Privacy Policy

Legal Notice

1. Competent Authority

The competent authority for the processing of your personal data within the meaning of the German Federal Data Protection Act is OSB AG, Theresienhöhe 30, 80339 Munich (hereinafter referred to as OSB). The external data protection officer is Mr. Jörg Hermann, jmh datenschutzberatung, Werk 1, Atelierstraße 29, 81671 Munich, info@jmh-datenschutz.de.

If you wish to object to the processing of your data by OSB in accordance with these data privacy provisions – either as a whole or with regard to individual measures, or if you wish to exercise your other rights (see also Section 6), or if you have questions relating to data privacy, you can send your objection, request or questions by email, fax or letter using the following contact details: OSB AG, Theresienhöhe 30, 80339 Munich, Fax: +49 89 23 88 57 400, email: datenschutz@osb-ag.de

 

2. Which data is processed and how?

2.1 Personal data

Personal data refers to information that can be attributed to an identified or directly/indirectly identifiable natural person.

Personal data includes, but is not limited to, general personal master data (e.g. name, address, date of birth, telephone number, email address, etc.), resumes, bank data (account number, etc.), and data issued by authorities (e.g. driver's license number, ID card number, passport number), value judgements (e.g. school and job references, etc.), online data (IP address, date, time and duration of use, location data, etc.), customer data, and supplier data, etc.

2.2 Processing your personal data

Data privacy is very important to us. Therefore, when processing your personal data, we strictly adhere to the legal provisions of the European General Data Protection Regulation (GDPR), the German Federal Data Protection Act (new), the German Telemedia Act and – where applicable – the other data protection laws in the European Economic Area (EEA) and in Switzerland.

OSB is an engineering service provider operating Germany-wide. Data processing at OSB is carried out in order to provide consulting and development services to OSB customers and affiliated companies as well as to all related ancillary operations.

Your personal data will only be used for advertising/market research purposes if you have given us your express consent to do so.

2.2.1 Description of the data subjects

Essentially, the personal data of the following data subjects is collected, processed and used:

* Customer data: Personal identification and communication data is processed for the purpose of communicating with the customer, conducting our relevant business with the customer and, furthermore, for initiating business contacts and informing customers.

* Supplier data: Personal identification, communication and performance data, as well as economic and financial information, payment and bank details are processed for the purpose of communicating with suppliers and for conducting our relevant business with the suppliers.

* Employee data: Personal identification and performance data (certificates, etc.), contract master data, insurance data, absence period data, payment and bank details, tax and social security data, login data, communication data, travel booking data, and vehicle booking data are processed for the purpose of implementing and handling the relevant employment relationship, fulfilling legal obligations, and in our legitimate corporate interest of managing, organizing and conducting our business activities.

* Applicant data: Personal identification data, performance data (certificates, etc.), payment and bank details, as well as travel booking data (when booking through OSB) are processed for the purpose of initiating employment relationships, fulfilling legal obligations, and in our legitimate corporate interest of managing, organizing and conducting our business activities, as well as for the further development of our internal systems.

* Website visitors: Usage data is processed for providing our services, for statistical purposes and for improving the information on our website (pseudonymized profiles in accordance with § 15 (3) TMG – German Telemedia Act).

* Interested parties: Personal identification data, communication data and, where applicable, economic and financial information of parties interested in OSB are processed for the purpose of fulfilling the business objective.

* Other personal data: The personal data of other business partners (e.g. system partners, chambers, associations, banks and authorities) is processed within the context of the respective collaboration and thus for fulfilling our business objective.

2.2.2 Data recipients or categories of data recipients

Only the data necessary to fulfil the purpose of the company as well as the contractual agreements will be passed on. The following are the main recipients:

* Service providers who are commissioned to ensure proper business operations (e.g. service providers for delivering website and marketing content, suppliers for supporting administrative processes, including travel service providers for handling employee business trips, landlords for employee apartments, the Employer’s Liability Insurance Association for the administrative sector (VBG) and the company physician within the context of occupational healthcare and occupational safety, insurance companies for damages within the context of the employment relationship). The legal basis for this is either Art. 28 GDPR in the case of contracted processing services or, if applicable, § 26 BDSG – German Federal Data Protection Act (in conjunction with Art. 88 GDPR) for the purposes of initiating or implementing an employment relationship with you

* External bodies for fulfilling the purposes mentioned under Section 2 (e.g. customers or affiliated companies of OSB within the meaning of §§ 15 ff. AktG – German Stock Corporation Act, where the employee is employed, or where the employee or applicant is to be employed within the scope of the employment relationship, customers and suppliers for handling projects, credit institutions for salary payments, tax consultants and auditors). The legal basis is generally § 26 BDSG – German Federal Data Protection Act (in conjunction with Art. 88 GDPR) for establishing or implementing an employment relationship with the employees, or Art. 6 (1) (f) GDPR with regard to general operational obligations such as tax returns, audits, etc. Furthermore, this personal data is processed for the purpose of compliance with statutory provisions and regulations, such as labor law, tax and social law, the Money Laundering Act and international sanctions regulations (e.g. EU Directive on combating terrorism). The legal basis is Art. 6 (1) (c) GDPR in conjunction with the relevant provision of national law.

* Public bodies in the case of overriding legal provisions (e.g. social insurance institutions, financial authorities). The legal basis for this is Art. 6 (1) (c) GDPR in conjunction with the relevant legal provisions, in particular labor and social law.

* When processing data for the purposes named in Section 2.5, we partly draw on the services of companies acting on our behalf (contracted processing services according to Art. 28 GDPR), which have headquarters within or beyond the EU, for providing IT services, outsourcing data processing, etc. The data is forwarded on the basis of appropriate safeguards by way of the standard contractual clauses approved by the EU Commission (according to Art. 46 (2) (c) GDPR). However, in this case, too, the data is processed according to our high data privacy standards, and is stored and processed only on servers in Germany.

2.3 Processing of data when visiting our website

When you access our website, we automatically process information (server log files) such as the type of web browser, the operating system used, the domain name of your Internet service provider, among other things. This data is limited to information that does not allow any direct conclusions to be drawn about your person. This information is necessary from a technical standpoint in order to correctly deliver the content of the web pages requested by you and is mandatory when using the Internet. Anonymous information is statistically analyzed by us in order to optimize our website and the technology behind it. The legal basis is the provision of a service requested by the user according to Art. 6 (1) (b) GDPR or our legitimate interest in providing the services of our website in accordance with Art. 6 (1) (f) GDPR.

2.4 Contact form

If you contact us by email or our contact form, the information you provide will be processed for the purpose of handling the inquiry and for possible follow-up questions. The legal basis is our legitimate interest in providing the services of our website in accordance with Art. 6 (1) (f) GDPR, or the fulfilment of an inquiry you have made within the meaning of Art. 6 (1) (b) GDPR.

2.5 Data privacy information for applicants

If you apply to OSB in order to enter into an employment relationship with OSB, OSB will process your personal data that you provide to us as part of your application for the purpose of initiating a contract – and, if applicable, for executing a contract. The legal basis for this is, in each case, § 26 BDSG – German Federal Data Protection Act (in conjunction with Art. 88 GDPR) for the establishment and implementation of an employment relationship.

The data involved is that which must necessarily be provided by you, such as your title, name, address and email address, telephone number as well as information on your education and training, professional experience, knowledge in the sense of additional qualifications, as well as preferences with regard to the type of employment at OSB – with information on the professional field, preferred place of work and working hours, etc.

The following categories of data are collected:

·        Personal identification and contract master data (e.g. name, postal address, email, telephone number)

·        (Work) preferences (e.g. occupational field, type of employment)

·        Education, professional experience, skills

·        Application documents (e.g. certificates, references, resume, photo)

·        Usage or inventory data (e.g. IP address, name of the retrieved file, date and time of retrieval, data volume transferred, notification of successful retrieval, web browser, originating domain)

Furthermore, we use your email address to contact you in case we conduct internal company surveys to the improve the quality of OSB. Participation in the surveys is voluntary and the results are used purely anonymously.

Details:

2.5.1 Online application form

If you apply via our online form, you will be asked for the personal data outlined above. The data you provide will be processed only within the scope of the application process and in our applicant database set up for this purpose. Other statements not strictly required but made voluntarily by you will only be processed if you expressly and voluntarily provide them to us.

2.5.2 Application or contact at trade fairs

If you approach us personally with your application at trade fairs and provide us with your personal data in your application documents for this purpose, we will process the data you provide only within the scope of the application process and only then in our applicant database.

2.5.3 Application by other means (e.g. by e-mail)

If you use any other means (e.g. email) to contact us with your application and provide us with personal data in your application documents for this purpose, we will process the data you supply only within the scope of the application process.

2.6 Data privacy information for customers and suppliers

Personal data will be processed within the scope of the business relationship with customers & suppliers or future customers/suppliers. If you are in a business relationship with OSB or in negotiations about a potential business relationship with OSB, OSB will process your personal data for the purpose of initiating and, if applicable, executing contracts and the agreed business activities.

The data categories that are processed are listed in the following. These may relate to you or the company which your work for:

·        Personal identification and contract master data (e.g. name, postal address, email, telephone number) of business partners and their contact persons

·        Order and billing data

·        Payment and bank details

·        Communication

·        Information for and about advertising and direct marketing

Furthermore, the processing of data serves the purposes of invoicing, financial reporting, project management, and maintaining the ongoing business relationship. This includes advertising and direct marketing. The legal basis for this is, in each case, Art. 6 (1) (b) GDPR with regard to the conclusion, execution and processing of contracts, insofar as you yourself are a contractual partner, and otherwise also Art. 6 (1) (f) GDPR with regard to the processing of contracts as well as to our other legitimate interests, such as accounting or direct marketing.

3 Disclosure of your personal data to third parties

OSB processes the data itself. Your data will not be sold nor made available to other non-authorized third parties. OSB ensures that the data is only disclosed within companies affiliated with OSB within the meaning of §§ 15 ff. AktG – German Stock Corporation Act, as well as to customers, service providers and legal recipients. In each case, this data is only disclosed to the extent necessary for achieving the purpose:

3.1 For contract initiation

Your personal data will be transferred to customers and affiliated companies of OSB within the meaning of §§ 15 ff. AktG – German Stock Corporation Act, insofar as this is necessary – in particular to the hirers within the framework of employee leasing for the acquisition of activities. Applications in the areas of back office and business management are not affected by this.

3.2 For execution of the contract

Insofar as it is essential for the purpose of implementing your employment relationship with OSB, your personal data will be transferred to the third parties necessarily involved in the execution of the contract (customers, suppliers, affiliated companies of OSB within the meaning of §§ 15 ff. AktG – German Stock Corporation Act).

3.3 Within the context of our business objectives or if permitted or required by law

 

We may disclose information about you to third parties for business purposes, or when disclosure is permitted or required by law. Similarly, information will be disclosed to government institutions and authorities entitled to receive such data only as required by law or if OSB is obliged to provide such information by a court order.

4. SSL-Encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption procedures (e.g. SSL) via HTTPS for the provision of our web pages and for the services made available by them.

5. Deleting or blocking your data

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as stipulated by the various storage periods provided for by law. After the respective purpose has ceased to exist or these periods have expired, the corresponding data will be routinely blocked or deleted in accordance with the statutory provisions.

6. Which rights do you have?

You have the right to receive information at any time about your personal data stored by us (Art. 15 GDPR). Likewise, you have the right to have your personal data corrected, blocked or – aside from mandatory data storage for business transactions or for the fulfillment of legal or contractual obligations – deleted (Art. 16, 17, 18 GDPR). Furthermore, you have the right to have the data transferred in a structured, common and machine-readable format, insofar as you have provided us with the data on the basis of consent or on the basis of a contract between OSB and yourself (Art. 22 GDPR). You have the right to object to processing on the basis of a legitimate interest, in which case we can state our compelling reasons (Art. 21 (1) GDPR), as well as to object to the use of your personal data for the purposes of direct advertising (Art. 21 (2) GDPR).

To ensure that data blocking can be taken into account at any time, this data must be kept in a blocking file for monitoring purposes. You can make changes or revoke consent with effect for the future by notifying us accordingly.

Purely automated decision-making within the meaning of Art. 22 GDPR does not take place.

Please contact us using the contact details listed in Section 1 if you wish to exercise these rights. If you would like to request detailed information on all the personal data that OSB has stored about you, you must provide proof of identity that includes a photo.

7. How do we protect your personal data?

We carry out physical, technical and administrative security measures in order to ensure that your personal data is suitably protected against loss, misuse, unauthorized access, disclosure and alteration. These security measures include firewalls, data encryption, physical access restrictions to our data centers, and authorization controls for access to data.

8. How do we use cookies?

8.1 What are cookies?

Like many other websites, we also use what are referred to as “cookies”. Cookies are small text files that are transferred from a website server to your hard drive. Through this, we automatically obtain certain data via your computer and your connection to the Internet, such as the IP address, the browser used and the operating system.

Cookies cannot be used to run programs or transmit viruses to a computer. Based on the information contained in cookies, we can simplify the navigation of our website and enable the correct display of our web pages.

Under no circumstances will the data we collect be passed on to third parties or linked to personal data without your consent.

Of course, you can also view our website without cookies. Internet browsers are regularly set to accept cookies. You can disable the use of cookies at any time via your browser settings. Please use the help function of your Internet browser to find out how you can change these settings. Please note that individual functions of our website may not work if you have disabled the use of cookies.

8.2 Which cookies do we use?

On this website we use various categories of cookies: technically necessary cookies, without which the functionality of our website would be limited, as well as optional analysis, functional and marketing cookies that come from third-party providers:

8.3 Technically necessary cookies

These cookies are essential to enable you to navigate our web pages, use their features and view designs. They also store, for example, whether you agree to the use of cookies as well as your selected cookie settings. These cookies do not collect any information about you for marketing purposes nor do they store where you have been on the Internet. These cookies are usually session-specific and expire after your visit to the website (session), unless the relevant functions require storage beyond this (e.g. saving the cookie setting). The legal basis for the use of technically necessary cookies and the processing of your data via these cookies is our legitimate interest in displaying the functions of our website and making them available for use, Art. 6 (1) (f) GDPR.

In this context we use, for example:

8.3.1 Google Webfonts

 

To present our content across different browsers correctly and in a visually attractive way, we use script libraries and font libraries, such as Google Web Fonts, on this website (https://www.google.com/webfonts/). Google Web Fonts are transferred into your browser cache to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, the contents will be shown in a standard font. When script libraries or font libraries are called up, a connection is automatically triggered to the operator of the library. To do this, the browser used by you must take up contact to the servers of Google. In this way, Google is informed that our website has been called up by your IP address. We use Google Web Fonts to ensure that our online presence has a consistent and attractive appearance. This represents a legitimate interest within the meaning of Art. 6 (1) (f) GDPR.

If your browser does not support Web Fonts, a standard font will be used by your computer. Further information on Google Web Fonts may be found at developers.google.com/fonts/faq and in the privacy policy of Google: https://www.google.com/policies/privacy/.

8.4 Analysis cookies

Analysis cookies collect information on how visitors use a website overall, for instance which pages they visit most often and if they receive error messages from our web pages. All the information collected using these cookies is used solely to understand and improve the functionality and service of the website.

The legal basis for the use of analysis cookies and the processing of your data by the provider of these cookies is your prior consent (Art. 6 (1) (a) GDPR).

We use the analysis cookies described in the following:

8.4.1 Google Analytics

This website uses Google Analytics, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (hereinafter: Google). The information about your use of this website generated by Google Analytics is usually transmitted to a Google server in the US and saved there. However, due to the activation of IP anonymization on these web pages, your IP address will first be shortened by Google within member states of the European Union or in other states which are party to the agreement on the European Economic Area. Only in exceptional cases will the complete IP address be transmitted to a Google server in the US and shortened there. On behalf of the operator of these web pages, Google will use this information to evaluate your use of the website in order to compile reports on website activities and to render additional services to the website operator regarding website and Internet use. The IP address transmitted from your browser within the context of Google Analytics will not be collated with other data from Google.

8.5 Functional cookies

We use functional cookies to improve and simplify the use and performance of our website.

The legal basis for the use of functional cookies and the processing of your data by the provider of these cookies is your prior consent (Art. 6 (1) (a) GDPR).

We use the functional cookies and tools described in the following:

8.6 Marketing cookies

Marketing cookies are used to better target advertising to you and your interests. They are also used to limit how often you see the same advertisement, to gauge the effectiveness of an advertising campaign, and to understand people’s behavior after viewing an advertisement. These cookies are typically placed by advertising networks on the pages of the website operator with the consent of the website operator (i.e. in this case, us). They recognize that a user has visited a website and pass this information on to others, e.g. advertising companies, or adapt advertisements themselves accordingly. Often they are linked to a website functionality provided by that company. We thus use these cookies to link to social networks, which can then further use the information about your visit to target advertising to you on other websites, and to provide information about your visit to the advertising networks we use, so that you can later be presented with exactly the advertising that you are potentially really interested in, based on your browsing behavior. Again, we do not merge the data collected via these cookies with other information about our visitors.

The legal basis for the use of marketing cookies and the processing of your data by the provider of these cookies is your prior consent (Art. 6 (1) (a) GDPR).

We use the marketing cookies described in the following:

8.6.1 YouTube

We use the YouTube.com platform to post our own videos and make them publicly available. YouTube is offered by a third party not affiliated with us, namely YouTube LLC.

We also directly integrate videos stored on YouTube on some of our Internet pages. This integration allows content from the YouTube website to be displayed in parts of a browser window. However, the YouTube videos are only called up by clicking on them separately. This technology is also referred to as “framing”.

When calling up YouTube videos, the IP address as well as other data relating to your browser are transmitted, thereby providing certain information – in particular about which of our web pages you have visited. For more information on data processing carried out via YouTube, please refer to the data privacy policy of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, at: https://policies.google.com/privacy.

8.7 How can I declare or revoke my consent to cookies?

If you visit our website for the first time, you will be shown the data privacy notice on the start page, with the consent text for optional cookies. By clicking on the individual categories and then confirming this selection by clicking on “Accept all”, you agree to these cookie settings. You can adjust and change these cookie settings at any time by clicking on the blue cookie logo at the bottom right of the website pages.

9. Use of social plugins

On our website we use the “social media plugins” of the social networks Facebook, Xing, LinkedIn and Twitter. The social media plugins are recognizable by the logo of the relevant social network.

Facebook Inc. (1601 S. California Ave – Palo Alto – CA 94304 – USA)

XING AG (Gänsemarkt 43 – 20354 Hamburg – Germany)

LinkedIn Corp. (2029 Stierlin Court – Mountain View – CA 94043 – USA)

Twitter (One Cumberland Place – Fenian Street – Dublin 2 – D02 AX07 – Ireland)

The social media plugins on our website are disabled by default. To use the social media plugins, you must activate them by clicking on the corresponding button. As long as the social media plugin is not activated, no data will be transmitted to the social network. After activation, the social media plugin generates a connection to the servers of the social network and remains active until you deactivate it again or delete your corresponding cookies. Activation establishes a direct connection with the server of the relevant social network. The content of the social media plugin is transmitted by the social network directly to your browser, which embeds it in the website visited. We therefore have no influence on the scope of the data collected by the social media plugin.

Please refer to the data privacy policies of the social networks for more information on the purpose and scope of data collection, as well as on the further processing and use of the data by the respective social networks, your rights in this regard, and the setting options for protecting your privacy.

Facebook:   https://www.facebook.com/policy.php

XING:         https://www.xing.com/privacy

LinkedIn:    https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-join-privacy-policy

twitter:        https://twitter.com/de/privacy