Privacy policy

Data Protection Policy

As Oaklins Germany AG, ABC-Straße 35, 20354, Hamburg, Germany, we appreciate your interest in our company. We take the protection of your personal data and its confidential treatment very seriously. Your personal data is processed exclusively within the framework of the statutory provisions of the data protection law of the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the other applicable regulations.

With this data protection policy, we are informing you about the processing of your personal data on our website https://www.oaklins.com/de, its subpages and about your rights under the GDPR.

1. Which personal data do we collect?

1.1

In the following, we are informing you about the collection of personal data when you use our website. Personal data is every data that can be related to you as a person, e.g. name, address, email addresses, user behaviour. In doing so, we would like to inform you about our processing procedures and at the same time fulfil our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

1.2

Responsible for data protection pursuant to Art. 4 (7) GDPR is Oaklins Germany AG, ABC-Straße 35, 20354, Hamburg, Germany (see our legal notice).

1.3

You can contact our data protection officer at datenschutz@de.oaklins.com or at our postal address with the addition “Data Protection Officer”.

1.4

When you contact us by e-mail, via the contact enquiry or via another contact form, the data you provide (your e-mail address, your name, company name and telephone number, if applicable) will be stored by us in order to answer your questions or process your enquiry. We delete the data arising in this context after storage is no longer required for the purpose described or restrict processing if there are statutory retention obligations.

1.5

In case we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

1.6

SSL encryption – To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

2. Which rights do you have to protect your personal data?

You have the following rights towards the entity responsible for data protection with regard to your personal data:

– right to information,
– right to correction or deletion,
– right to restriction of processing,
– right to objection to processing,
– right to data portability.

2.1

You also have the right to complain to a supervisory authority for data protection about the processing of your personal data by us:

The Hamburg Officer for
Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany
mailbox(at)datenschutz.hamburg.de

3. Which personal data do we collect when you visit our website?

When you use the website solely for information purposes, i.e. simply view it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and therefore needs to be processed by us. The legal basis is Art. 6 (1) (f) GDPR:

– IP address,
– date and time of the request,
– time zone difference to GMT,
– content of the request (page visited),
– access status/HTTP status code,
– amount of data transferred,
– previously visited page,
– browser,
– operating system,
– language and version of the browser software.

4. Objection to or revocation of the processing of your data

If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have voiced your objection. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

4.1

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case in particular, if the processing is not necessary for the fulfilment of a contract with you. When exercising such an objection, we ask you to explain the reasons. In the case of an objection, we will analyze the situation and will either stop or adapt the data processing or show you our compelling reasons worthy of protection. 

4.2

Naturally, you can object to the processing of your personal data for advertising and data analysis purposes at any time.

5. External hosting by AWS / Amazon Cloud Front, server location The Netherlands

We host our website at Amazon Europe Core S.à r.l., 38 avenue John F. Kennedy, L-1855 Luxembourg,  (registered with RCS Luxembourg; registration number: B-180022; for details, please refer to the data protection policy of AWS: https://aws.amazon.com/privacy/?nc1=h_ls.

The use of AWS is based on Art. 6 (1) (f) GDPR. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG,  insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) as per TTDPA. Consent can be revoked at any time.

We have concluded a data processing agreement (DPA). The information collected may be stored on the provider’s servers, in the case of international providers outside of Europe as well. The provider is certified in accordance with the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

6. Processing of data from your terminals

6.1

In addition to the data mentioned above, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your terminal. When you access our website and at any time later, you have the choice of whether you generally allow cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical perspective (6.2) before going into more detail about your individual choices by describing technically necessary cookies (6.3) and cookies that you can voluntarily select or deselect (6.4).

6.2

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the organization that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make internet offers faster and more user-friendly. This website uses the following types of cookies, the function of which and their legal basis are explained below:

– Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or when you log out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the same session and your computer can be recognized when you return to our website.

– Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies and their duration at any time in your browser settings and delete the cookies manually.

– Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. As a result, we can also use the technologies described below. Here, too, you can of course consent or object.

6.3 Mandatory functions that are technically necessary to display the website:

The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely and correctly) or the support functions cannot be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The legal basis for this processing is Art. 6 (1) (f) GDPR.

6.4 Optional cookies if you have given your consent:

We only set specific cookies after you have given your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve the visits to our website, to make it easier for you to use our website via different browsers or terminals, to recognize you when you visit us again or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. You can withdraw your consent at any time without this affecting the lawfulness of the processing based on your consent before its withdrawal. The functions we use, which you can select and revoke again individually via the Consent Manager, are described below.

7. Further functions and offers of our website / External services

In addition to the purely informational use of our website, we offer various additional services which you can use if you are interested or which optimize the use of our websites. To do so, you must generally provide additional personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) in compliance with TDDDG. Consent can be revoked at any time. 

We have concluded a data processing agreement (DPA) with each of the providers mentioned.

7.1

We sometimes use external service providers and co-operation partners to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If we receive customer data via our co-operation partners for the purpose of initiating a contract, the conditions of this data protection policy apply to the processing of the data in the same manner as described above.

7.2

We use the personal data provided by you exclusively insofar as this is necessary for proper compilation and for the establishment, execution and termination of a quasi-legal or legal contractual obligation with you. This also includes the forwarding of personal data to co-operation partners and authorities.

7.3 Consent with Complianz / GDPR cookie consent

This website uses the consent technology of Complianz BV, Kalmarweg 14-5, 9723 JG, Groningen (NL), to obtain your consent to the storage of certain cookies on your terminal or to the use of certain technologies and to document these pursuant to data protection regulations. 

When you visit our website, the following personal data is transferred to Complianz: 

• your consent(s) or the revocation of your consent(s),
• your IP address,
• information on your browser,
• information on your terminal,
• the time of your visit to the website.

7.4

Furthermore, Complianz B.V. stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way will be stored until you ask us to delete it, you delete the cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Complianz is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Art. 6 (1) (f) GDPR. 

We have concluded an order processing contract with Complianz BV. This is a contract prescribed by data protection law, which guarantees that Complianz only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

8. Web Analysis

8.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. By this, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the respective terminal of the user. It is not assigned to a device ID.

In addition, we can use Google Analytics to record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the data set and uses machine learning technologies to analyse the data. Google Analytics uses technologies that enable recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time.

Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can find more information on the handling of user data by Google Analytics in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en&sjid=12905573755247679450-EU.

The provider is certified in accordance with the EU-U.S. Data Privacy Framework.

8.2 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool with the help of which we can integrate tracking tools or statistical tools and other technologies into our website. The Google Tag Manager itself does not create any user profiles, does not store cookies and does not carry out any independent analyses. It only serves to manage and export the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6 (1) (f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG.  The consent can be revoked at any time.

8.3 Microsoft Dynamics 365 Customer Insights (Web Tracking) 

We use the web tracking function of Microsoft Dynamics 365 Customer Insights on our website. The provider is Microsoft Ireland Operations Limited, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, Ireland.

Web tracking enables us to analyze user behavior on our website in order to optimize our marketing and sales activities. Unlike pure analysis services, the data obtained (e.g. pages visited, clicks, length of stay) is linked to your existing customer profile in our CRM system, provided you have such a profile (e.g. through a previous contact request). This serves personalized communication and so-called lead scoring. 

The use of this service is based exclusively on your express consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. 

You can withdraw your consent at any time via our Consent Manager. Data transfer to the USA is based on the standard contractual clauses of the EU Commission and Microsoft’s certification under the EU-U.S. Data Privacy Framework (Art. 45 GDPR).

8.4 Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter ‘DoubleClick’). DoubleClick is used to show you interest-based adverts throughout the Google advertising network. With the help of DoubleClick, the adverts can be targeted to the interests of the respective viewer. For example, our adverts can be displayed in Google search results or in advertising banners that are linked to DoubleClick. In order to be able to display interest-based advertising to users, DoubleClick must recognize the respective viewer and be able to assign the websites visited, clicks and other information to the user behavior. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is put together in a pseudonymous user profile in order to display interest-based advertising to the user concerned. The use of this service is based on your consent in accordance with Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time. Further information on how to object to the advertisements displayed by Google can be found at: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

8.5 Google Web Fonts

This website uses so-called web fonts provided by Google for the standardized display of fonts. When you access a page, your browser downloads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. Through this, Google learns that this website has been accessed via your IP address. The data processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG; consent can be revoked at any time. If your browser does not support certain web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the privacy policy of Google: https://policies.google.com/privacy?hl=en

8.6 Google Web Fonts (local hosting)

This site uses so-called web fonts for the standardized display of fonts, which are provided by Google. The Google fonts are installed locally. A connection to the Google servers does not take place. Further information about Google Web Fonts can be found at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

8.7 Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of standardizing the display of fonts. When you call up Google Maps, your browser downloads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest in compliance with Art. 6 (1) (f) GDPR. Insofar as corresponding consent has been given, the processing is carried out exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found at: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

8.8 Google Photos

We use the online service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images that are embedded on our website. Embedding is the integration of specific third-party content (text, video or image data) that is provided by another website (Google Photos) and then appears on our internet presence (our website). A so-called embed code is used for the embedding. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our websites is visited.

Via the technical implementation of the embed code, which enables the display of images from Google Photos, your IP address is transmitted to Google Photos. Furthermore, Google Photos records our website, the type of browser used, the browser language, the time and length of access. In addition, Google Photos may collect information about which of our subpages you have visited and which links you have clicked on, as well as other interactions you have carried out when visiting our site. Google Photos may store and analyze this data.

These processing operations are only carried out with your explicit consent in accordance with Art. 6 (1) (a) GDPR. You can view Google’s privacy policy at: https://policies.google.com/privacy?hl=en.

9. Social Media & other services

9.1 YouTube / YouTube Images

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server will be informed which of our pages you have visited.

Furthermore, YouTube can store various cookies on your terminal or use comparable technologies to recognize you (e.g. device fingerprinting). In this way YouTube can obtain information about visitors to this website. Among other things, this information is used to record video statistics, improve user-friendliness and prevent attempts at fraud.

If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an attractive presentation of our online offers (Art. 6 (1) (f) GDPR) or, if requested, on your consent (Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG). 

Further information can be found at: https://policies.google.com/privacy?hl=en. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.

9.2 Integration of Vimeo videos

(1) We use plugins from the provider Vimeo on our website, which are only loaded if you have previously activated the function with your consent. We offer you the opportunity to interact with social networks and other users via the plug-ins. Insofar as a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG, provided that the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

(2) The plug-in provider stores the data collected about you as usage profiles and uses these for the purposes of advertising, market research and/or the demand-oriented design of its website. Such an evaluation is carried out in particular (also for users who are not logged in) to display demand-oriented advertising and to inform other users of the social network about your activities on our website. You have a right to object to the creation of these user profiles; to exercise this right, you must contact the respective plug-in provider. Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent the visit from being assigned to your profile with the plug-in provider.

(3) The information collected is stored on the providers’ servers, and in the case of international providers, also outside of Europe. In these cases, the provider has, according to its own information, imposed a standard that corresponds to the latest valid standard and has promised to comply with applicable data protection laws during international data transfer. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to maintain an adequate level of data protection in the third country.

(4) You can withdraw your consent at any time without this affecting the lawfulness of the processing up to the point of withdrawal. The easiest way to withdraw your consent is via our Consent Manager or via the functions of the social media provider.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policies listed below. There you will also find further information on your rights in this regard and setting options to protect your privacy. Vimeo is operated by 

Vimeo.com, Inc, 330 West 34th Street, 5th Floor, New York, New York 10001, USA. Email: legal@vimeo.com. Privacy policy: https://vimeo.com/privacy.

9.3 LinkedIn Insight Tag / LinkedIn Ads / LinkedIn Analytics

(1) Furthermore, the website uses the so-called LinkedIn Insight Tag (or LinkedIn Pixel) of LinkedIn Ireland Unlimited Company (“LinkedIn”). By integrating this JavaScript tag, we can display interest-based and relevant advertisements (“Ads”) to you as a user of our website when you visit the social network LinkedIn or other websites that also use the same process, and we receive statistics about website visitors and demographics. Furthermore, we can evaluate your use of our LinkedIn advertising and the interest in our offers using a conversion tracking function and display LinkedIn advertisements to you on other websites via retargeting. In doing so, we pursue the interest of improving the effectiveness of LinkedIn advertisements and making our website more interesting for you.

(2) By integrating the LinkedIn Insight Tag, your browser automatically establishes a direct connection with the LinkedIn server, both when you visit the LinkedIn website and when you visit websites that have integrated the LinkedIn Insight Tag. For the collection of your usage data when you visit our website and the transmission to the provider, LinkedIn and we are jointly responsible, but LinkedIn is solely responsible for the actual processing to carry out the described objectives after the data has been transmitted. We have no influence on the scope and type of use of the data by LinkedIn; we therefore inform you according to our level of knowledge: By integrating the LinkedIn Insight Tag, LinkedIn receives information that you have accessed the corresponding website of our online presence or have clicked on an advertisement from us. 

By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have accessed the corresponding website of our Internet presence or have clicked on one of our adverts. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, it is possible for the provider to obtain your IP address, time windows, and other identification features and link them to the actions assigned to you.

(3) The deactivation of the LinkedIn Insight tag and other advertising objections are possible in the settings for advertisements at www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en and additionally at www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further setting options and information can be found in the LinkedIn Privacy Center: https://privacy.linkedin.com/en-us?lr=1/.

(4) The legal basis for the processing of your data is Art. 6 (1) (a) GDPR, i.e., the integration only takes place with your consent. You can withdraw your consent at any time, most easily via our Cookie Manager. Insofar as a corresponding consent has been requested, the processing takes place exclusively on the basis of Art. 6 (1) (a) GDPR and Section 25 (1) TDDDG. Consent can be revoked at any time. 

The information collected is stored on the provider’s servers, and in the case of international providers, also outside of Europe. The provider is certified in accordance with the EU-U.S. Data Privacy Framework.

(5) Further information on data processing by LinkedIn can be obtained from the provider, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. Privacy information: https://www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy/.

10. Data protection and third-party websites

This website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you transmit personal data to these websites.

11. No automated decision-making

The provider does not carry out any automated decision-making within the meaning of Art. 22 (1) GDPR that has a legal effect on the user or significantly restricts the user in a similar way. Insofar as analysis technologies (e.g. lead scoring via Microsoft Dynamics) are used, these serve solely as internal sales support to help our staff evaluate potential business interests and prioritize customer interactions. These processes do not have a legal external effect for the data subject and do not constitute a final decision-making process without human intervention.

12. Changes to this Data Protection Policy

We reserve the right to amend this Data Protection Policy at any time with effect for the future. A current version is always available on the website. Please visit the website regularly to inform yourself about the applicable data protection provisions.

Oaklins Germany AG, January 2026