Privacy policy

Data Protection Policy

As Oaklins Germany AG, ABC-Straße 35, 20354, Hamburg, Germany, we appreciate your interest in our company. We take the protection of your personal data and its confidential treatment very seriously. Your personal data is processed exclusively within the framework of the statutory provisions of the data protection law of the European Union, in particular the General Data Protection Regulation (hereinafter “GDPR”) and the other applicable regulations.

With this data protection policy, we are informing you about the processing of your personal data on our website https://www.oaklins.com/de, its subpages and about your rights under the GDPR.

1. Which personal data do we collect?

1.1

In the following, we are informing you about the collection of personal data when you use our website. Personal data is every data that can be related to you as a person, e.g. name, address, email addresses, user behaviour. In doing so, we would like to inform you about our processing procedures and at the same time fulfil our legal obligations, in particular those arising from the EU General Data Protection Regulation (GDPR).

1.2

Responsible for data protection pursuant to Section 4 (7) of the EU General Data Protection Regulation (GDPR) is Oaklins Germany AG, ABC-Straße 35, 20354, Hamburg, Germany (see our legal notice).

1.3

You can contact our data protection officer at datenschutz@de.oaklins.com or at our postal address with the addition “Data Protection Officer”.

1.4

When you contact us by e-mail, via the contact enquiry or via another contact form, as well as via third-party providers, the data you provide (your e-mail address, your name, company name and telephone number, if applicable) will be stored by us in order to answer your questions or process your enquiry. We delete the data arising in this context after storage is no longer required for the purpose described or restrict processing if there are statutory retention obligations.

1.5

In case we use contracted service providers for individual functions of our offer or wish to use your data for advertising purposes, we will always carefully select and monitor these service providers and inform you in detail below about the respective processes. We will also state the specified criteria for the storage period.

1.6

SSL encryption – To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS.

2. Which rights do you have to protect your personal data?

You have the following rights towards the entity responsible for data protection with regard to your personal data:

– right to information,
– right to correction or deletion,
– right to restriction of processing,
– right to objection to processing,
– right to data portability.

2.1

You also have the right to complain to a supervisory authority for data protection about the processing of your personal data by us:

The Hamburg Officer for
Data Protection and Freedom of Information
Ludwig-Erhard-Str. 22
20459 Hamburg
Germany
mailbox(at)datenschutz.hamburg.de

3. Which personal data do we collect when you visit our website?

When you use the website solely for information purposes, i.e. simply view it without registering and without providing us with any other information, we process the personal data that your browser transmits to our server. The data described below is technically necessary for us to display our website to you and to ensure stability and security and therefore needs to be processed by us. The legal basis is Section 6 (1) (1) (f) GDPR:

– IP address
– date and time of the request
– time zone difference to Greenwich Mean Time (GMT)
– content of the request (page visited)
– access status/HTTP status code
– amount of data transferred in each case
– previously visited page
– browser
– operating system
– language and version of the browser software.

4. Objection to or revocation of the processing of your data

If you have given your consent to the processing of your data, you can withdraw this at any time. Such a revocation affects the permissibility of the processing of your personal data after you have voiced your objection. The permissibility of the processing of your data up to the time of your revocation remains unaffected.

4.1

Insofar as we base the processing of your personal data on the balancing of interests, you can object to the processing. This is the case in particular, if the processing is not necessary for the fulfilment of a contract with you, which we refer to in the following description of the functions. When exercising such an objection, we ask you to explain the reasons why we should not process your personal data in the way we do. In the case of an objection, we will analyze the situation and will either stop or adapt the data processing or show you our compelling reasons worthy of protection on the basis of which we will continue the processing.

4.2

Naturally, you can object to the processing of your personal data for advertising and data analysis purposes at any time. The best way to object to advertising is to contact us using the contact details given above.

5. External hosting by AWS / Amazon Cloud Front, server location The Netherlands

We host our website at Amazon Europe Core S.à r.l. (technical operation of the website aboutamazon.de): Amazon Europe Core S.à r.l. (Société à responsabilité limitée), 38 avenue John F. Kennedy, L-1855 Luxembourg (registered with RCS Luxembourg; registration number: B-180022; for details, please refer to the data protection policy of AWS: https://aws.amazon.com/privacy/?nc1=h_ls.

The use of AWS is based on Section 6 (1) (f) GDPR. We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information on the user’s terminal device (e.g. device fingerprinting) as per TTDPA. Consent can be revoked at any time.

We have concluded an agreement on a processing contract (DPA) with the above-mentioned provider. The information collected may be stored on the provider’s servers, in the case of international providers outside of Europe as well. The provider is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore subject to the corresponding Adequacy Decision of the EU as per Section 45 GDPR.

6. Processing of data from your terminals

6.1

In addition to the data mentioned above, we use technical aids for various functions when you use our website, in particular cookies, which can be stored on your terminal. When you access our website and at any time later, you have the choice of whether you generally allow cookies or which individual additional functions you would like to select. You can make changes in your browser settings or via our Consent Manager. In the following, we first describe cookies from a technical perspective (6.2) before going into more detail about your individual choices by describing technically necessary cookies (6.3) and cookies that you can voluntarily select or deselect (6.4).

6.2

Cookies are text files or information in a database that are stored on your hard drive and assigned to the browser you are using so that certain information can flow to the organization that sets the cookie. Cookies cannot execute programs or transfer viruses to your computer, but are primarily used to make internet offers faster and more user-friendly. This website uses the following types of cookies, the function of which and their legal basis are explained below:

– Transient cookies: Such cookies, especially session cookies, are automatically deleted when the browser is closed or when you log out. They contain a so-called session ID. This allows various requests from your browser to be assigned to the same session and your computer can be recognized when you return to our website.

– Persistent cookies: These are automatically deleted after a specified period, which varies depending on the cookie. You can view the cookies and their duration at any time in your browser settings and delete the cookies manually.

– Other technologies: These functions are not based on cookies, but on similar technical mechanisms, such as Flash cookies, HTML5 objects or an analysis of your browser settings. As a result, we can also use the technologies described below. Here, too, you can of course consent or object.

6.3 Mandatory functions that are technically necessary to display the website:

The technical structure of the website requires us to use technologies, in particular cookies. Without these technologies, our website cannot be displayed (completely and correctly) or the support functions cannot not be enabled. These are basically transient cookies that are deleted at the end of your visit to the website, at the latest when you close your browser. You cannot deselect these cookies if you wish to use our website. The legal basis for this processing is Section 6 (1) (1) (f) GDPR.

6.4 Optional cookies if you have given your consent:

We only set specific cookies after you have given your consent, which you can select on your first visit to our website via the so-called cookie consent tool. The functions are only activated if you give your consent and can be used in particular to enable us to analyze and improve the visits to our website, to make it easier for you to use our website via different browsers or terminals, to recognize you when you visit us again or to place advertising (possibly also to tailor advertising to your interests, measure the effectiveness of advertisements or show interest-based advertising). The legal basis for this processing is Section 6 (1) (1) (a) GDPR and Section 25 (1) TTDPA. You can withdraw your consent at any time without this affecting the lawfulness of the processing based on your consent before its withdrawal.

The functions we use, which you can select and revoke again individually via the Consent Manager, are described below.

7. Further functions and offers of our website / External services

In addition to the purely informational use of our website, we offer various additional services which you can use if you are interested or which optimize the use of our websites. To do so, you must generally provide additional personal data that we use to provide the respective service and for which the aforementioned data processing principles apply.

We have a legitimate interest in displaying our website as reliably as possible. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) in compliance with TTDPA. Consent can be revoked at any time.

We have concluded a data processing agreement (DPA) with each of the providers mentioned.

7.1

We sometimes use external service providers and co-operation partners to process your data. These have been carefully selected and commissioned by us, are bound by our instructions and are regularly monitored. If we receive customer data via our co-operation partners for the purpose of initiating a contract, the conditions of this data protection policy apply to the processing of the data in the same manner as described above.

7.2

We use the personal data provided by you exclusively insofar as this is necessary for proper compilation and for the establishment, execution and termination of a quasi-legal or legal contractual obligation with you. This also includes the forwarding of personal data to co-operation partners and authorities.

7.3 Consent with Complianz / GDPR cookie consent

This website uses the consent technology of Complianz BV, CoC 717814475, Kalmarweg 14-5

9723 JG, Groningen (NL), to obtain your consent to the storage of certain cookies on your terminal or to the use of certain technologies and to document these pursuant to data protection regulations.

When you visit our website, the following personal data is transferred to Complianz:

• your consent(s) or the revocation of your consent(s), your IP address
• information on your browser
• information on your terminal
• the time of your visit to the website

7.4

Furthermore, Complianz B.V. stores a cookie in your browser in order to be able to assign the consents given or their revocation to you. The data collected in this way will be stored until you ask us to delete it, you delete the cookie yourself or the purpose for data storage no longer applies. Mandatory statutory retention obligations remain unaffected.

Complianz is used to obtain the legally required consent for the use of certain technologies. The legal basis for this is Section 6 (1) (f) GDPR.

Order processing

We have concluded an order processing contract with Complianz BV. This is a contract prescribed by data protection law, which guarantees that Complianz only processes the personal data of our website visitors in accordance with our instructions and in compliance with the GDPR.

8. Web Analysis

8.1 Google Analytics

This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables the website operator to analyse the behaviour of website visitors. By this, the website operator receives various usage data, such as page views, length of visit, operating systems used and origin of the user. This data is assigned to the respective terminal of the user. It is not assigned to a device ID.

In addition, we can use Google Analytics to record your mouse and scroll movements and clicks. Google Analytics also uses various modelling approaches to supplement the data set and uses machine learning technologies to analyse the data. Google Analytics uses technologies that enable recognition of the user for the purpose of analysing user behaviour (e.g. cookies or device fingerprinting). The information collected by Google about the use of this website is generally transmitted to a Google server in the USA and stored there.

The use of this service is based on your consent in accordance with Section 6 (1) (a) GDPR and Section 25 (1) TTDPA. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. The provider is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore subject to the corresponding Adequacy Decision of the EU pursuant to Section 45 GDPR.

Details can be found here: https://privacy.google.com/businesses/controllerterms/mccs/.

Browser plugin

You can prevent the collection and processing of your data by Google by downloading and installing the browser plugin available at the following link: https://tools.google.com/dlpage/gaoptout?hl=en.

You can find more information on the handling of user data by Google Analytics in Google’s privacy policy: https://support.google.com/analytics/answer/6004245?hl=en&sjid=12905573755247679450-EU.

8.2 Google Tag Manager

We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

The Google Tag Manager is a tool with the help of which we can integrate tracking tools or statistical tools and other technologies into our website. The Google Tag Manager itself does not create any user profiles, does not store cookies and does not carry out any independent analyses. It only serves to manage and export the tools integrated via it. However, the Google Tag Manager records your IP address, which may also be transmitted to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Section 6 (1) (f) GDPR. The website operator has a legitimate interest in the fast and uncomplicated integration and management of various tools on its website. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information on the user’s terminal (e.g. device fingerprinting) in compliance with TTDPA. The consent can be revoked at any time.

8.3 Google DoubleClick

This website uses functions of Google DoubleClick. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland, (hereinafter ‘DoubleClick’).

DoubleClick is used to show you interest-based adverts throughout the Google advertising network. With the help of DoubleClick, the adverts can be targeted to the interests of the respective viewer. For example, our adverts can be displayed in Google search results or in advertising banners that are linked to DoubleClick.

In order to be able to display interest-based advertising to users, DoubleClick must recognize the respective viewer and be able to assign the websites visited, clicks and other information to the user behavior. For this purpose, DoubleClick uses cookies or comparable recognition technologies (e.g. device fingerprinting). The information collected is put together in a pseudonymous user profile in order to display interest-based advertising to the user concerned.

The use of this service is based on your consent in accordance with Section 6 (1) (a) GDPR and Section 25 (1) TTDPA. Consent can be revoked at any time.

For further information on how to object to the advertisements displayed by Google can be found at the following links: https://policies.google.com/technologies/ads and https://adssettings.google.com/authenticated.

8.4 Google Web Fonts

This website uses so-called web fonts provided by Google for the standardized display of fonts. When you access a page, your browser downloads the required web fonts into your browser cache in order to display texts and fonts correctly. For this purpose, the browser you are using must connect to Google’s servers. Through this, Google learns that this website has been accessed via your IP address. The data processing takes place exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA; consent can be revoked at any time. If your browser does not support certain web fonts, a standard font from your computer will be used. Further information on Google Web Fonts can be found at https://developers.google.com/fonts/faq and in the privacy policy of Google: https://policies.google.com/privacy?hl=en

8.5 Google Web Fonts (local hosting)

This site uses so-called web fonts for the standardized display of fonts, which are provided by Google. The Google fonts are installed locally. A connection to the Google servers does not take place.

You can find more information about Google Web Fonts at https://developers.google.com/fonts/faq and in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

8.6 Google Maps

This website uses the map service Google Maps. The provider is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transfer. If Google Maps is activated, Google may use Google Web Fonts for the purpose of standardizing the display of fonts. When you call up Google Maps, your browser downloads the required web fonts into your browser cache in order to display texts and fonts correctly.

The use of Google Maps is in the interest of an attractive presentation of our online offers and to make it easy to find the places we indicate on the website. This constitutes a legitimate interest in compliance with Section 6 (1) (f) GDPR. Insofar as corresponding consent has been given, the processing is carried out exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information in the user’s terminal (e.g. device fingerprinting) in compliance with TTDPA. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission.

Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ and https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.

You can find more information on the handling of user data in Google’s privacy policy: https://policies.google.com/privacy?hl=en.

8.7 Google Photos

We use the online service of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, to store images that are embedded on our website.

Embedding is the integration of specific third-party content (text, video or image data) that is provided by another website (Google Photos) and then appears on our internet presence (our website). A so-called embed code is used for the embedding. If we have integrated an embed code, the external content from Google Photos is displayed immediately by default as soon as one of our websites is visited.

Via the technical implementation of the embed code, which enables the display of images from Google Photos, your IP address is transmitted to Google Photos. Furthermore, Google Photos records our website, the type of browser used, the browser language, the time and length of access. In addition, Google Photos may collect information about which of our subpages you have visited and which links you have clicked on, as well as other interactions you have carried out when visiting our site. Google Photos may store and analyze this data.

These processing operations are only carried out with your explicit consent in accordance with Section 6 (1) (a) GDPR.

You can view Google’s privacy policy at: https://policies.google.com/privacy?hl=en.

9. Social Media & other services

9.1 YouTube / You Tube Images

This website embeds videos from the YouTube website. The operator of the website is Google Ireland Limited (‘Google’), Gordon House, Barrow Street, Dublin 4, Ireland.

When you visit one of our websites on which YouTube is integrated, a connection to the YouTube servers is established. The YouTube server will be informed which of our pages you have visited.

Furthermore, YouTube can store various cookies on your terminal or use comparable technologies to recognize you (e.g. device fingerprinting). In this way YouTube can obtain information about visitors to this website. Among other things, this information is used to record video statistics, improve user-friendliness and prevent attempts at fraud.

If you are logged in to your YouTube account, you enable YouTube to assign your surfing behavior directly to your personal profile. You can prevent this by logging out of your YouTube account.

The use of YouTube is in the interest of an attractive presentation of our online offers. This constitutes a legitimate interest in compliance with Section 6 (1) (f) GDPR. Insofar as a corresponding consent has been given, the processing is carried out exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) in compliance with TTDPA. Consent can be revoked at any time.

Further information on the handling of user data can be found in the privacy policy of

YouTube at: https://policies.google.com/privacy?hl=en.

The provider is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore subject to the corresponding Adequacy Decision of the EU pursuant to Section 45 GDPR.

9.2 Integration of Vimeo videos

(1) We use plugins from the provider Vimeo on our website, which are only loaded if you have previously activated the function with your consent. We offer you the opportunity to interact with social networks and other users via the plug-ins. If a corresponding consent has been given, the processing takes place exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information in the user’s terminal device (e.g. device fingerprinting) compliant with TTDPA. Consent can be revoked at any time.

(2) The plug-in provider stores the data collected about you as usage profiles and uses this for the purposes of advertising, market research and/or customising its website. Such an analysis is carried out in particular (even for users who are not logged in) to display customised advertising and to inform other users in the social network about your activities on our website. You have the right to object to the creation of these user profiles. However, you have to contact the respective plug-in provider to exercise this right. Data is passed on regardless of whether you have an account with the plug-in provider and are logged in there. If you are logged in with the plug-in provider, your data collected by us will be assigned directly to your existing account with the plug-in provider. If you press the activated button and, for example, link the page, the plug-in provider also saves this information in your user account and shares it publicly with your contacts. We recommend that you log out regularly after using a social network, but especially before activating the button, as this will prevent this information from being assigned to your profile with the plug-in provider.

(3) The information collected is stored on the provider’s servers, in the case of international providers outside of Europe as well. For these cases, the provider has, according to its own information, imposed a standard that corresponds to the latest valid standard and has promised to comply with applicable data protection laws when transferring data internationally. We have also agreed so-called standard data protection clauses with the providers, the purpose of which is to maintain an appropriate level of data protection in the third country.

(4) You can withdraw your consent at any time without this affecting the permissibility of the processing up to the point of withdrawal. The easiest way to withdraw your consent is via our Consent Manager or via the functions of the social media provider.

(5) Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy provided below. There you will also find further information on your rights in this regard and setting options to protect your privacy. Addresses of the respective plug-in providers and URLs of the respective data protection notices. Vimeo is operated by

Vimeo.com, Inc, 330 West 34th Street, 5th Floor
New York, New York 10001, USA
Email: legal@vimeo.com

The purpose and scope of the data collection and the further processing and use of the data by Vimeo as well as your rights in this regard and setting options to protect your privacy can be found in Vimeo’s data protection information: https://vimeo.com/privacy.

9.3 LinkedIn Insight Tag / LinkedIn Ads / LinkedIn Analytics

(1) This website also uses the so-called LinkedIn Insight Tag (or LinkedIn Pixel) of LinkedIn Ireland Unlimited Company (‘LinkedIn’). By integrating this JavaScript tag, we can display interest-based adverts (‘ads’) relevant to you as a user of our website when you visit the LinkedIn social network or other websites that also use the same process, and we receive statistics about website visitors and demographics. Furthermore, we can analyse your use of our LinkedIn ads and interest in our offers using a conversion tracking function and also display LinkedIn ads to you on other websites via retargeting. In this way, we pursue the interest of improving the effectiveness of LinkedIn adverts and making our website more interesting for you.

(2) By integrating the LinkedIn Insight tag, your browser automatically establishes a direct connection to the LinkedIn server, both when you visit the LinkedIn website and when you visit websites that have integrated the LinkedIn Insight tag. LinkedIn and we are jointly responsible for collecting your usage data when you visit our website and for transmitting it to the provider, but LinkedIn is solely responsible for the relevant processing to fulfil the described purposes after the data has been transmitted. We have no influence on the scope and type of use of the data by LinkedIn, we therefore inform you according to our level of knowledge: By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have called up the corresponding website of our Internet presence or an advertisement from LinkedIn.

By integrating the LinkedIn Insight tag, LinkedIn receives the information that you have accessed the corresponding website of our Internet presence or have clicked on one of our adverts. If you are registered with a LinkedIn service, LinkedIn can assign the visit to your account. Even if you are not registered with LinkedIn or have not logged in, it is possible that the provider will find out your IP address, time window and other identifying features and link them to the actions assigned to you.

(3) The deactivation of the LinkedIn Insight tag and other advertising objections are possible in the settings for advertisements at www.linkedin.com/help/linkedin/answer/62931?trk=microsites-frontend_legal_privacy-policy&lang=en and additionally at www.linkedin.com/psettings/guest-controls/retargeting-opt-out. Further setting options and information can be found in the LinkedIn Privacy Center: https://de.linkedin.com/legal/privacy-policy.

(4) The legal basis for the processing of your data is Section 6 (1) (1) (a) GDPR, i.e. the integration only takes place with your consent. You can revoke your consent at any time, The easiest way to do this is via our cookie manager. We offer you the opportunity to interact with social networks and other users via the plug-ins. If a corresponding consent has been given, the processing is carried out exclusively on the basis of Section 6 (1) (a) GDPR and Section 25 (1) TTDPA, insofar as the consent includes the storage of cookies or access to information in the user’s terminal (e.g. device fingerprinting) compliant with TTDPA. Consent can be revoked at any time.

The information collected is stored on the provider’s servers, in the case of international providers also outside of Europe. The provider is certified in accordance with the EU-U.S. Data Privacy Framework and is therefore subject to the corresponding Adequacy Decision of the EU pursuant to Section 45 GDPR.

(5) Further information on data processing by LinkedIn can be obtained from the provider, LinkedIn Ireland Unlimited Company, Attn: Legal Dept. (Privacy Policy and User Agreement), Wilton Plaza, Wilton Place, Dublin 2, Ireland; information on the LinkedIn Insight tag: business.linkedin.com/en/marketing-solutions/insight-tag?lr=1/; data protection information: www.linkedin.com/legal/privacy-policy?trk=homepage-basic_footer-privacy-policy/.

10. Data protection and third-party websites

This website may contain hyperlinks to and from third-party websites. If you follow a hyperlink to one of these websites, please note that we cannot accept any responsibility or guarantee for third-party content or data protection conditions. Please check the applicable data protection conditions before you transmit personal data to these websites.

11. No automated decision-making

The provider does not carry out any automated decision-making in compliance with Section 22 (1) GDPR that has a legal effect on the user or significantly restricts the user in a similar way.

12. Changes to this Data Protection Policy

We reserve the right to amend this Data Protection Policy at any time with effect for the future. A current version is always available on the website. Please visit the website regularly to get information on the applicable data protection provisions.

Oaklins Germany AG, May 2024