulations.

In order to fulfill the contract, we will pass on your name and address to shipping and logistics service providers commissioned with the delivery, insofar as this is necessary for the delivery of ordered goods.

Depending on the payment method you select in the ordering process, we pass on the payment data collected for this purpose to the credit institution commissioned with the payment and, if applicable, to payment service providers commissioned by us or to the payment service selected by you in the ordering process.

Other recipients of your personal data are, for example, public bodies and institutions (e.g. tax authorities, law enforcement agencies) in the event of a legal or official obligation, tax advisors, business and payroll tax/operations auditors (legal audit mandate).

Storage period:

We store this data in our systems until the statutory retention periods have expired. These are generally 6 or 10 years for reasons of proper accounting and tax law requirements.

Provision prescribed or required:

The provision of your personal data is contractually required in order to be able to carry out the order from you. Without the provision of your personal data, we cannot execute the order.

a) Facebook and Instagram

We use the technical platform and services of Meta Platforms Ireland Ltd, 4 Grand Canal Square, Dublin 2, Ireland.

The use of the Facebook/Instagram page and its functions is your own responsibility. This applies in particular to the interactive functions (for example, commenting, sharing, liking). Meta Platforms Ireland Ltd. processes personal data about your account, your IP address as well as about the end devices you use; cookies are used for data collection. These are small files that are stored on your end devices.

In this way, Meta Platforms Ireland Ltd. can track that you have visited this site and how you have used it. In case you want to avoid this, you should log out of Facebook/Instagram or deactivate the “stay logged in” function, delete the cookies present on your device and exit and restart your browser. This will allow you to use our pages without revealing your Facebook/Instagram identifier.

When you access interactive features of the site (like, comment, share, message, etc.), a login screen will appear. After any login, you will again be recognizable to Facebook/Instagram as a specific user. Alternatively, you can use a different browser than usual to visit our Facebook/Instagram page.

Meta Platforms Ireland Ltd. describes in general terms what information it receives and how it is used in its data use policy.

There you will also find information about contact options, the opt-out options and the settings options for advertisements.

The complete data policies of Facebook can be found here: https://de-de.facebook.com/privacy/policy/

The complete data guidelines of Instagram can be found here: https://help.instagram.com/519522125107875

The information may be used by Meta Platforms Ireland Ltd. to provide us, as operators of the Facebook/Instagram pages, with statistical information such as gender and age distribution about the use of the Facebook/Instagram page. In addition, Facebook may show you further information or advertisements according to your preferences.

Facebook provides more detailed information on this at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

When you access a Facebook/Instagram page, the IP address assigned to your terminal device is transmitted to Meta Platforms Ireland Ltd. According to Meta Platforms Ireland Ltd., this IP address is anonymized and deleted after 90 days.

Meta Platforms Ireland Ltd. also stores information about the end devices of its users (for example, as part of the “login notification” function); if necessary, Meta Platforms Ireland Ltd. is thus able to assign IP addresses to individual users.

If you visit one of our presences in social media, you trigger a processing of your personal data during such a visit. In this case, we are jointly responsible with the operator of the respective social network for the data processing operations within the meaning of Art. 26 DSGVO, provided that we actually make a joint decision with the operator of the social network about the data processing and we also have an influence on the data processing.

As far as possible, we have entered into joint responsibility agreements with the operators of the social networks in accordance with Art. 26 DSGVO, in particular Facebook’s Page Controller Addendum.

This agreement, from which the mutual obligations arise, can be accessed at the following link: https://www.facebook.com/legal/controller_addendum

We ask you to note that despite the joint responsibility under Art. 26 DSGVO with the operators of social networks, we do not have full influence on the data processing of the individual social networks.

We cannot rule out the possibility that third-country transfers, e.g. to servers located in the USA, may take place when our company appearances are called up on these social networks.

The processing of the data is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.

b) YouTube

We are also represented on YouTube. YouTube is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”)).

We cannot exclude the possibility that a third country transfer, e.g. to servers located in the USA, may occur when you access our YouTube channel. Your visit to our website may thus be tracked by YouTube.

By using YouTube, your personal data is collected, transmitted, stored, disclosed and used by Google. Google analyzes your user behavior and, regardless of whether you have a Google account, creates a corresponding usage profile. Based on this data, content or advertising can be tailored to you.

Further information regarding the collection and use of data as well as your rights and protection options can be found at https://policies.google.com/technologies/product-privacy?hl=en  and https://policies.google.com/privacy?hl=de&gl=en. The processing of the data is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO.

c) LinkedIn

OPED GmbH maintains a corporate presence on LinkedIn. This is located on a platform operated by LinkedIn Unlimited Company, Wilton Place, Dublin 2, Ireland.

On our site, we provide information and offer users the opportunity to communicate. The company site is used for job applications and information/PR.

When you visit, follow, or engage with our LinkedIn company page, LinkedIn processes personal data to provide us with anonymized statistics and insights. This provides us with insights into the types of actions visitors take on our site (so-called page insights). LinkedIn processes in particular such data that you have already provided to LinkedIn via the information in your profile. In addition, LinkedIn will process information about how you interact with our LinkedIn company page, e.g. whether you are a follower of our LinkedIn company page. Personal data is not transmitted to us by LinkedIn. It is also not possible for us to draw conclusions about individual members via the information of the page insights.

This processing of personal data in the context of Page Insights is carried out by LinkedIn and us as joint controllers. We have reached an agreement with LinkedIn on processing as joint controllers, which specifies the distribution of data protection obligations between us and LinkedIn. The agreement is available at the following link: legal.linkedin.com/pages-joint-controller-addendum Under this agreement, LinkedIn is responsible for responding to data subject requests. To do so, you have the option of contacting LinkedIn online or reaching LinkedIn using the contact information in the Privacy Policy:

https://www.linkedin.com/help/linkedin/ask/PPQ?lang=en
The processing of the data is based on your consent pursuant to Art. 6 para. 1 p. 1 lit. a DSGVO, which you have given to LinkedIn as part of your registration.

For more information on data processing by LinkedIn, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv.

d) Xing

XING is a social network operated by XING SE, which is headquartered in Hamburg. Here, members can primarily manage their professional, but also private contacts and make new contacts. Organizations can set up a page with a logo and short profile, post news and initiate discussion groups.

A personal profile with administrator rights must be assigned to the company profile. Dialog in groups can only be done via the personal profile of a natural person.

To use the network functions you have to be registered as a user. There is a free basic version and a paid version with additional functions. In contrast to other social networks, XING is based more on a combination of personal and electronic contact, and is less commercial and less visual. The focus is on professional exchange on specialist topics with people who have the same professional interests. In addition, XING is frequently used by companies and other organizations for recruiting personnel and presenting themselves as attractive employers. For this purpose, XING is linked to the employer rating platform kununu.

The processing of the data is based on your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO, which you have given to LinkedIn as part of your registration.

XING provides further information at: https://corporate.xing.com/de/unternehmen/.

You can read the current information on data protection at https://privacy.xing.com/de/datenschutzerklaerung.

We only handle personal data to the extent that this is possible in accordance with data protection regulations. In doing so, we also strive to take all necessary technical and organizational security measures to adequately protect your personal data from unauthorized access and misuse at all times.

Your data will only be passed on to service providers (order processors) if it is necessary for the fulfillment of our contractual tasks. All service providers are obliged to treat your data confidentially on the basis of an order processing agreement.

Insofar as we store or process personal data, this is done within a secure data center. To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Our servers are secured by means of firewall and virus protection. Back-up and recovery procedures as well as role and authorization concepts are a matter of course for us.

Our employees are obliged to observe the regulations of the DSGVO and the BDSG when handling data.

You can exercise the following rights at any time using the contact details provided:

• Information about your data stored by us and its processing (Art. 15 DSGVO).
• Correction of incorrect personal data (Art. 16 DSGVO)
• Deletion of your data stored by us (Art. 17 DSGVO)
• Restriction of data processing if we are not yet allowed to delete your data due to legal obligations (Art. 18 DSGVO)
• Objection to the processing of your data by us (Art. 21 DSGVO)
• Data portability, provided that you have consented to the data processing or have concluded a contract with us (Art. 20 DSGVO).

If you have given us consent, you can revoke it at any time with effect for the future.

You may at any time lodge a complaint with a supervisory authority, e.g. the competent supervisory authority in the federal state of your residence or the authority responsible for us as the controller.

A list of supervisory authorities (for the non-public sector) with address can be found at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to object on a case-by-case basis

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data relating to you which is carried out on the basis of Art. 6(1)(f) DSGVO (data processing on the basis of a balance of interests); this also applies to profiling based on this provision within the meaning of Art. 4 No. 4 DSGVO.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

Recipients of an objection

The objection can be made informally with the subject “Objection” stating your name, address and date of birth and should be addressed to:

OPED GmbH
Medizinpark 1
83626 Valley/Oberlaindern
E-Mail: mail@oped.de

We reserve the right to adapt this data protection declaration so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new privacy policy will then apply to your next visit.