Privacy

In the following, we will inform you about the type, scope and purpose of the processing of personal data by our company in accordance with the legal requirements of data protection law (in particular according to BDSG n.F. and the European General Data Protection Regulation “GDPR”). This data protection declaration also applies to our websites and social media profiles. With regard to the definition of terms such as “personal data” or “processing”, we refer to Art. 4 GDPR.

Name and contact details of the person responsible

Our responsible (hereinafter “responsible”) i.S.d. Art. 4 no. 7 GDPR is:

OriBon
Wohlwillstrasse, 16
20359 Hamburg
Germany

Represented by: Koichiro Isogai
VAT Id number according to Sec. 27 a German Value Added Tax Act:
DE300765974

Phone: +49 179 3997764‬
Email: info@oribon.de

Types of data, purposes of processing and categories of data subjects

Below we inform you about the type, scope and purpose of the collection, processing and use of personal data.

1. Types of data we process

Usage data (access times, visited websites etc.), inventory data (name, address etc.), contact details (telephone number, email, fax etc.), payment data (bank data, account data, payment history etc.), contract data (object of the contract, term etc.), communication data (IP address etc.),

2. Purposes of processing according to Art. 13 Para. 1 c) GDPR

Processing contracts, optimizing the website technically and economically, enabling easy access to the website, fulfilling contractual obligations, contacting legal complaints by third parties, fulfilling legal retention requirements, optimizing and statistical evaluation of our services, improving the user experience, making the website user-friendly, creating statistics, websites provide with functions and content, security measures, uninterrupted, secure operation of our website,

3. Categories of data subjects according to Art. 13 Para. 1 e) GDPR

Visitors/users of the website, customers,
The data subjects are collectively referred to as “users”.

Legal basis for the processing of personal data

Below we inform you about the legal basis for the processing of personal data:

  1. If we have obtained your consent for the processing of personal data, Art. 6 para. 1 sentence 1 lit. a) GDPR legal basis.
  2. If processing is necessary to fulfill a contract or to carry out pre-contractual measures that take place at your request, Art. 6 para. 1 sentence 1 lit. b) GDPR is legal basis.
  3. If processing is necessary to fulfill a legal obligation to which we are subjected (e.g. statutory retention requirements), Art. 6 Para. 1 S. 1 lit. c) GDPR legal basis.
  4. If processing is necessary to protect the vital interests of the data subjected or another natural person, Art. 6 para. 1 sentence 1 lit. d) GDPR legal basis.
  5. If processing is necessary to safeguard our or the legitimate interests of a third party and your interests or fundamental rights and freedoms do not outweigh this, Art. 6 para. 1 sentence 1 lit. f) GDPR legal basis.

Disclosure of personal data to third parties and processors

We will never pass on any data to third parties without your consent. If this is the case, then the transfer takes place on the basis of the aforementioned legal basis, e.g. when data is passed on to online payment providers for the purpose of fulfilling the contract or on the basis of a court order or due to a legal obligation to disclose the data for the purposes of law enforcement, to avert danger or to enforce intellectual property rights.
We also use processors (external service providers, e.g. for web hosting of our websites and databases) to process your data. If data is passed on to the processor in the context of an order processing agreement, this is always done in accordance with Art. 28 GDPR. We carefully select our processors, check them regularly and have given us the right to issue instructions regarding the data. In addition, the processors must have taken appropriate technical and organizational measures and the data protection regulations in accordance with BDSG n.F. and comply with GDPR.

Data transfer to third countries

The adoption of the European General Data Protection Regulation (GDPR) created a uniform basis for data protection in Europe. Your data is therefore mainly processed by companies for which GDPR applies. If processing by third parties takes place outside the European Union or the European Economic Area, they must meet the special requirements of Art. 44 ff. GDPR. This means that the processing takes place on the basis of special guarantees, such as the officially recognized determination of a data protection level corresponding to the EU or the observance of officially recognized special contractual obligations, the so-called “standard contractual clauses”. For US companies, submission to the so-called “Privacy Shield”, the data protection agreement between the EU and the USA, meets these requirements.

Deletion of data and storage period

Unless expressly stated in this data protection declaration, your personal data will be deleted or blocked as soon as the purpose for the storage ceases to exist, unless their further storage is necessary for evidence purposes or if this is contrary to statutory retention obligations. This includes, for example, commercial law retention requirements for business letters in accordance with Section 257 (1) HGB (6 years) and tax retention requirements in accordance with Section 147 (1) AO for documents (10 years). If the prescribed retention period expires, your data will be blocked or deleted, unless the storage is still necessary for the conclusion of a contract or for the fulfillment of the contract.

Existing automated decision making

We do not use automatic decision making or profiling.

Provision of our website and creation of log files

  1. If you only use our website for informational purposes (i.e. no registration and no other transmission of information), we only collect the personal data that your browser transmits to our server. If you would like to view our website, we collect the following data:
    • IP address;
    • Internet service provider of the user;
    • Date and time of access;
    • Browser type;
    • Language and browser version;
    • Content of request;
    • Time zone;
    • Access status / HTTP status code;
    • Amount of data;
    • Websites from which the request comes;
    • operating system.
    This data is not stored together with other personal data from you.
  2. These data serve the purpose of the user-friendly, functional and secure delivery of our website to you with functions and content as well as their optimization and statistical evaluation.
  3. The legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1 lit. f) GDPR.
  4. For security reasons, we save this data in server log files for a storage period of 70 days. After this period, these are automatically deleted, unless we need to keep them for evidence purposes in the event of attacks on the server infrastructure or other legal violations.

Cookies

  1. We use so-called cookies when you visit our website. Cookies are small text files that your internet browser stores and stores on your computer. When you visit our website again, these cookies provide information in order to automatically recognize you. The information obtained in this way serves the purpose of optimizing our web offers technically and economically and enabling you to access our website more easily and securely. When you visit our website, we will inform you by means of a reference to our data protection declaration about the use of cookies for the aforementioned purposes and how you can object to them or prevent their storage (“opt-out”). Our website uses session cookies, persistent cookies and third-party cookies:

    Session-Cookies: We use so-called cookies to recognize multiple uses of an offer by the same user (e.g. if you have logged in to determine your login status). If you call up our page again, these cookies provide information in order to automatically recognize you. The information obtained in this way is used to optimize our offers and to make it easier for you to access our website. If you close the browser or log out, the session cookies are deleted.

    Persistent Cookies: These are automatically deleted after a specified period, which may differ depending on the cookie. You can delete the cookies at any time in the security settings of your browser.

    Third-Party-Cookies: According to your wishes, you can configure your browser settings and e.g. B. Refuse to accept third party cookies or all cookies. However, we would like to point out that you may not be able to use all functions of this website. Read more about these cookies in the respective data protection declarations of the third-party providers.
  2. The legal basis for this processing is Art. 6 Para. 1 S. lit. b) GDPR, if the cookies for contract initiation e.g. placed with orders and otherwise we have a legitimate interest in the effective functionality of the website, so that in the case of Art. 6 para. 1 sentence 1 lit. f) GDPR is the legal basis.
  3. Objection and “Opt-Out”: You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can use third-party cookies for advertising purposes by opting out via this American website (https://optout.aboutads.info) or this European website (https://www.youronlinechoices.com/uk/your-ad-choices) contradict.https://optout.aboutads.info) or this European website (https://www.youronlinechoices.com/uk/your-ad-choices) contradict.

Cookie Bot

Processing contracts

  1. We process inventory data (e.g. company, title / academic degree, names and addresses as well as contact details of users, email), contract data (e.g. services used, names of contact persons) and payment data (e.g. bank details, payment history) in order to fulfill our contractual obligations (Knowledge of who is the contractual partner; justification, content and execution of the contract; checking for plausibility of the data) and services (e.g. contacting customer service) in accordance with Art. 6 para. 1 sentence 1 lit b) GDPR. The entries marked as mandatory in online forms are required for the conclusion of the contract.
  2. This data is not passed on to third parties, unless it is necessary to pursue our claims (e.g. transfer to a lawyer for collection) or to fulfill the contract (e.g. transfer of the data to payment providers) or there is a legal obligation to do so in accordance with. Art. 6 para. 1 sentence 1 lit. c) GDPR.
  3. We can also process the data you provide to inform you about other interesting products from our portfolio or to send you emails with technical information.
  4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. This is the case for the inventory and contract data if the data are no longer required for the execution of the contract and no more claims can be made from the contract because they are time-barred (warranty: two years / standard limitation period: three years ). Due to commercial and tax regulations, we are obliged to save your address, payment and order data for a period of ten years. However, if the contract is terminated after three years, we will restrict processing, i.e. H. Your data will only be used to comply with legal obligations. Information in the user account remains until it is deleted.

Contact via the contact form / Email / fax / post

  1. If you contact us by contact form, fax, post or email, your details will be processed for the purpose of processing the contact request.
  2. If you have given your consent, the legal basis for processing the data is Art. 6 Para. 1 S. 1 lit. a) GDPR. The legal basis for processing the data transmitted in the course of a contact request or email, letter or fax is Art. 6 Para. 1 S. 1 lit. f) GDPR. The person responsible has a legitimate interest in the processing and storage of the data, in order to be able to answer user inquiries, to preserve evidence for reasons of liability and, if necessary, to be able to meet his legal storage obligations for business letters. If the contact is aimed at the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1 sentence 1 lit. b) GDPR.
  3. We can save your details and contact request in our customer relationship management system (“CRM system”) or a comparable system.
  4. The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with you has ended. The conversation is ended when it can be inferred from the circumstances that the matter in question has been finally clarified. We store inquiries from users who have an account or contract with us up to two years after the contract has ended. In the case of statutory archiving obligations, deletion takes place after their expiry: end of commercial law (6 years) and tax law (10 years) retention requirements.
  5. You have the option at any time to withdraw your consent in accordance with Art. 6 para. 1 sentence 1 lit. a) Revoke GDPR for the processing of personal data. If you contact us by email, you can object to the storage of your personal data at any time.

Google Analytics

  1. We have integrated the website analysis tool “Google Analytics” (Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland) on our website.
  2. When you visit our website, Google places a cookie on your computer so that you can analyze the use of our website. The data obtained is transferred to the USA and stored there. If personal data should be transferred to the USA, Google’s certification in accordance with the Privacy Shield Agreementhttps://www.privacyshield.gov/EU-US-Framework) guarantees that European data protection law is complied with.
  3. We have activated the IP anonymization “anonymizeIP”, which means that the IP addresses are only processed further in abbreviated form. Your IP address will therefore be shortened beforehand on this website by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. The full IP address will only be transmitted to a Google server in the USA and abbreviated there in exceptional cases. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the controller. We have also activated the cross-device analysis of website visitors, which is carried out via a so-called user ID. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data. The use of Google Analytics serves the purpose of analyzing, optimizing and improving our website.
  4. The legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1 lit. f) GDPR.
  5. The data sent by us and linked with cookies, user IDs (e.g. user ID) or advertising IDs will be automatically deleted after 14 months. Data whose retention period has expired is automatically deleted once a month.
  6. Further information on data usage with Google Analytics can be found here: https://policies.google.com/terms?hl=de (terms of use of Analytics), https://support.google.com/analytics/answer/6004245?hl=de (information on data protection at Analytics) and Google’s data protection declaration https://policies.google.com/privacy.
  7. Objection and “opt-out”: You can generally prevent cookies from being saved on your hard drive by selecting “do not accept cookies” in your browser settings. However, this can result in a functional restriction of our offers. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de
  8. As an alternative to the browser plug-in above, you can prevent Google Analytics from collecting data by clicking [Analytics opt-out]. The click sets an “opt-out” cookie that prevents your data from being recorded when you visit this website in the future. This cookie only applies to our website and your current browser and only lasts until you delete your cookies. In this case you would have to set the cookie again.
  9. You can deactivate the cross-device user analysis in your Google account under “My data> Personal data”.

YouTube Videos

  1. We have embedded YouTube videos from youtube.com on our website using the embedded function so that they can be called up directly on our website. YouTube is part of Google Ireland Limited, registration number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland. We have integrated the videos in the so-called “extended data protection mode”, without the usage behavior being recorded with cookies in order to personalize the video playback. Instead, the video recommendations are based on the video currently playing. Videos played in an embedded player in extended data protection mode do not affect which videos are recommended to you on YouTube. When you start a video (click on the video), YouTube receives the information that you have accessed the corresponding subpage of our website . The data obtained is transferred to the USA and stored there. This also takes place without a user account with Google. If you are logged into your Google account, Google can assign the above data to your account. If you do not want this, you must log out of your Google account. Google creates user profiles from such data and uses this data for the purpose of advertising, market research or optimization of its websites.
  2. The legal basis for this is our legitimate interest in data processing according to Art. 6 Para. 1 S.1 lit. f) GDPR.
  3. You have a right of objection to Google against the creation of user profiles. Therefore, please contact Google directly using the data protection declaration below. You can opt out of the advertising cookies here in your Google account: https://adssettings.google.com/authenticated.
  4. You can find further information on the use of Google cookies in the YouTube terms of use at  https://www.youtube.com/t/terms and in the data protection declaration for advertising by Google at  https://policies.google.com/technologies/ads and their advertising technologies, storage duration, anonymization, location data, functionality and your rights. Google’s general privacy policy: https://policies.google.com/privacy.
  5. Google is certified according to the EU-US Privacy Shieldhttps://www.privacyshield.gov/EU-US-Frameworkand is therefore obliged to comply with European data protection law.

Social media

  1. We maintain profiles or fan pages in social media in order to communicate with the users connected and registered there and to provide information about our products, offers and services. The US providers are certified under the so-called Privacy Shield and are therefore obliged to comply with European data protection. When you use and call up our profile in the respective network, the respective data protection information and terms of use of the respective network apply.
  2. We process your data that you send us via these networks in order to communicate with you and to answer your messages there.
  3. The legal basis for the processing of personal data is our legitimate interest in communicating with users and our external image for the purpose of advertising in accordance with Art. 6 Para. 1 S. 1 lit. f) GDPR. Insofar as you have given the person responsible for the social network consent to the processing of your personal data, the legal basis is Art. 6 para. 1 sentence 1 lit. a) and Art. 7 GDPR.
  4. The data protection information, information and objection options (opt-out) of the respective networks can be found here:

    • Facebook Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland) Data protection: https://www.facebook.com/about/privacy/, Opt-Out: https://www.facebook.com/settings?tab=ads und http://www.youronlinechoices.com, Privacy Shield: https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

    • Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA) – Datenschutzerklärung/ Opt-Out: http://instagram.com/about/legal/privacy/.

Rights of the data subject

  1. Objection or revocation against the processing of your data

    Insofar as the processing is based on your consent in accordance with Art. 6 para. 1 sentence 1 lit. a), Art. 7 GDPR, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing based on consent before its withdrawal.

    Insofar as we process your personal data based on the balancing of interests in accordance with Art. 6 Para. 1 S. 1 lit. f) support GDPR, you can object to the processing. This is the case if the processing is not particularly necessary to fulfill a contract with you, which is described by us in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and will either stop or adjust the data processing or show you our compelling reasons worthy of protection, on the basis of which we will continue the processing.

    You can object to the processing of your personal data for advertising and data analysis purposes at any time. You can exercise the right to object free of charge. You can inform us about your objection to advertising using the following contact details:

    OriBon
    Wohlwillstrasse, 16
    20359 Hamburg
    Germany
    Represented by: Koichiro Isogai
    VAT Id number according to Sec. 27 a German Value Added Tax Act: DE300765974
    Email: info@oribon.de
  2. Right to information
    You have the right to request confirmation from us as to whether your personal data is being processed. If this is the case, you have the right to information about your personal data stored by us in accordance with Art. 15 GDPR. This includes, in particular, information about the processing purposes, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the origin of your data, unless it was collected directly from you.
  3. Right to rectification
    You have the right to correct inaccurate or correct data in accordance with Art. 16 GDPR.
  4. Right to cancellation
    You have the right to have your data stored by us deleted in accordance with Art. 17 GDPR, unless legal or contractual retention periods or other legal obligations or rights to further storage prevent this.
  5. Right to restriction
    You have the right to request a restriction in the processing of your personal data if one of the requirements in Art. 18 Para. 1 lit. a) to d) GDPR is fulfilled:
    • If you contest the accuracy of your personal data for a period of time that enables the person responsible to check the accuracy of the personal data;
    • the processing is unlawful and you refuse to delete the personal data and instead request that the use of the personal data be restricted;
    • the person responsible no longer needs the personal data for the purposes of processing, but you need them to assert, exercise or defend legal claims, or
    • if you have objected to processing in accordance with Art. 21 Para. 1 GDPR and it is not yet certain whether the legitimate reasons of the person responsible outweigh your reasons.
  6. Right to data portability
    You have the right to data portability in accordance with Art. 20 GDPR, which means that you can receive the personal data we have stored about you in a structured, common and machine-readable format or you can request the transfer to another person responsible.
  7. Right to complain
    You have the right to lodge a complaint with a supervisory authority. As a rule, you can contact the supervisory authority, in particular in the Member State of your residence, your place of work or the place of the alleged violation.

Data security

We have taken appropriate technical and organizational security measures to protect all personal data that are transmitted to us and to ensure that we, as well as our external service providers, comply with data protection regulations. That is why, among other things, all data is encrypted between your browser and our server via a secure SSL connection.