Data Privacy Policy

With this data privacy policy, Ramp 106 GmbH (hereinafter we or us) provides detailed information on the scope and extent to which your personal data (hereinafter also referred to as “data”) is handled when visiting https://omr.com using our services.

Furthermore, this data privacy policy shall inform you on the right available to you. Data privacy is a matter we take very seriously and we act in compliance with the applicable data protection regulations, especially with the EU General Data Privacy Regulation (GDPR) and the Federal Data Protection Act of Germany (BDSG). Our website and services are not intended for persons under the age of 16.

Should you not understand terms used in this data privacy policy, please refer to the section “Help with data protection terms,”where we provide detailed explanations of some of the most frequently used terms. For questions regard our privacy policy, you may also contact us via the following contact information.

Responsible for processing data:

Ramp 106 GmbH, Lagerstr.36, 20357 Hamburg, Germany, Tel. +49 40 209310869, info@omr.com

Data protection officer:

Dr. Nils Haag

datenschutz@omr.com

  1. Data processing within the scope of your visit to our websiteWhen you visit our website, there are certain pieces of personal information we are required to process. This is solely done for the purposes and to the extent described below. We shall only pass on your data to third parties in the manner subsequently described.
  2. Provision of our website and services ⁠In order to provide you with our website and services, we automatically collect and process the following data from you:
    • Date and time of your access
    • The referral website, from which you visited our site
    • The pages you visit on our website
    • Information about your Internet browser (browser type and version)
    • the operating system of the device with which you access our website and service
    • Your Internet Service Provider
    For security reasons, this information is stored in log files, which do not contain your IP address, and are then deleted after 30 days. The data in the log files is stored separately from your other data. A longer storage is only necessary in individual cases (e. g. in case of concrete suspicion of abuse or fraud). In these cases, the respective log files are stored until the facts of the case have been clarified and subsequent necessary measures have been completed.   To provide our website and its services, we use service providers who process your data exclusively on our behalf. They do so in accordance with our instructions and have taken suitable technical and organizational measures to protect your rights, as stated in this data protection declaration (so-called contract processors according to Article 28 of the GDPR. These include:
    • for website hosting, including the necessary services therein:
    • Google Ireland Limited Gordon House Barrow Street Dublin 4 Ireland
    The legal basis for processing your data to provide our website and services is Article 6 paragraph 1 sentence 1 letter f, of the GDPR. We have a legitimate interest in processing your data so that we can provide our website and its services in a technically flawless manner, securely and optimized for your needs. The data in the server log files is stored separately from other data.
  3. The Use of Cookies and Other Similar Technologies ⁠When you visit our website, we also collect and use your information, so that you can more conveniently use our website and services, as well as to measure and improve the effectiveness of our marketing activities. To this end, we also employ so-called cookies and other technologies similar to cookies, such as pixel tags (i.e. small, transparent graphics, also called web beacons). Cookies are small text files that are stored on your device via your internet browser. You can find out more about the term, how cookies work and other data protection and technical terms below under “Help with data protection terms”.You have the option of deactivating the use of cookies from Google Analytics by clicking on a tool provided by Google here: http://tools.google.com/dlpage/gaoptout?hl=de.Furthermore, you may deactivate the use of all non-essential cookiesin your browser settings. Without the use of cookies, however, some functions of this website may not function in the manner intended or may not provided the usual convenience.⁠To provide this website we use the following cookies:

    Cookie Duration

    Provider

    _ga

    2 Years

    Google Analytics

    _gid

    24 Hours

    Google Analytics

    _gat

    1 Minute

    Google Analytics

    AMP_TOKEN

    30 Seconds to 1 Year

    Google Analytics

    _gac_<property-id>

    90 Days

    Google Analytics

    __utma

    2 Years from Set/Update

    Google Analytics

    __utmt

    10 Minutes

    Google Analytics

    __utmb

    30 Minutes from Set/Update

    Google Analytics

    __utmc

    End of the Browser Session

    Google Analytics

    __utmz

    6 Months from Set/Update

    Google Analytics

    __utmv

    2 Years from Set/Update

    Google Analytics

    nid

    6 Months

    Google Maps

    pref

    2 Years

    Google Maps

    khcookie

    End of the Browser Session

    Google Maps

    Pop-up Cookie, Consent Cookie

    99 Years

    Cookie Layer

    woocommerce_cart_hash

    End of the Browser Session

    WooCommerce

    woocommerce_items_in_cart

    End of the Browser Session

    WooCommerce

    wp_woocommerce_session

    End of the Browser Session

    WooCommerce

    You can find out more about the use of cookies in this data protection declaration in the sections related to the use of cookies. Furthermore, you will also find additional information on the websites http://www.meine-cookies.org/and http://www.youronlinechoices.comregarding cookies and the individual providers, and may object to usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/.
  4. Contact us (especially regarding the use of contact forms)You have the possibility to contact us in different ways. This includes contacting us using the forms on our website and by e-mail. Depending on the content of your message, the data processing that takes place within the scope of contacting us may serve different purposes. In general, we store and process the data provided to deal with the issue you submitted. Your data is also stored and processed in a customer management system.Only should your contact serve to directly establish a contractual relationship between us shall another matter apply. In these cases, we base the processing of your data on Article 6(1), first sentence, point (b) of the GDPR.After contacting us, your stored data will be deleted as soon as it is no longer required and it is not subject to any legal storage obligations. At a minimum, we conduct annual checks regarding the necessity of such storage is necessary.
  5. The Use of Our Newsletter
  6. On our website you can subscribe to a free newsletter including advertisements if you have expressly consented to its receipt. To prevent fraudulent use, you will first receive an e-mail with a confirmation link which you must activate to receive the actual newsletter (so-called double opt-in procedure).

    When you register for the newsletter, your e-mail address, your IP address and the date and time of your registration will be transmitted to us and stored and processed by us. Your data will only be used to prove your consent to receive and dispatching of the newsletter. You data is not transferred to third parties.

    The legal basis for processing your data is Article 6 paragraph 1 sentence 1 letter f, of the GDPR. We have a legitimate interest in processing your data so that we can inform you about interesting offers and information and prove your agreement to receive the newsletter.

    If we send you the newsletter regularly your data will be stored. If we no longer send you a newsletter, we will delete your data no later than 12 months after the last newsletter was sent to you.

    Please note that you can unsubscribe at any time by sending an email to newsletter@omr.comor by clicking on the unsubscribe link included in each newsletter.

  7. Use of your email address

    If you purchase a good or service, we use your email address to send you advertisements for similar services or items, unless you have objected to such use. If you have not done so, please note, that you can object at any time by emailing us at newsletter@omr.com or by clicking the unsubscribe link found in every email. This will not incur any costs besides transmission costs according to basic rates.

    Attending the Digital HR Summit requires registration. Data of participants, namely first name, last name, email address, company, company size and position, will be transmitted to the organizing companies to enable further exchange during and after the event. The use of this data is limited to the processing of the ticket order, the processing of the event and communication before and after the event. In the case of an application for a masterclass, side event, or the Digital HR Summit, first name, last name, company, position and, in case of the Digital HR Summit, company size of the applicant are additionally transmitted to the respective speaker of the masterclass or the organizer of the side event for the purpose of selection and contact. Further information can be found in our privacy policy. ⁠ ⁠MailChimp/Mandrill

    To send out our newsletter we use the services MailChimp and Mandrill from The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA, who has processed your data exclusively on our behalf and in accordance with our instructions (so-called contract processor according to Article 28 of the GDPR and has taken the appropriate technical and organizational measures to protect your rights. You may find the services privacy policy here: https://mailchimp.com/legal/privacy/.

    Your data will be processed in and transferred to the USA that means a third country outside the European Union (EU) or the European Economic Area (EEA). There is no adequate decision of the EU Commission for this country guaranteeing a level of data protection compliant with the European standard. To effectively protect your data, the transmission and processing is carried out based on the so-called EU-US Privacy Shield, under which the provider is registered. Further information can be found here: https://www.privacyshield.gov/welcome

    This service provider helps us to determine on a pseudonymized basis how many recipients have opened our newsletters and the links they contain by integrating pixel tags into the newsletters. Within the scope of this retrieval, technical information, such as information about the browser and your system, as well as your IP address and time of retrieval are initially collected. This information is used for the technical improvement of services based on the technical data or the target groups and their reading behavior based on their retrieval locations (which can be determined using the IP address) or access times. The legal basis for this is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in analyzing the opening behavior of our newsletters in order to optimize our services and operate them economically. If you do not agree, do not open our newsletter and do not click on the links contained therein. According to its own information, the shipping service provider can use this data in pseudonymized form, i.e. without assignment to a user, to optimize or improve its own services, e.g. for technical optimization of shipping and presentation or for statistical purposes to determine the recipients’ countries of origin.

  8. The Use of Anti-Spam Service ⁠In several areas on our website, we carry out a Spam scan, which is aimed to protect us from unwanted, automated input by third parties and the corresponding Spam created. To this end, you shall be requested to enter a series of letters or numbers in a field (so-called captchas). In connection herewith, your IP address will be processed. ⁠ ⁠To this end we use the “reCAPTCHA” service  (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In the process, your IP address and required data will be transferred to Google. . Further information on the applicable privacy policy can be found here: http://www.google.com/policies/privacy/. ⁠ ⁠The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in effectively preventing Spam, as a manual removal of Spam content would incur a high degree of effort and costs. If you do not consent to this, you will not be permitted to use the comment function.

  9. Integration of external content ⁠We have included third party content in some places on our website. These include videos, map services, images and fonts. In connection with the integration of this content, it is technically necessary that the providing third parties are informed of your IP address so that the content can be displayed to you. We do not store your IP address for the integration of external content. Third-party providers may use your IP address, the use of cookies and other technologies (e.g. pixel tags, i.e. invisible graphics) to track your surfing behavior and, in addition to your IP address, process other technical information (including browser type/version, operating system used, the page you have previously visited, the host name of the accessing device and the time and other information about the use of our online offering). ⁠ ⁠The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in optimizing our website and improving our services by embedding content from third-party providers. ⁠ ⁠A more detailed description of whose content is embedded and how your data is processed is given below in the respective description of the embedded content:

  10. Registration and Use of a User Account and Payment Processing ⁠You have the option of creating and using an account, which, for example, can be used to purchase tickets, book events or purchase reports. Upon registering, we may receive (via Google, Facebook, eMail, LinkedIn or Xing) the follow data from you:
    • Personal data: first name, last name, birthday, eMail, telephone number
    • Interests
    • Company data: company name, email, homepage, telephone number, address, company type, area of activity, number of employees, career level
    • Link to Facebook, LinkedIn, Google or XING
    ⁠When you decide to purchase one of our products, we will also process your name, your address, contact information, as well as contract and payment information (e.g. bank account)  you provide in order to complete the payment process. The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter b, of the GDPR. This information shall be transferred to third-party financial service providers, as well as to authorities and consultants within the legally permissible scope) for the purpose of executing the payment process. ⁠Additional data shall be used for the following purposes: ⁠
    • Recommendations on relevant content and events from OMR and OMR partners on the basis of interests provided
    • Contact by other members and OMR partners
    • Publication in participant lists and profiles
    • Dispatching of newsletters regarding OMR Events and Products
    • Creation of a personalized event experience (suggestion of speakers, exhibitors, Side Events, Masterclasses, jobs, etc … )
    ⁠The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in providing the above-mentioned services. ⁠You may delete your user account, including the data contained therein, at any time. The data saved within the scope of your registration and use of your user account, as well as the payment information provided, shall be deleted within 14 days of informing us of your desire to delete your user account. Excluded from this is data that must be retained for commercial or tax-related purposes. The legal basis for saving your data is article 6, paragraph 1, sentence 1, letter c, of the GDPR; we delete this data upon expiration of the legal retention period. ⁠
  11. Purchase of Tickets and data processing at eventsFor our events, you have the option of purchasing tickets. We only receive the following information, which we solely use for the duration and execution of the respective event: ⁠Form of address, title, first name, last name, company, company size, position, email, career level, telephone number, sector, country, specific food preferences, billing address ⁠When you apply to attend a (Digital) Masterclass (at our Festival), we provide speakers and presenters, as detailed in the General Terms and Conditions, with the information you provided regarding first and last name, company and position for the purpose of selecting attendees to the event in question. For the purposes of exchange and contact after the Masterclass, the presenting company shall receive the first and last name, email address, company and position for every participant of the respective Masterclass. ⁠The legal basis for processing your data to provide our website and services is article 6, paragraph 1, sentence 1, letter f, of the GDPR.At the OMR Festival, you have the option of having your badge scanned by exhibitors their booth to provide them with your personal data so that the respective exhibitor or represented sub-exhibitor may contact you. In this case, the following data will be passed on to the exhibitor (or sub-exhibitor): first name, last name, email address, company, country, job level, company field, company size, company type and position. Data shall be transferred with the express purpose of facilitating contact and exchange at the OMR Festival (article. 6 paragraph. 1 sentence. 1 letter. f GDPR). Should you not consent to this, please inform the respective contact person at the booth. ⁠At our events, images and videos shall be created, which may be published in print, digital or online, as well as on our social media channels. This data processed is necessary for the purposes of the legitimate interests of public relations work pursued by the event organizer (Art. 6 paragraph. 1 sentence. 1 letter. f GDPR). Should you not consent to this, please inform the respective photographer in concrete situations. ⁠The data entered in connection with executing the event shall be deleted within 365 days of the conclusion of the event. Excluded from this is data that must be retained for commercial or tax-related purposes. The legal basis for saving your data is article 6, paragraph 1, sentence 1, letter c, of the GDPR; we shall delete this data upon expiration of the legal retention period. ⁠To allow for communication during and after the event, organizing companies receive data from participants* registered for the Digital HR Summit event, namely first name, last name, email address, company, company size and position. The data is processed based on Sect. 6 subs. 1 cl. 1 lit. b) GDPR. ⁠Please note, that in case of an organizing company from the US, data may be transferred to a third party in a non-EU country. In this case, data is transferred based on the Adequacy Decision (EU-US Data Privacy Framework). If a company is not licensed within the framework, we conclude EU standard contractual clauses for safeguarding. ⁠If you received an invitation to our event via one of our partners, this was based on a corresponding request by our partner. For this purpose, your data (your name, your company, your gender and your e-mail address) was transmitted to us for the purpose of issuing a ticket. We store this data in our OMR-Manager in order to issue the tickets, manage the invitations and send them out. Our partners have access to the OMR-Manager and can see which of their invited visitors have redeemed the ticket, accredited themselves and subsequently visited the festival. The access of the partners is limited to the data of the persons invited by them. The processing of your data provided to us is based on Article 6 paragraph 1 sentence 1 letter f) GDPR and serves the organization of the festival. Should you object to this processing or wish to exercise further rights under the GDPR, you will find the relevant information under point “VI Your rights” of this privacy notice.
  12. Use of Web Analytics ServicesWhen you visit our website, we automatically collect and process data to track the behavior of visitors, so that we can optimize our website and adapt it accordingly to user interests. ⁠The legal basis for the processing of your data is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate interest in conducting web analysis on an anonymized basis to better understand our users, to optimize our website accordingly and to determine whether the Internet advertising we place achieves the results we desire. You can object to the use of these services by opting-out. However, please note, that you may not be able to use all functions of our website. ⁠Google Analytics (with anonymization function) On this website we use the web analysis service Google Analytics (with anonymization function) of Google Inc, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, USA. The purpose of the Google Analytics component is to analyze the use of our website by visitors. Google as our contract processor, provides us with reports according to Article 28 of the GDPR. With the reports we can display and evaluate the activities on our website. ⁠A Google Analytics cookie is stored on the device you visit our website with. By accessing individual pages of this website, the Google Analytics component automatically transfers the Internet browsers data on your device to Google for online analysis. As part of this technical process, Google receives information about your personal data, information about the browser type/version, operating system used, the page you have previously visited, the host name of the accessing device, IP address and the time of the request, which Google uses, among other things, to trace the origin of visitors and clicks. However, this data is not merged with any other data about you. In addition, we use the function whereby Google automatically shortens the IP address of your Internet connection and thus makes it anonymous when you access our website from a member state of the European Union or from another signatory state to the Agreement on the European Economic Area. If, in exceptional cases, data is processed outside the EEA, where there is no data protection level that meets the European standard, this is done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA ⁠You can object to the use of cookies by configuring your Internet browser so that generally cookies are not stored or you may click here. ⁠Alternatively, you can use the browser add-on, which you can download and install here: https://tools.google.com/dlpage/gaoptout ⁠The installation of the browser add-on is contradictory. If your device is erased, formatted, or reinstalled at a later date, you must reinstall the browser add-on. ⁠Further information and Google’s current privacy policy can be found at https://www.google.de/intl/de/policies/privacy/  and http://www.google.com/analytics/terms/de.html Google Analytics will be explained in more detail via the following link: https://www.google.com/intl/de_en/analytics/ ⁠We have configured Google Analytics in such a way that the data on which the reports are based on is deleted within 26 months. ⁠AlbacrossWe inform you regarding the processing of personal data on behalf of Albacross Nordic AB (“Albacross”). ⁠Information collected from cookies set in your device that qualify as personal data will be processed by Albacross, a company offering lead identification and ad targeting services with offices in Stockholm and Krakow. Please see below for full contact details.The purpose for the processing of the personal data is that it enables Albacross to improve a service rendered to us and our website (e.g “Lead Generation” service), by adding data to their database about companies. The Albacross database will in addition to “Lead Generation” be used for targeted advertising purposes towards companies and for this purpose data will be transferred to third party data service providers. For the purpose of clarity, targeted advertising regards companies, not towards individuals.The data that is collected and used by Albacross to achieve this purpose is information about the IP-address from which you visited our website, and technical information that enables Albacross to tell apart different visitors from the same IP-address. Albacross stores the domain from form input in order to correlate the IP-address with your employer.For the full information about our processing of personal data, please see Albacross’ Privacy Policy. Albacross Nordic AB Companyreg. no 556942-7338 Kungsgatan 26 111 35 Stockholm, Sweden www.albacross.com
  13. Use of Marketing Services ⁠We collect and process data on our website to be able to show you more suitable advertising on this and other websites (remarketing/re-targeting) and to measure the success of our advertising campaigns. We work together with providers who help us to understand whether users can reach us via certain advertising measures (so-called conversion tracking). In this context, pseudonymous user profiles are created. The legal basis for the processing of your data is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We have a legitimate economic interest in presenting advertisements of interest on our website and in measuring the success of placed advertisements. ⁠You can object to the use of these services by opting-out. However, please note, that you may not be able to use all functions of our website. ⁠ ⁠a) Google Marketing ServicesOn these websites we use marketing services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. ⁠The services used include: ⁠AdWords: The use of the Google service AdWords allows us a conversion tracking, i.e. it can be determined whether you have reached our website via a Google ad. Based on that we are not able to identify you. Only statistics are created. ⁠Double-Klick: The use of the Google Double-Click service allows us to present relevant advertisements to the user. Cookies are used to identify the user’s browser. In this way it can be traced what displays were shown to the user and what displays he opened. ⁠AdSense: Using the AdSense Google service allows us to display third-party ads on our pages. Cookies and pixel tags are used to evaluate visitorbehavior and to be able to display ads that are as relevant to your interests as possible. ⁠Google Re-Marketing: The use of Google’s Re-Marketing function allows us to display interest-based advertisements to the user within the Google advertising network that refer to content that the user has previously accessed on our website. This can also be done across devices. ⁠Google Tag Manager: Using the Google Tag Manager service only allows us to integrate the listed services by implementing the other cookies/tags. ⁠Firebase: Using the Google Firebase service allows us to analyze user groups and display push messages in which only anonymous data is transmitted to Firebase. Here you can get further information: https://www.firebase.com/terms/privacy-policy.html ⁠Google uses cookies and cookie-like technologies such as pixel tags (i.e. small transparent graphics, also called web beacons) and processes personal data about you, information about browser type/version, operating system used, the page you previously visited, the host name of the accessing device, IP address and the time of the request as well as offers, search terms and content in which you were interested. This data is transmitted to Google. User profiles are created on a pseudonymized basis. This means we cannot identify you based on that. For more information, please visit https://policies.google.com/technologies/types ⁠The cookies are automatically deleted after 30 days. You can object or adapt the use to meet advertisement interest here: https://www.google.com/ads/preferences/?hl=en ⁠If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA ⁠For more information and Google’s current privacy policy, visit https://policies.google.com/privacy the functionality of the Google marketing services is explained in more detail via the following link: https://policies.google.com/technologies/ads ⁠ ⁠b) Facebook PixelOn this website we use the so-called “Facebook pixel” of the provider Facebook (for EU: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland; International: Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA). This is a small, invisible pixel that connects to Facebook servers when you visit our website. Personal data such as the IP address and other information such as browser type/version, operating system used, the page you have previously visited, the host name of the accessing device, IP address and the time of the request can also be transmitted. This makes it possible for Facebook to identify the users of our website and to display targeted advertising to those users who are interested in our website. We can also use the Facebook pixel to see if our Facebook ads are effective.If data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAOYou can find Facebook’s privacy policy here: https://www.facebook.com/policy.php. You can object to the collection by the Facebook pixel and use of your data here: https://www.facebook.com/settings?tab=ads.
  14. The Use Of Social Plugins ⁠On our website we use so-called “social plugins” of various social networks (hereinafter: “plugin providers”). A social network is an internet-based social meeting point that enables users to communicate with each other and interact in a virtual space. The legal basis for the processing of your data is article 6, paragraph 1, sentence 1, letter f, of the GDPR. We are interested in providing the most convenient and optimized offer on our website and to operate economically by integrating social plugins and the analyses that are thus possible at the same time. ⁠After activating the plugin, a direct connection to the system of the respective social plugin provider is established via your Internet browser. The content of the social plugin is then transmitted directly to your Internet browser and integrated into our website. At the same time the social plugin transmits the information to the respective social plugin provider that you have called the corresponding page of our Internet presence. This applies regardless of whether you have created a profile with the social plugin provider or logged in or then actively use a social plugin (e. g. by clicking the “I like” button or by making a comment). ⁠With the active use of a social plugin, the corresponding information is transmitted directly from your Internet browser to the respective social plugin provider and stored there. As soon as you are logged in at the same time at one of the social plugin providers, they can assign your visit to our website to your account created there. We have no influence on the type and extent of the data collected and transmitted. Details on the scope and purpose of data collection, processing and use can be found in the data protection information of the social plug-in providers. There you can see your rights and setting options to protect your privacy. ⁠If you do not agree to a social plugin provider assigning the data collected through our website to your account, we would ask you to log out of your account with the respective social plugin provider before activating the social plugin. If you do not want the social plugin providers to receive, save and use data at all, please do not use or click on the respective social plugins. ⁠ ⁠a) FacebookThe social plugins of the social network Facebook are operated by Facebook Inc, 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com ), and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (www.facebook.de ) (“Facebook”). An overview of Facebook’s plug-ins can be found here: http://developers.facebook.com/docs/plugins ; information on data protection on Facebook can be found here: www.facebook.com/policy.phpIf data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAOIf you would like to object to the data collection by Facebook in the future, you can do this here: https://www.facebook.com/settings?tab=ads ⁠ ⁠b) InstagramInstagram plug-ins are operated by Instagram LLC, 1601 Willow Road, Menlo Park, CA 94025, USA (“Instagram”). An overview of Instagram plug-ins can be found here: http://blog.instagram.com/post/36222022872/introducing-instagram-badges; information on data protection at Instagram can be found here: https://help.instagram.com/155833707900388/ ⁠ ⁠c) LinkedInLinkedIn social plug-ins are operated by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. Information on data protection on Twitter can be found here https://www.linkedin.com/legal/privacy-policy.If data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAOIf you wish to object to the collection of data via LinkedIn in the future, you can set an opt-out cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out ⁠ ⁠d) TwitterTwitter social plug-ins are operated by Twitter Inc, 1355 Market St, Suite 900, San Francisco, CA 94103, USA (“Twitter”). An overview of Twitter plugins can be found here: https://twitter.com/about/resources/buttons; information on data protection on Twitter can be found here: https://twitter.com/en/privacy.If data is processed outside the EEA, where no data protection level according to the European standard exists, the EU-US Privacy Shield shall apply: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAOIf you wish to object to the collection of data via Twitter in the future, you can set an opt-out cookie here: https://twitter.com/personalization ⁠ ⁠e) XingXing plug-ins are operated by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany (“Xing“). Information on data protection on Twitter can be found here: https://www.xing.com/app/share?op=data_protection.
  15. The Use of Website Features (quizzes, checks, etc.)There are several places on our website where you have the option of using several services, including quizzes and checks. Generally speaking, we will not collect or process personal data to this end. The data collected within this scope is solely used to execute the feature in question and is not combined with additional personal data that we have received from you. If there are individual instances where it is possible to allocate the data to a specific person, then the legal basis for processing your data is Article 6 paragraph 1 sentence 1 letter f, of the GDPR. Our interest lies in the desire to provide said features in order to increase the attractiveness of our website. The data entered is not transferred to third parties. ⁠The data collected within the scope of the use of said features are deleted as soon as they are no longer required or you have discontinued the use of said feature. The IP address saved within the scope of the use of said feature is automatically deleted after 7 days.
  16. Participation in GiveawaysOn our website, you have the option of participating in a giveaway.Upon participating in a giveaway, the data requested by us (first name, email address) shall be transferred to us, saved and processed by us, as is the date and time of your participation. This data shall solely be used for the execution of the giveaway and not transferred to third parties.The legal basis for processing your data for the purposes of giveaways is your consent in accordance with article 6, paragraph 1, sentence 1, letter a, of the GDPR.Your data will only be stored for the duration of the giveaway. Then your data will be deleted within 7 days.
  17. Additional Recipients of Your DataWe also use service providers (cloud providers, providers of accounting and comparable services, payment service providers) who process your personal data exclusively on our behalf in accordance with article 28 of the GDPR and in accordance with our instructions and who have taken appropriate technical and organizational measures to protect your rights. This especially applies to:
    • No agency – Web design agency from Hamburg, Germany, Karpfangerstrasse 17, 20459 Hamburg (within the framework of providing maintainence to our website).
    Where data is transferred outside the EEA, where no standard comparable to the European data protection level exists, this shall be done based on appropriate guarantees in accordance with Articles 44 to 49 of the GDPR.
  18. Data Processing within the Scope of Our Online PresencesIn addition to the website, we are also represented on online platforms and social networks. If you visit these websites and communicate with us via them, the terms and conditions and data protection guidelines (see below) as well as this data protection declaration apply. In this respect, we may be jointly responsible with the provider under data protection law. ⁠Your data can be processed for analysis and advertising purposes. This is done, for example, by creating usage profiles based on your usage behavior and the resulting interests. Cookies are usually used to store the user profiles, which make it possible to analyze your usage behavior and your interests. As a rule, the user profiles serve to enable advertisements to be placed with the respective provider or elsewhere on the Internet that correspond to your interests. Furthermore, other data may be stored in addition to the user profiles, especially if you are a registered user of the platform of the respective provider and you are logged in at the time. For a detailed description of the processing of the respective providers and the possibilities of objection (opt-out), we refer to the information of the providers linked below. ⁠If you visit us online and communicate via our platform, the legal basis for processing your data for the purposes of giveaways is your consent in accordance with article 6, paragraph 1, sentence 1, letter a, of the GDPR, provided you have granted this consent. Otherwise, data processing and communicating with us is based on legitimate interests in accordance with article 6, paragraph 1, sentence 1, letter f, of the GDPR. In this respect, we are interested in providing the most informative, customized and appealing online appearance possible. ⁠We will delete your data (the content matter of our communication) as soon as it is no longer required for the respective purpose and as far as we are able to do so. Under “Your rights” (see below) you will find information regarding the rights you have regarding this matter. As providers are only able to access to your data partially, you should ensure that you also assert your rights with respect to these providers.If you communicate with us via such platforms or networks, we process the data in your messages and posts, depending on their content and purposes of the communication, on the basis of either article 6, paragraph 1, sentence 1, letter b, of the GDPR or article 1, paragraph 1, sentence 1, letter f, of the GDPR. We use your data in order to be able to communicate with you. ⁠Your data will be erased as soon as they are no longer necessary for the respective purpose, provided that the respective platform or network allows this. ⁠Facebook Facebook (Facebook Inc. , 1601 S. California Ave, Palo Alto, CA 94304, USA (www.facebook.com ) and Facebook Ireland Limited, Hanover Reach, 5-7 Hanover Quay, Dublin 2, Ireland (www.facebook.de) ) enables us to receive your anonymized data on so-called fan pages using the Facebook Insight function, which is available as an irrevocable part of the user relationship. This data is collected using cookies, each of which contain a unique user code. The user code can be linked to your Facebook login information if you are registered on Facebook and is collected and processed when you visit the fan page. Information on data protection on Facebook can be found here https://www.facebook.com/about/privacy/ ⁠If you would like to object to the data collection by Facebook for the future, you can do so here: https://www.facebook.com/settings?tab=adsIf data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC. ⁠Google Information on data protection at Google (Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA) can be found here: https://policies. google. com/privacy. If you wish to object to the future collection of data by Google, you can do so here: http://www.google.com/ads/preferences. If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt000000001L5AA ⁠Instagram Information on data protection at Instagram (Instagram LLC., 1601 Willow Road, Menlo Park, CA 94025, USA) and an opportunity to object can be found here: http://instagram.com/about/legal/privacy/ ⁠LinkedIn Privacy Policy of LinkedIn (LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland) can be found here: https://www.linkedin.com/legal/privacy-policy. If you wish to object to the collection of data by LinkedIn in the future, you can set an opt-out cookie here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out. If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done based on the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000L0UZAA0 ⁠Twitter Information on data protection on Twitter (Twitter Inc. , 1355 Market St, Suite 900, San Francisco, CA 94103, USA) can be found here: https://twitter.com/en/privacy. If you wish to object to the collection of data via Twitter in the future, you can set an opt-out cookie here: https://twitter.com/personalization. If data is processed outside the EEA, where no data protection level according to the European standard exists, this is done on the basis of the EU-US Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO ⁠Xing Information on data protection on Xing (Xing AG, Dammtorstraße 29-32, 20354 Hamburg, Germany) can be found here: https://www.xing.com/app/share?op=data_protection.

III. Data Processing within the Scope of Applications

If you send us data about yourself as part of an application (your name, contact details, CV, cover letter, references, etc.), we will store and process these exclusively for the duration of the application process and to carry out the application procedure. The legal basis for this is Article 6, paragraph 1, sentence 1, letter b, of the GDPR. After completion of the application process your data will be securely deleted. We do not transfer this data to third parties. Only those persons who need to know internally during the application process or employment relationship are made aware of this.

Please note that we do not require any information about race, ethnic origin, gender, religion or creed, disability, age or sexual identity, illness, pregnancy, political opinion, philosophical or religious beliefs, union membership, physical or mental health or sex life in your application.

  1. Routine deletion and blocking of data We store your data only for the period necessary to achieve the storage purpose or if this is specified by the European Directive and Ordinance Giver or another legislator in laws or regulations to which we are subject. In this respect, Germany is subject in particular to an obligation to retain data for six years in accordance with Section 257 (1) of the German Commercial Code (in particular commercial books, inventories, opening balance sheets, annual financial statements, commercial letters, accounting documents) and for ten years in accordance with Section 147 (1) of the German Tax Code (in particular books, records, management reports, accounting documents, commercial and business letters, documents relevant to taxation). If the storage purpose no longer applies or if a legally prescribed storage period expires, your personal data will be blocked or deleted routinely and in accordance with legal regulations. Please also note the specific information on individual storage and deletion periods in this data protection declaration.
  2. Your Rights ⁠As a data subject (Article 4, no. 1, of the GDPR) you have numerous rights with respect to us, of which we would like to inform you. Details can also be found in Articles 15 to 21 of the GDPR and Sections 32 to 37 Federal Data Protection Act (in the version applicable from 25 May 2018).

    To assert your rights, please contact the following office: E-Mail: info@omr.com

  3. Right to information ⁠You have the right to obtain information from us as to whether and which data we process about you. This also includes information on how long and for what purpose we process the data, where they come from and to which recipients or categories of recipients we pass them on to. In addition, we can provide you with a copy of this data.

  4. The right to correction ⁠You have the right that we immediately correct any information about you that is incorrect or no longer applicable. You may also request that your incomplete personal data be completed. If this is required by law, we will also inform third parties about this correction if we have passed on your data to them.

  5. Right to cancellation (“right to be forgotten”) ⁠You have the right to ask us for deletion of your personal data immediately if one of the following reasons applies:

    • Your data is no longer necessary for the purposes it was collected or otherwise processed, or the purpose has been achieved;
    • You revoke your consent and there is no other legal basis for processing;
    • You object to the processing and there are no overriding legitimate reasons for processing; in the case of the use of personal data for direct marketing, a sole objection on your part to the processing is sufficient;
    • Your personal data has been processed unlawfully;
    • The deletion of your personal data is necessary to fulfill a legal obligation under Union law or the law of the Member States to which we are subject.

    ⁠Please note that your right to cancellation may be restricted by law. These include the restrictions listed in Article 17 of the GDPR and § 35 Federal Data Protection Act of the Republic of Germany (in the version applicable from 25 May 2018).

  6. Right to limitation of processing (blocking) ⁠You have the right to request a restriction of the processes of your personal data if one of the following conditions is met:

    • You deny the accuracy of your personal data for a period that enables us to verify the accuracy of the personal data;
    • The processing is unlawful, and you refuse to delete the personal data and instead request that the use of your personal data be restricted;
    • We no longer need your personal data for the purposes of processing, but you do need it to assert, exercise or defend legal claims;
    • You have filed an objection against the processing if it is not yet clear whether our justified reasons outweigh yours.
    • If you have obtained a restriction on processing as set out above, we will notify you before the restriction is lifted.
  7. Right of Revocation for Consent You can revoke your consent given to us at any time with effect for the future. This revocation can take place in the form of an informal message to the above-mentioned contact addresses. This also applies to consents that you have given us before the validity of the GDPR (i.e. before 25 May 2018). If you revoke your consent, the legality of the data processing carried out up to then will not be affected. As a rule, the consequence of a revocation is that you can no longer use our service, in the context of which we have asked you for your consent or can no longer use it in full.
  8. Right to Data Transferability You have the right to receive personal data that concerns you and that you have provided to us in a structured, common and machine-readable format and to transmit this data to others. For details and restrictions, see Article 20 of the GDPR. Exercising this right does not affect your right to cancellation.
  9. The Right to Appeal to the Supervisory Authority If you believe that the processing of your data by us violates applicable data protection law, you have the right of complaint to one of the competent supervisory authorities, i.e. the Hamburg Commissioner for Data Protection and Freedom of Information or the respective supervisory authority in the member state of your place of residence, your workplace or the place of presumed data protection violation.
  10. Right to Objection under Article 21 of the GDPR Article 21 of the GDPR gives you the right to object to the processing of your data at any time for reasons arising from your situation, if we base this processing on legitimate interests in accordance with article 6, paragraph 1, sentence 1, letter f, of the GDPR. If you object, we will no longer process your personal data, except in two cases:
    • We can prove compelling grounds for processing that outweigh your interests, rights and freedoms;
    • Processing serves to assert, exercise or defend legal claims.
    Even if we process your personal data for direct advertising (e.g. in the context of our newsletter), you have the right to object at any time to the processing of your data for such advertising. If you object to the processing of your data for direct marketing purposes, we will no longer use your personal data for this purpose.
  11. Help with data protection termsIn this privacy policy, we use some terms which have also been used by the legislator in the EU General Data Protection Regulation (GDPR). Since it is important to us that you understand this data protection declaration, we will explain some important terms in alphabetical order below: ⁠Browser: This is a program for displaying websites on the Internet, for example Mozilla Firefox or Google Chrome. ⁠Consent: This is any informed and unequivocal statement of intent, made voluntarily by the data subject in the specific case, in the form of a statement or other clear affirmative act by which the data subject indicates their consent to the processing of personal data concerning themselves. ⁠Cookies: These are small text files that contain a characteristic character string (cookie ID) and are stored on your device (e. g. smartphone or computer) via an Internet browser if you do not prevent this via technical settings. Cookies enable the visited Internet pages and servers to distinguish your individual browser from other Internet browsers. An Internet browser can therefore be recognized and identified by its unique cookie ID. This makes it easier for you to use our website, as you only need to enter certain data once, for example. If possible, we use cookies that are deleted when you close your browser (so-called session cookies). In addition, we also use cookies that are stored on your computer for a longer period (so-called persistent cookies). In addition to the option of configuring your browser so that it does not accept cookies, you can delete cookies already set at any time via an Internet browser or other programs. Please note, however, that the non-use of cookies may result in not all functions of our website or services being fully usable. ⁠Data controller or controller:these are natural or legal persons, authorities, institutions or other bodies which alone or together with others decide on the purposes and means of processing personal data. ⁠Data subject:This is any identified or identifiable natural person whose personal data are processed by the controller. ⁠Restriction of processing:This is a marking of stored personal data in such a way that its future processing (for example with a view to certain processing purposes) is restricted. ⁠Recipient: This is a natural or legal person, authority, institution or other body to which personal data is disclosed, regardless of whether it is a third party or not. ⁠IP address: This is an address assigned to your device (e. g. smartphone or computer) on the Internet so that your device can be addressed and reached there. ⁠Pixel tags (web beacons):These are small, usually invisible graphics that are integrated into websites and other services for statistical analysis, usually for marketing purposes. ⁠Personal data:This is all information relating to an identified or identifiable natural person (also called “data subject”). Identifiable is a natural person who can be identified directly or indirectly, by assignment to an identifier such as a name, an identification number, location data, an online identifier or one or more special characteristics that express the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person. ⁠Profiling: This is a type of automated processing of personal data, which consists in the use of this personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to the work performance, economic situation, health, personal preferences, interests, reliability, behavior, whereabouts or relocation of this natural person. ⁠Pseudonymization: This is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the need for further information. This is particularly the case if the additional information is kept separately and technical and organizational measures have been taken to ensure that the assignment to an identified or identifiable natural person is no longer possible with reasonable effort. ⁠Processing: This means any operation carried out with or without the aid of automated procedures or any such series of operations in connection with personal data such as the collection, organization, arrangement, storage, adaptation or modification, reading, retrieval, use, disclosure by transmission, dissemination or any other form of provision, reconciliation or linking, restriction, deletion or destruction. ⁠Processor: This is a natural or legal person, authority, institution or other body that processes personal data on behalf of a data controller. ⁠Third party: This is a natural or legal person, authority, institution or other body (other than the data subject), the data controller, the processor and the persons authorized to process the personal data under the direct responsibility of the data controller or the processor.

VII. Security

We use technical and organizational security measures to protect your personal data against misuse, loss, destruction or against access by unauthorized persons. Our security measures correspond to the current state of the art.

VIII. Validity and changes of the data protection declaration

This data protection declaration is currently valid and dated 24. 05. 2018. Due to the further development of our website or the implementation of new technologies, it may become necessary to change this data protection declaration. We reserve the right to make appropriate changes at any time

IX. Your questions about data protection

If you have any questions about this privacy statement or your rights, please contact: info@omr.com