Privacy Policy

Legal Notice

Address: OSB AG: Theresienhöhe 30, 80339 Munich, Germany
Data Protection Officer: Laura von Seefranz, Lawyer
Registration Number: Munich Registration Court, HRB 147 160 (commercial register 147 160)

Privacy policy

The processing of personal data, for example the name, address, email address or telephone number of the data subject, is always carried out in line with the European General Data Protection Regulation and in line with the country-specific data protection laws applicable for OSB AG. By means of this privacy policy, our company would like to inform the public about the type, scope and purpose of the personal data collected, used and processed by us. Furthermore, this privacy policy informs data subjects of their rights.

OSB AG, as the controller, has implemented numerous technical and organizational measures for ensuring that protection of the personal data processed via this website is as seamless as possible. Nevertheless, Internet-based data transmissions may demonstrate security gaps as a matter of principle, so that absolute protection cannot be guaranteed. For this reason, each data subject has the possibility to transmit personal data by alternative means, such as by telephone.

1. Definitions

The privacy policy of OSB AG is based on terms which were used by the European Regulators when adopting the General Data Protection Regulation (GDPR). Our privacy policy should be easy to read and comprehend, both for the public as well as for our customers and business partners. To ensure this, we would like to firstly explain the terms used within it.

This privacy policy includes the following terms:

personal data: Personal data means any information relating to an identified or identifiable natural person (referred to in the following as ‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

data subject: A data subject is every identified or identifiable natural person whose personal data are processed by the controller.

processing: Processing means any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

restriction of processing: means the marking of stored personal data with the aim of limiting their processing in the future.

profiling: means any form of automated processing of personal data. This processing consists of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

pseudonymization: means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

controller: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

processor: means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

recipient: means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

third party: means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

consent: of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

2. Name and contact data of the controller as well as the Data Protection Officer

This privacy policy applies to data processing by

OSB AG
IT and Engineering Services
legally represented by the board of Directors: Denis Sisic, Ralph Ritter
Theresienhöhe 30, 80339 Munich, Germany
HRB AG Munich 147160 (commercial register district court Munich 147160)
T +49 89 23 88 57 500 | F +49 89 23 88 57 400
Email: muenchen@osb-ag.de | Internet: www.osb-ag.de

The external Data Protection Officer is

Laura von Seefranz, Gasteiger & Partner, Lawyer
Hans-Fischer-Str. 12, 80339 Munich, Germany
Email: datenschutz@osb-ag.de

3. Collection and storage of personal data as well as the type and purpose of its use

When calling up our website the browser used on your terminal automatically sends information to the server of our website. This information is stored temporarily in a logfile. The following information is logged without any action on your part and is stored until automatic erasure occurs:

  • IP address
  • Date and time of the inquiry
  • Content of the request (concrete page)
  • Access status/HTTP status code
  • The data volume transmitted
  • Website from which the request comes
  • Browser type together with the version
  • Operating system and the interface thereof
  • Language and version of the browser software
  • Name of the called-up website
  • Confirmation of successful retrieval

The named data are processed by us for the following purposes:

  • Ensuring a seamless connection set-up to the website,
  • Ensuring comfortable use of our website,
  • Assessing system security and stability as well as
  • serving other administrative purposes

This data and information, which are collected anonymously, are thus evaluated statistically and, furthermore, with the aim of increasing data protection and data security at our company, ultimately for ensuring an optimum level of protection for the personal data processed by us. The anonymous data of the server logfiles are saved separately from all personal data provided by the data subject.

The legal basis for data processing is Art. 6(1)(1)(f) GDPR. Our legitimate interest results from the above-listed purposes of data collection. Under no circumstances do we use the collected data for the purpose of drawing conclusions about your person.

Furthermore, our website uses cookies as well as analysis services. You can find more detailed explanations on this under Sections 6 and 7 of this privacy policy.

Taking up contact via the website or via email: Due to legal regulations, our website contains information which enables contact to be taken up with our company quickly by electronic means as well as direct communication with us. This also encompasses a general electronic post address (email address). Insofar as a data subject takes up contact with us via email or via a contact form, the personal data transmitted by the data subject will be saved automatically. Such personal data transmitted on a voluntary basis by a data subject to the controller are stored for processing purposes or for taking up contact with the data subject. This personal data are not forwarded to third parties.

Data processing for the purpose of taking up contact with us is carried out according to Art. 6 (1)(1)(a) GDPR on the basis of a consent issued voluntarily by you.

The personal data collected by us for taking up contact are erased after completion of the inquiry made by you.

Registration on our website: If you register yourself on our website by providing personal data, the personal data that can be viewed from the relevant input mask are transmitted to us. The personal data entered by the data subject are collected and stored exclusively for internal use by the controller and for our own purposes. The controller may request transfer to one or more processors, for example a parcel service, that also uses personal data for an internal purpose which is attributable to the controller.

Furthermore, by registering on our website, the IP address assigned to the data subject by the Internet service provider (ISP) as well as the date and time of the registration are also stored. The storage of these data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. To that extent, the storage of these data is necessary for the protection of the controller. These data are not passed on to third parties unless there is a statutory obligation to pass on the data, or if the data transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary provision of personal data, is intended to enable us to offer the data subject contents or services that may only be provided to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely erased from the data stock of the controller.

The controller shall, at any time, provide information upon request to each data subject as to which personal data are stored about the data subject. In addition, the controller shall correct or erase personal data at the request or indication of the data subject, insofar as there are no obligations with respect to legal retention periods.

4. Forwarding of data

A transmission of your personal data to a third party for purposes other than those listed in the following does not take place.

We only pass on your personal data to a third party if:

  • you have issued express consent to do so according to Art. 6 (1)(1)(a) GDPR,
  • the forwarding of data is necessary according to Art. 6(1)(1)(f) GDPR for the assertion, exercise or defense of legal claims, and there is no reason to assume that you have an overriding and legitimate interest in your data not being forwarded,
  • a statutory obligation exists for the forwarding of the data according to Art. 6(1)(1)(c) GDPR, or
  • this is permitted by law and is necessary according to Art. 6(1)(1)(b) GDPR for processing contractual relationships with you.

5. Applications/ on-spec applications

OSB AG places great value on protecting your personal data. We would thus like to inform you about observance of data privacy regulations in order to provide you with a confidential application procedure. Please read the following information and regulations carefully before transmitting your data to us.

If you would like to submit an online application, this requires the provision of certain personal data marked in the application form as a mandatory field. Additionally, you have the possibility to provide voluntary information and to transmit application documents. The transmission of data and files made available by you can only be carried out if you have clicked on the checkbox declaring that you agree to the collection, storage and use of your personal data in accordance with the pertinent privacy policies. The data and files transmitted by you will be collected, stored and processed for application procedures. They will also be used for comparison purposes to see if the information fits to projects which we need to carry out, and – where applicable – they may be shown in confidence to our business partners for coordination purposes.

Following successful completion of the application process, your data and files will continue to be used within the framework of an employment relationship. In this case, your data will be forwarded to and processed by social insurance agencies, tax offices, the law and tax consultancy firm commissioned with carrying out payroll accounting as well as to financial institutes for payment handling. Insofar as you participate in personal development measures or projects of the German Federal Employment Agency or other institutions for professional qualification, OSB AG has the right to transmit personal data to the relevant institution if this is necessary for achieving the goal of the measures and/or if required by law.

The data and files which you transmit to us during the application procedure will be stored for a period of three years in our employee and applicant management system to allow us to answer questions relating to your application and/or to offer you a suitable position. After that time, your data and files will be erased. This does not apply insofar as legal regulations contradict erasure or if a longer storage period is required for verification purposes, or if you have agreed to an extended storage period for your applicant data.

You have the right at any time to withdraw your application and/or to object to any further storage/processing of your applicant data.

To maintain the data, we sometimes use the services of companies located outside of the EU. However, in this case, too, the data are processed according to our high data privacy standards, and are stored and processed only on servers in Germany. Furthermore, your data will not be forwarded to third parties, unless you have expressly agreed to this, or if a relevant official order or legal requirement demands this.

The consent given by you for storing and using your personal data and files may be withdrawn at any time with future effect. Please direct your withdrawal to: OSB AG, Recruiting, Theresienhöhe 30, 80339 Munich, Germany, or send an email to datenschutz@osb-ag.de.

All personal data collected and processed by us within the framework of an application procedure are protected from unauthorized access and manipulation by means of technical and organizational measures. The personal data and files transmitted to us are transferred in encrypted form to prevent misuse by third parties. In addition to our privacy policy for applicants, our general privacy policies also apply. OSB AG reserves the right to align the content of these privacy notices from time to time. It is thus advisable to familiarize yourself with the information on data processing at regular intervals.

Furthermore, you are afforded the rights listed under Section 13.

We would be happy to receive on-spec applications, too. Please ensure that sufficient security measures are in place with respect to the transmission mode selected by you. Sending an email without a suitable encryption method is not advisable, as your data may be read and used without great effort by unauthorized parties along the communication path. For making on-spec applications, you are thus welcome to use the following link https://www.osb-jobs.de/bewerbungform_extern.php.

6. Cookies

We use cookies on our website. Cookies are a small files which your browser generates automatically and stores on your terminal (laptop, tablet, smartphone, etc.) whenever you visit our site. Cookies do not cause any damage on your terminal; they contain no viruses, Trojans or other malware.

The cookie stores information arising in connection with the specific terminal used. This does not mean, however, that we receive direct knowledge of your identity through this.

On the one hand, the use of cookies assists us in making the use of our website more comfortable for you. To do this, we use session cookies to recognize that you have visited individual pages of our website. These cookies are deleted automatically when you leave our site.

Furthermore, we also use temporary cookies for optimizing user friendliness. These cookies are stored for a specified period of time on your terminal. If you visit our website again to make use of our services, these cookies automatically recognize that you have already visited the site before and which information and settings you have provided, thereby saving you the effort of having to enter these details once again.

On the other hand, we use cookies for statistically recording the use of our website and for evaluating these statistics to optimize our Internet presence (see Section 6). Upon visiting our site again, these cookies allow us to automatically recognize that you have visited the site before. These cookies are deleted after a defined period of time.

The data processed by cookies are necessary for the named purposes to safeguard our legitimate interests as well as those of third parties according to Art. 6(1)(1)(f) GDPR.

Most browsers accept cookies automatically. However, you can configure your browser in such a way that no cookies are stored on your computer or that a notification always appears before a new cookie is stored. The complete deactivation of cookies may mean, however, that you cannot use all the functions of our website.

7. Analysis tools

Tracking tools: The tracking measures outlined in the following and used by us are carried out on the basis of Art. 6(1)(1)(f) GDPR. With the tracking measures used, we wish to ensure the needs-based design and continuous optimization of our website. Furthermore, we also use tracking measures for statistically recording the use of our website and for evaluating these statistics to optimize our Internet presence for you. These interests are seen as legitimate within the meaning of the above-named regulation.

The data processing purposes and data categories may be gathered from the relevant tracking tools.

Google Analytics with anonymization function: We have integrated the Google Analytics component on our website (with anonymization function). Google Analytics is a web analysis service. Web analysis is the capture, collection and evaluation of data relating to the behavior of visitors to websites. A web analysis service primarily captures data which determine the Internet page where a data subject originated from when they arrive at a particular site (referrer), which subpages of the website are accessed or how often and for which dwell time a subpage was viewed. A web analysis is primarily used for optimizing a website and for carrying out a cost/benefit analysis for Internet advertising.

The operating company of the Google Analytics component is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

For the web analysis via Google Analytics we use the extension “_gat._anonymizeIP”. By means of this extension, the IP address of the Internet connection of the data subject is abbreviated and anonymized by Google if our Internet pages are accessed from a Member State of the European Union or another Contracting Party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is the analysis of traffic to our website. Among other things, Google uses the gained data and information for evaluating the use of our website in order to compile online reports for us relating to the activities on our Internet pages, and to provide other services associated with the use of the website.

Google Analytics uses a cookie on the information technology system of the data subject. The term “cookies” has already been explained above. By setting the cookie, Google is able to analyze the use of our website. Every time a user calls up one of the individual pages of this website that is operated by the controller and in which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the relevant Google Analytics component to transmit data to Google for the purposes of online analysis. As part of this technical process, Google receives knowledge of personal data, such as the IP address of the data subject, which assist Google, inter alia, in determining the origin of the visitors and clicks, and subsequently in generating commission settlements.

By means of cookies, personal information such as access time, the place from which access originated and the frequency at which the data subject visits our website is stored. With every visit to our Internet pages, this personal data, including the IP address of the Internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Under certain circumstances, Google forwards the personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website at any time, as already outlined above, by means of a relevant setting in the Internet browser used, thereby permanently objecting to the setting of cookies. Such a setting in the Internet browser used would also prevent Google from setting a cookie on the information technology system of the data subject. In addition, a cookie already set by Google Analytics may be deleted at any time via the Internet browser or another software program.

Furthermore, the data subject has the possibility to object to and prevent the capture of data generated by Google Analytics relating to use of this website as well as to the processing of these data by Google. To do this, the data subject must download and install a browser add-on under the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information on website visits are allowed to be transmitted to Google Analytics. The installation of the browser add-on is regarded by Google as an objection. If the information technology system of the data subject is deleted, formatted or reinstalled at a later time, the data subject must reinstall the browser add-on to disable Google Analytics. If the browser add-on was deinstalled or disabled by the data subject or any other person who is attributable to their sphere of competence, it is possible to execute the reinstallation or reactivation of the browser add-on.

Further information and the valid privacy policies of Google may be retrieved via https://www.google.de/intl/de/policies/privacy/ and via https://www.google.com/analytics/terms/de.html. Google Analytics is explained in more detail via this link https://www.google.com/intl/de_de/analytics/.

Google AdWords conversion tracking: We have integrated Google AdWords on this website. Google AdWords is an Internet advertising service which allows advertisers to place advertisements in the search engine results of Google as well as in the Google Advertising Network. Google AdWords allows advertisers to predefine specific keywords with the help of which an advertisement is displayed in the search engine results of Google only when the user retrieves a keyword-relevant search result via the search engine. In the Google Advertising Network, advertisements are distributed on websites with relevant topics by means of an automated algorithm and taking into account the previously defined keywords.

The operating company of the Google AdWords services is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043-1351, USA.

The purpose of Google AdWords is to promote our website by including relevant advertisements on the websites of third-party companies and in Google search engine results, as well as through the inclusion of third-party advertisements on our website.

If a data subject accesses our website via a Google advertisement, a conversion cookie is stored by Google on the information technology system of the data subject. The term “cookies” has already been explained above. A conversion cookie loses its validity after thirty days and is not used to identify the data subject. Insofar as the conversion cookie has not expired, it provides information on whether certain subpages, for instance the shopping cart of an online shop system, were called up on our website. By means of the conversion cookie, both we and Google can see whether or not a data subject who accessed our website via an AdWords advertisement generated sales, i.e. completed or aborted the purchase of goods.

The data and information collected through the use of the conversion cookie are used by Google to generate visit statistics for our website. In turn, these visit statistics are used by us to determine the total number of users who accessed our website via AdWords advertisements, i.e. to determine the success or failure of the relevant AdWords advertisement and to optimize our AdWords advertisements for the future. Neither our company nor other advertising clients of Google AdWords receive information from Google which could lead to the identification of the data subject.

Personal information, such as the websites visited by the data subject, are stored by the conversion cookie. With every visit to our Internet pages, this personal data, including the IP address of the Internet connection used by the data subject, are transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Under certain circumstances, Google forwards these personal data collected via the technical procedure to third parties.

The data subject can prevent the setting of cookies by our website at any time, as already outlined above, by means of a relevant setting in the Internet browser used, thereby permanently objecting to the setting of cookies. Such a setting in the Internet browser used would also prevent Google from setting a conversion cookie on the information technology system of the data subject. In addition, a cookie already set by Google AdWords may be deleted at any time via the Internet browser or another software program.

Furthermore, the data subject has the possibility to object to interest-related advertising by Google. To do this, the data subject must call up the link www.google.de/settings/ads from each one of the Internet browsers in use and make the desired settings.

Further information and the valid privacy policies of Google may be retrieved via https://www.google.de/intl/de/policies/privacy/.

8. Incorporation of Google Maps

This page uses Google Maps. In this way, we can display interactive maps directly on the website, providing you with comfortable use of the map function.

By visiting the website, Google receives information that you have called up the relevant subpage of our website. This takes place irrespective of whether Google provides a user account via which you are logged in or if no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish for Google to carry out this assignment to your profile, you must log out prior to activation of the button. Google stores your data as a user profile and uses it for the purposes of advertising, market research and/or needs-based website design. Such an assessment takes place (even in the case of users who are not logged in) primarily for providing needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the formation of this user profile. To exercise this right, you need to contact Google.

Further information on the purpose and scope of data collection and the processing thereof by the plug-in provider can be obtained from the privacy policies of the provider. There you will also receive additional information on your rights in this context as well as the setting options for protecting your private sphere: https://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and is subject to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

9. Use of script libraries (Google Web Fonts)

To present our content correctly and in a visually attractive way across different browsers, we use script libraries, such as Google Web Fonts, on this website (https://www.google.com/webfonts/). Google Web Fonts are transferred into your browser cache to avoid multiple loading. If the browser does not support Google Web Fonts or denies access, the contents will be shown in a standard font. When script libraries or font libraries are retrieved, a connection is automatically triggered to the operator of the library. To do this, the browser used by you must take up contact to the servers of Google. In this way, Google is informed that our website has been called up by your IP address. We use Google Web Fonts to ensure that our online presence has a consistent and attractive appearance. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

If your browser does not support Web Fonts, a standard font will be used on your computer. Further information on Google Web Fonts may be found at developers.google.com/fonts/faq and in the privacy policy of Google: https://www.google.com/policies/privacy/.

10. Social plugins from Facebook, Twitter, Google+, Xing and LinkedIn using the Shariff solution:

Our website uses social plugins (“plugins”) from social networks. To increase protection of your data when visiting our website, the plugins are not embedded in the website in an unrestricted way but only through the use of a HTML link (“Shariff solution”).

The developer of the component is GitHub, Inc. 88 Colin P. Kelly Junior Street, San Francisco, CA 94107, USA. Further information and the valid privacy policies of Google may be retrieved via https://help.github.com/articles/github-privacy-policy/.

This HTML link ensures that when calling up a page on our website which contains such plugins, no immediate connection is generated to the servers of the relevant social network provider. If you click on one of the buttons, a new window opens in your browser and calls up the page of the relevant service provider on which you can activate the like or share button, for instance (if necessary after entering your login data). Please consult the privacy policies of the providers to find out about the purpose and scope of this data collection, the further processing and use of the data by the providers on their websites, as well as your rights and the setting options to protect your private sphere.

XING:         https://www.xing.com/privacy

LinkedIn:    https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy

Facebook:   https://www.facebook.com/policy.php

twitter:       https://twitter.com/de/privacy

google+:     https://google.com/intl/de/+/policy/+1button.html

11. Data subject rights

You have the right:

§  according to Art. 15 GDPR to request information about your personal data processed by us. In particular, you can request information on the processing purposes, the category of personal data, the categories of recipients to whom your data have been or will be disclosed, the planned storage duration, the existence of a right to correct, erase, restrict or object to the processing, the existence of a right of complaint, the origin of your data – insofar as these have not been collected by us, as well as the existence of automated decision-making – including profiling – and, where necessary, meaningful information on the details thereof;

§  according to Art. 16 GDPR to request immediate correction of incorrect or the completion of incomplete personal data stored by us;

§  according to Art. 17 GDPR to request the erasure of the personal data stored by us, insofar as the processing of this data is not required for exercising the right of free expression and information, the fulfilment of a legal obligation, for reasons of public interest, or for the assertion, exercise or defense of legal claims;

§  according to Art. 18 GDPR to request the restriction of personal data processing, insofar as the correctness of the data is contested by you, the processing is unlawful – yet erasure has been declined by you, we no longer require the data – yet you require them for the assertion, exercise or defense of legal claims, or you have filed an objection to the processing according to Art. 21 GDPR;

§  according to Art. 20 GDPR to receive your personal data that you have made available to us in a structured, common and machine-readable format, or to request the transmission thereof to another controller;

§ according to Art. 7(3) GDPR to revoke your consent issued to us. This will mean that we are not permitted to continue with the data processing carried out on the basis of this consent in future, and

§  according to Art. 77 GDPR to complain to a supervisory authority. As a rule, you may turn to the supervisory authority in the place of your usual abode, of your work or of our company headquarters.

12. Right of objection

Insofar as your personal data are processed on the basis of legitimate interests according to Art. 6(1)(1)(f) GDPR, you have the right according to Art. 21 GDPR to file an objection against the processing of your personal data, provided there are specific grounds for this arising from your particular situation, or the objection is aimed against direct advertising. In the latter case, you have a general right of objection which will be implemented by us without the need for information relating to a particular situation.

If you would like to exercise your right of revocation or right of objection, it is sufficient to send an email to datenschutz@osb-ag.de.

13. Legal basis for processing

Art. 6(1)(a) GDPR serves our company as the legal basis for processing operations during which we obtain a consent for a certain processing purpose. If the processing of personal data is required for fulfilling a contract, whose contracting party is the data subject, as is the case for instance with processing operations which are necessary for delivering goods, another service or return service, the processing is based on Art. 6(1)(b) GDPR. The same applies to processing operations necessary for carrying out precontractual measures, such as in the case of inquiries about our products or services. If our company is subject to a legal obligation requiring processing of personal data, such as for fulfilling tax obligations, the processing is based on Art. 6(1)(c) GDPR. In rare cases, the processing of personal data may be necessary in order to protect vital interests of the data subject or another natural person. This would be the case, for instance, if a visitor were injured at our company and needed to pass on his or her name, age, health insurance data or other vital information to a physician, hospital or other third-party. Then the processing would be based on Art. 6(1)(d) GDPR. Finally, processing operations may be based on Art. 6(1)(f) GDPR. This forms the legal basis for processing operations which are not covered by any of the above-named legal bases if the processing is required for protecting a legitimate interest of our company or a third party, insofar as the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh this. We are permitted to carry out such processing operations particularly because they are given special mention by the European legislator. The European legislator took the view that a legitimate interest could be assumed if the data subject is a customer of the controller (Recital 47 Sentence 2 GDPR). If the processing of personal data is based on Art. 6(1)(f) GDPR, our legitimate interest is the performance of our business activities to promote the well-being of all our employees and our shareholders.

14. Duration for which personal data are stored

The criterion regarding the duration for storing personal data is the legal retention period. Following expiry of this period, the relevant data are routinely erased, insofar as they are no longer required for contract fulfilment or contract initiation.

15. Data security

Within the context of a website visit we use the widespread SSL procedure (Secure Socket Layer) in connection with the highest encryption level that is supported by your browser. Usually, this is a 256-bit encryption. If your browser does not support a 256-bit encryption, we fall back on 128-bit v3 technology instead. You can recognize if an individual page of our website has been transmitted in encrypted form by means of a closed key or lock symbol in the lower status bar of your browser.

Besides this, we also use technical and organizational security measures to protect your data from accidental or intentional manipulation, partial or complete loss, destruction, and unauthorized access by third parties. Our security measures are improved on an ongoing basis in accordance with technological development.

16. Validity and modification of this privacy policy

This privacy policy is currently valid. It was issued in May 2018.

Due to the further development of our website and offers thereon, or due to altered legal or official requirements, it may be necessary to modify this privacy policy. The current privacy policy may be retrieved from our website at any time.

 

OSB AG | 24.05.2018