Data protection

Information about the collection of personal data

a) Below, we provide information about the collection of personal data when using our website. Personal data is all data that can be related to you personally, e.g. name, address, email addresses, user behaviour.

b) The controller pursuant to Art. 4 (7) of the EU General Data Protection Regulation (hereinafter ‘GDPR’) is

O.E.M. Tec GmbH
Münchener Straße 17
D-06796 Sandersdorf-Brehna

Telephone: +49 34954 24890
Email: info@oem-tec.com

To protect your rights and ensure the legally compliant processing of your data, we have appointed an external data protection officer.
Here are their contact details:

gds – Gesellschaft für Datenschutz Mittelhessen mbh
datenschutz at gdsm.de (at = @).
06421 / 80413-10

c) If we use contracted service providers for individual functions of our offering or wish to use your data for advertising purposes, we will inform you in detail about the respective processes below. We will also specify the criteria for the storage period.

Your rights

a) You have the following rights with regard to your personal data:

Right to information (Art. 15 GDPR),
Right to rectification (Art. 16 GDPR) or erasure (Art. 17 GDPR),
Right to restriction of processing (Art. 18 GDPR),
Right to object to processing (Art. 21 GDPR), see section 6 for details.
Right to data portability (Art. 20 GDPR).

b) You also have the right to complain to a data protection supervisory authority about our processing of your personal data (Art. 77 GDPR).

Collection of personal data when visiting our website

a) When using the website for purely informational purposes, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure stability and security on the basis of Art. 6 para. 1 lit. f GDPR and in accordance with §25 TDDDG:

IP address
Date and time of the request
Time zone difference to Greenwich Mean Time (GMT)
Content of the request (specific page)
Access status/HTTP status code
Amount of data transferred in each case
Website from which the request originates
Browser
Operating system and its interface
Language and version of the browser software.

b) The personal data collected here is not stored as a log file but is deleted immediately after you use our website.

c) In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive and assigned to the browser you are using, and through which certain information flows to the entity that sets the cookie (in this case, us). Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offering more user-friendly and effective overall. The use of these cookies is based on Art. 6 para. 1 lit. a or c. GDPR.

Use of cookies:

a) This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies (see b)
Persistent cookies (see c).

b) Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a so-called session ID, which can be used to assign various requests from your browser to the shared session. This allows your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

c) Persistent cookies are automatically deleted after a specified period of time, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.

d) We use cookies that are technically necessary and that make your visit to our website possible in the first place. If we use cookies that are not technically necessary, we will obtain your consent for this.

e) When using cookies that are technically necessary for the display and necessary functions of our website, the legal basis is Section 25 (2) TDDDG and Art. 6 (1) (f) GDPR (legitimate interest). If we do not use cookies that are technically necessary for the display and necessary functions of our website, we will obtain your consent. The legal basis for the use of these cookies is Section 25 (1) sentence 1 TDDDG and Art. 6 (1) sentence 1 lit. a GDPR.

f) You can give any necessary consent in our Consent Manager when you first visit our website and then manage it at any time under Data Protection.

g) Cookie Consent Manager System
We use a Cookie Consent Manager tool on our website to inform you about the technologies we use on our website and to obtain, manage and document your consent to the processing of your personal data by these technologies.

This is necessary in accordance with Art. 6 (1) (c) GDPR in conjunction with Art. 7 (1) GDPR in order to fulfil our legal obligation to be able to prove your consent to the processing of your personal data. The service provider is Complianz BV.

Data security

The personal data we collect and store is treated confidentially and protected against loss, alteration and unauthorised access by third parties through appropriate technical and organisational measures. Your personal data is encrypted when transmitted over the internet. We use SSL (Secure Socket Layer) encryption for data transmission.

Automated decisions, profiling

We do not carry out any automated decisions (including profiling) with the personal data we collect when you visit our website.

External hosting

This website is hosted by an external service provider (host). The personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact enquiries, meta and communication data, contract data, contact details, names, website accesses and other data generated via a website.

The hoster is used for the purpose of fulfilling contracts with our potential and existing customers (Art. 6(1)(b) GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6(1)(f) GDPR). If consent has been requested, processing is carried out exclusively on the basis of Art. 6 (1) lit. a GDPR and § 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Our host will only process your data to the extent necessary to fulfil its service obligations and will follow our instructions regarding this data.

We use the following host:

Mittwald CM Service GmbH & Co.KG
Königsberger Str. 4-6
32339 Espelkamp

Additional functions and offers on our website

a) In addition to the purely informational use of our website, we offer various services that you can use if you are interested. To do so, you will generally need to provide additional personal data, which we will use to provide the respective service and to which the aforementioned principles for data processing apply.

b) In some cases, we use external service providers to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored.

c) Furthermore, we may pass on your personal data to third parties if we offer promotions, competitions, contract conclusions or similar services together with partners. You will receive more detailed information on this when you provide your personal data or in the description of the offer below.

d) If our service providers or partners are based in a country outside the European Economic Area (EEA), we will inform you of the consequences of this in the description of the offer.

Objection or revocation of the processing of your data

a) If you have given your consent to the processing of your data, you can revoke this at any time. Such revocation affects the permissibility of the processing of your personal data after you have notified us of it.

Insofar as we base the processing of your personal data on the balancing of interests, you may object to the processing. This is the case if the processing is not necessary to fulfil a contract with you, which is explained in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data as we have done. In the event of your justified objection, we will examine the situation and either stop or adjust the data processing or point out to you our compelling legitimate grounds on the basis of which we will continue the processing. Of course, you can object to the processing of your personal data for advertising and data analysis purposes at any time. You can inform us of your objection to advertising at the following contact details:
By post to O.E.M. Tec GmbH
Münchener Straße 17, D-06796 Sandersdorf-Brehna, Telephone: +49 34954 24890, Email: info@oem-tec.com.

Contact via email, contact form

a) When you contact us by email or via a contact form, the data you provide and the resulting personal data (e.g. name, enquiry, email address, telephone number) will be stored by us for the purpose of processing your enquiry and in the event of follow-up questions. We will not pass this data on to third parties without your consent.

b) The data you send us via contact enquiries will remain with us until you request us to delete it, revoke your consent to its storage or the purpose for data storage no longer applies (e.g. after your enquiry has been processed). Mandatory legal provisions – in particular statutory retention periods – remain unaffected.

c) This data is processed on the basis of Art. 6(1)(b) GDPR, provided that your enquiry is related to the performance of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, processing is based on our legitimate interest in the effective processing of enquiries addressed to us (Art. 6(1)(f) GDPR) or on your consent (Art. 6(1)(a) GDPR), if this has been requested.

Integration of YouTube videos

a) We have integrated YouTube videos into our online offering, which are stored on http://www.YouTube.com and can be played directly from our website. These are all integrated in ‘extended data protection mode’, i.e. no data about you as a user is transferred to YouTube if you do not play the videos. Only when you play the videos will the data mentioned under b) be transferred. We have no influence on this data transfer.

b) To ensure data protection on this website, YouTube is deactivated when you first visit this website. A direct connection to YouTube’s servers is only established when you activate YouTube yourself (consent in accordance with Art. 6 (1) (a) GDPR and § 25 (1) (1) TDDDG). This prevents your data from being transferred to YouTube when you first visit the site.

c) After activation, YouTube receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned in section V of this declaration is transmitted. This occurs regardless of whether YouTube provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly associated with your account. If you do not want your profile to be associated with YouTube, you must log out before activating the button. YouTube stores your data as usage profiles and uses them for advertising, market research and/or the needs-based design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to provide demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact YouTube to exercise this right. Further information on the purpose and scope of data collection and its processing by YouTube can be found in the privacy policy. There you will also find further information on your rights and settings options for protecting your privacy: https://www.google.de/intl/de/policies/privacy. For cases in which personal data is transferred to the United States, Google has submitted to the EU-U.S. Data Privacy Framework, https://www.dataprivacyframework.gov/s/

Data processing for job applications

When you apply for a job with us, we process the information we receive from you during the application process, e.g. through your application letter, CV, references, correspondence, telephone or verbal information. In addition to your contact details, we are particularly interested in information about your education, qualifications, work experience and skills. We will only assess you based on your suitability for the position in question, so you do not need to send us a photo.

Your data will initially be processed solely for the purpose of carrying out the application process. If your application is successful, it will become part of your personnel file and will be used for the purpose of implementing and terminating the employment relationship and will be deleted in accordance with the regulations applicable to personnel files. If we are unable to offer you employment at this time, we will continue to process your data for up to six months after sending the rejection letter in order to defend ourselves against any legal claims, in particular those relating to alleged discrimination in the application process. If you receive expense reimbursements or other tax-related transactions, the corresponding accounting documents will be retained in accordance with the applicable retention requirements in order to comply with budgetary and tax law retention obligations. Your data will initially be accessible to our Human Resources and Recruiting departments, as well as the department for the position you applied for and, if necessary, the Accounting department. Our administrators and processors have the technical ability to access data processed by IT systems. They are strictly bound by our instructions and may not process the data for their own purposes. In certain cases, we may need to disclose your personal data to third parties, such as our bank if you receive a reimbursement or the postal service if we communicate with you by letter.

The legal basis for data processing in the application process and as part of the personnel file is Section 26 (1) sentence 1 BDSG and Article 6 (1) lit b GDPR and, if you have given your consent, for example by sending information that is not necessary for the application process, Article 6 (1) lit a GDPR. The legal basis for data processing after rejection is Art. 6 (1) (f) GDPR. The legal basis for storage for budgetary and tax purposes is Art. 6 (1) (c) GDPR in conjunction with Section 147 of the German Fiscal Code (AO). The legitimate interest in processing on the basis of Art. 6 (1) (f) GDPR is the defence against legal claims.

We do not generally require any special categories of personal data within the meaning of Art. 9 GDPR for the application process. We ask that you do not send us any such information in advance. If, in exceptional cases, such information is relevant to the application process, we will process it together with your other application data. This may, for example, concern information about a severe disability, which you can provide to us voluntarily and which we then have to process in order to fulfil our special obligations with regard to severely disabled persons. In these cases, the processing serves to exercise rights or fulfil legal obligations under labour law, social security law and social protection law. The legal basis for data processing is then Art. 9 (2) lit. b GDPR, Sections 26 (3) BDSG, 164 SGB IX. In exceptional cases, it may be necessary to obtain information about your health or disability or information from the Federal Central Register, i.e. about previous convictions, in order to assess your suitability for the intended position. The legal basis for this is Section 26 BDSG. Your data will not be used by us for automated decision-making or profiling. Your data will be processed by us or on our behalf exclusively in Germany.

Data processing by social networks

We maintain publicly accessible profiles on social networks. The specific social networks we use are listed below.

Social networks such as Facebook etc. can usually analyse your user behaviour comprehensively when you visit their website or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media sites triggers numerous data processing operations that are relevant to data protection. Specifically:

If you are logged into your social media account and visit our social media site, the operator of the social media portal can assign this visit to your user account. However, your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In this case, this data collection is carried out, for example, via cookies stored on your device or by recording your IP address.

With the help of the data collected in this way, the operators of social media portals can create user profiles that store your preferences and interests. In this way, interest-based advertising can be displayed to you both within and outside the respective social media presence. If you have an account with the respective social network, interest-based advertising can be displayed on all devices on which you are or were logged in.

Please also note that we cannot track all processing operations on social media portals. Depending on the provider, further processing operations may therefore be carried out by the operators of social media portals. For details, please refer to the terms of use and privacy policies of the respective social media portals.

Legal basis
Our social media presence is intended to ensure the most comprehensive presence possible on the internet. This is a legitimate interest within the meaning of Art. 6(1)(f) GDPR. The analysis processes initiated by the social networks may be based on different legal bases, which must be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6 para. 1 lit. a GDPR).

Responsible party and assertion of rights
When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. You can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that, despite our joint responsibility with the social media portal operators, we do not have full control over the data processing operations of the social media portals. Our options are largely determined by the corporate policy of the respective provider.

Storage period
The data collected directly by us via our social media presence will be deleted from our systems as soon as the purpose for its storage no longer applies, you request us to delete it, you revoke your consent to its storage, or the purpose for data storage no longer applies. Stored cookies remain on your device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data stored by the operators of social networks for their own purposes. For details, please contact the operators of the social networks directly (e.g. in their privacy policy, see below).

Social networks in detail:

Facebook
We have a profile on Facebook. The provider is Meta Platforms Inc., 1 Hacker Way, Menlo Park, California 94025, USA. We have entered into a joint processing agreement (Controller Addendum) with Facebook. This agreement specifies which data processing operations we and Facebook are responsible for when you visit our Facebook page. You can view this agreement at the following link: https://www.facebook.com/legal/terms/page_controller_addendum. You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads. For more information, please refer to Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

Instagram
We have a profile on Instagram. The social network Instagram is operated by Meta Platforms Ireland Limited. Details on how they handle your personal data can be found in Instagram’s privacy policy: https://help.instagram.com/581066165581870

LinkedIn
We have a profile on LinkedIn. The social network LinkedIn is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. For details on how they handle your personal data, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy

YouTube
We have a profile on YouTube. The video portal YouTube is operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. For details on how they handle your personal data, please refer to YouTube’s privacy policy: https://policies.google.com/privacy?hl=de