Privacy policy

Our handling of your data and your rights – information according to Art. 13, 14 and 21 of the General Data Protection Regulation (GDPR)

 

- dated August 2018

This privacy policy applies to the collection, processing and use of your personal data when using our website www.oortwijn.de. For legal and/or organizational reasons, changes or adjustments to our privacy policy may be necessary from time to time. Please refer to the current version of our privacy policy in this regard.

In the following, we would like to inform you about who we are, which personal data we collect, process and use for which purpose (hereinafter only referred to as “process”) and which rights you are entitled to in this context.

You can find general information at I. General information, details about the processing of personal data under II.Processing of personal data and information about your rights under III. Your rights.


I. General information

Personal data is all data that can be personally related to the user, such as his name, postal address or e-mail address, but also the IP address assigned to him.

  1. Person responsible for data processing

    The person responsible for the processing your personal data is:

    Oortwijn Interim Management & Consulting GmbH (hereinafter referred to as “we” or “Oortwijn”), Pillauer Weg 11, 41564 Kaarst, Germany, registered in the Commercial Register of the District Court of Neuss, Gemany, under HRB 14831, represented by the Managing Director Harm Hendrik Oortwijn, phone +49 151 240 117 27, fax: +49 2131 66 138 92, e-mail: info[at]oortwijn.com.

  2. Which data do we process from which sources?

    We process personal data that you provide to us voluntarily or that is collected while you are using our website.

    For further information, please refer to Section II - Processing of personal data.

  3. For what purpose do we process your data and on what legal basis?

    We process your personal data in accordance with the relevant regulations on data protection, in particular the GDPR and the German Federal Data Protection Act (BDSG), for various purposes.

    In principle, the purposes of processing are: Processing for the fulfillment of contractual obligations (Art. 6 para. 1 lit. b GDPR), for the protection of legitimate interests (Art. 6 para. 1 lit. f GDPR), based on your consent (Art. 6 para. 1 lit. a GDPR) and/or based on legal requirements (Art. 6 para. 1 lit. c GDPR).

    For further information, please refer to Section II - Processing of personal data.

  4. Who will receive my data?

    Service providers commissioned by us and acting on our behalf (so-called processors, cf. Art. 4 No. 8 GDPR) may receive personal data. We use the following processors or categories of processors:

    frommo visuelle medien
    Lars Frommo
    Wilhelmstr. 40
    42781 Haan, Germany

    Phone: 02129 55888-0
    e-Mail: mail[at]frommo.com

    We will not pass on your data to third parties who process personal data under their own responsibility (so-called responsible parties, cf. Art. 4 No. 7 GDPR) without your consent.

  5. Data retention

    We process your personal data only as long as it is necessary to fulfill the respective processing purpose. In addition, we are subject to various retention and documentation obligations, which result, among other things, from the German Commercial Code (HGB) or the German Tax Code (AO). This can be up to 10 years. Finally, the storage period is also assessed according to the statutory limitation periods which can be up to thirty years, for example, according to Sections 195 et seq. of the German Civil Code (BGB), with the regular limitation period being three years.

  6. Safety

    We put technical and organizational security measures in place to protect the data made available by you against accidental or intentional manipulation, loss, destruction or access by unauthorized persons. In the case of collection and processing of personal data, the information is transmitted in encrypted form to prevent misuse of the data by third parties. Our security measures are continuously updated according to the technological development. For security reasons and to protect the transmission of confidential content that you send to us as the site operator, our website uses SSL or TLS encryption. This means that data that you transmit via this website cannot be read by third parties. You can recognize an encrypted connection by the “https://” address line of your browser and the lock symbol in the browser line.


II. Processing of personal data

  1. Automatic collection of access data/server log files

    When you visit our websites, the following data is automatically stored in detail about each retrieval, whereby storage of this data together with other personal data of the user does not take place:

    • Access logs of the web servers record which page requests have taken place at what time. They include the following data: IP, directory protection user, date, time, accessed pages, logs, status code, data volume, referer, user agent, accessed hostname.
      1. The IP addresses are stored anonymously. This is done by removing the last three digits, i.e., 127.0.0.1 becomes 127.0.0.*.
      2. The anonymized IP addresses are retained for 60 days.
    • Error logs, which record erroneous page views, are deleted after seven days. In addition to the error messages, they contain the accessing IP address and, depending on the error, the accessed website.
      1. Data processing is based on Art. 6 para. 1 lit. f GDPR. The purpose of data processing and our legitimate interest is to facilitate the administration of our website and the ability to detect and track hacking. The evaluation of the information is anonymized.

    The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case when the respective session is finished.

  2. Use of cookies

    Our website uses cookies. These are small text files that your web browser stores on your end device. Cookies serve to make our offer more user-friendly, effective and secure. The cookies can be transmitted to a page when it is called up and thus enable the user to be assigned. We process the following personal data or categories of data through the use of cookies:

    • IP address
    • Name of your internet service provider
    • Referrer URL (website from which you visit us)

    The processing of personal data as a result of the use of cookies is based on Article 6 (1) lit. f GDPR. The purpose of the data processing and our legitimate interest lie in the increased functionality of our website.

    The cookies that we use are deleted after the end of the browser session, meaning after you close your browser (so-called session cookies). You can set up your browser in a way that you will be informed when cookies are set and that you can decide individually about accepting them or accepting cookies only in specific cases or exclude them in general. You can delete cookies that have already been set. In case you do not accept cookies, the functionality of our website may be restricted.

  3. Contact form and your contact by e-mail

    On our website you have the possibility to contact us via a contact form. Alternatively, it is possible to contact us via the e-mail address provided.

    The personal data collected consists of the data requested in the form (e.g., first name, last name, your contact details), the date and time of the request and any other personal data entered by you in the “Your message” field.

    If you contact us by e-mail, the personal data collected will include your e-mail address, the date and time your e-mail was sent, and any other personal data that may result from the text of the e-mail.

    The processing is based on Article 6 (1) lit. f GDPR. The purpose of the data processing and our legitimate interest lie in customer care and in being able to answer the messages sent to us.


III. Your rights

  1. Information, correction, deletion, restriction of processing, data portability

    All data subjects have the right of access to information under Article 15 of the GDPR, the right to rectification under Article 16 of the GDPR, the right to erasure under Article 17 of the GDPR, the right to restriction of processing under Article 18 of the GDPR and the right to data portability under Article 20 of the GDPR.

    To exercise the aforementioned rights, you can contact the office mentioned in section I. General information under 1.

  2. Revocation of consent

    If you have given us consent to process your personal data, you can revoke this consent at any time. The lawfulness of the processing carried out based on the consent until revocation remains unaffected.

    To exercise your right of revocation, you can contact the office mentioned in section I. General information under 1.

  3. Right of complaint to the supervisory authority

    According to Article 77 (1) of the GDPR, you have the right to file a complaint with the supervisory authority if you think that the processing of your personal data is not carried out lawfully, in particular violates the GDPR. The address of the supervisory authority responsible for Oortwijn is:

    State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia, Kavalleriestr. 2-4, 40213 Düsseldorf, Germany, phone: +49 211/ 38424 -0, fax: +49 211 / 38424- 10, e-Mail: poststelle[at]ldi.nrw.de.

  4. Right of objection according to Art. 21 of the General Data Protection Regulation (GDPR)

    Information about your right of objection according to Art. 21 of the General Data Protection Regulation (GDPR)

    You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out based on Article 6(1)(f) of the GDPR (data processing based on a balance of interests); this also applies to any profiling based on this provision within the meaning of Article 4(4) of the GDPR.

    In the event of your objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

    The objection can be made without any formal requirements and should preferably be addressed to the office mentioned in section I. General information under 1.