Privacy Policy

Privacy policy and information pursuant to Article 13 GDPR

General
We are delighted that you are interested in our website and our services. We attach great importance to protecting your privacy as a user of our website and we strictly comply with data protection provisions when collecting, processing and using data. This particularly applies to the processing of your personal data.

Name and address of the controller
it’s OWL Clustermanagement GmbH
Street: Zukunftsmeile 1
Post code, town/city: 33102 Paderborn
Telephone: +49 5251 5465 275
E-mail: info@its-owl.de

Data protection officer’s contact details
Controller: bITs GmbH
Viktor Pidde (data protection adviser/data protection officer)
Detmolder Straße 204
33100 Paderborn
Telephone: +49 5251 688948-0
Fax: +49 5251 688948-4
E-mail: datenschutz@its-owl.de

Purposes of personal data processing and legal bases of processing
Purposes of processing:

  • Contact with the controller by the website visitor via the online contact form; Legal basis: Article 6 (1) (b) of the GDPR (required to take steps prior to entering into a contract)
  • Carrying out evaluations of user behaviour with Google Analytics; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Sending newsletters through the Mailchimp system; Legal basis: Article 6 (1) (a) of the GDPR (data subject’s consent)
  • Tracking newsletter subscribers with respect to opening e-mails and clicking on articles; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Processing technical information to provide the service and optimise the display of information requested by the visitor to the website on the end device used; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Use of maps from the ‘Google Maps’ service; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Embedding of videos from the ‘YouTube’ platform; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Execution of external code from the JavaScript framework ‘jQuery’; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Website management and needs-based design of processes during use by using cookies; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)
  • Embedding of posts from the ‘Twitter’ platform; Legal basis: Article 6 (1) (f) of the GDPR (legitimate interest of the controller)

If your personal data is processed to safeguard the legitimate interests of a controller pursuant to Article 6 (1) (f) of the GDPR, those legitimate interests consist in permanently analysing and improving the website and optimising user friendliness. If technology is used for measurement of reach, you will be informed of this separately in this privacy policy and you will have the opportunity to object to this. Our legitimate interest in measurement of reach is to analyse, optimise and commercially run our website.

Categories of personal data that are processed
During use of our website, the following data is processed for organisational and technical reasons:

  • Two bytes of the IP address of the user’s requesting system
  • The web page accessed
  • The website from which the user gained access to the website (referrer)
  • The sub-pages accessed on the website accessed
  • Time spent on the website
  • Number of times the website was accessed

If you send us data via our online form, the personal data you provide will be processed for the respective purpose. If you have not objected to tracking via Google Analytics and the use of cookies, we evaluate the use of our website. This includes:

  • Pages accessed
  • Bounce rate
  • Time spent on each page

We do not know the identity of the user, nor do we take any steps to obtain the corresponding information by other means. We evaluate this technical data anonymously and for statistical purposes only in order to optimise our website on an ongoing basis and to make the website even more attractive. This anonymous data is stored on secure systems, separately from personal information. Your personal data and your privacy are therefore protected at all times.

Recipients of your personal data
Your personal data is only shared with third parties on the basis of consent you have given or on the basis of a legal permission. Your personal data is only shared with state institutions and authorities entitled to obtain such information within the framework of applicable legislation or if we are obliged to do so on the basis of a court decision.

Our employees are bound to a duty of confidentiality and are obliged to comply with the provisions of data protection laws. We have commissioned companies to process personal data as instructed by us in order to carry out the technical services provided. These are:

  • LOUIS INTERNET GmbH; Service provided: website hosting
  • Computer centre in Germany; Service provided: leasing and operation of a virtual server as part of contract processing pursuant to Article 28 of the GDPR
  • Google Ireland Ltd.; Service provided: web tracking with Google

Newsletter subscription
If you have subscribed to our newsletter, we will use your e-mail address and the personal information provided on a voluntary basis to send you our newsletter at regular intervals. Only your e-mail address is required for you to receive our newsletter.

At the end of each newsletter, you will find a link that you can click on at any time to edit your subscription data or to unsubscribe from the newsletter.

You can also unsubscribe by contacting us using the contact details given in the legal notice. When subscribing to the newsletter with an e-mail address that is not already registered to receive our newsletter, an e-mail will be sent to confirm the subscription through a double opt-in process. The subscription is only activated when you confirm it by clicking on the link in this confirmation e-mail. This process is adopted for legal reasons to ensure that the owner of the e-mail address requested the subscription as a data subject.

We store the date of subscription to the newsletter. This is required to provide evidence in case the e-mail address used to subscribe has been misused.

Newsletters are personalised so that we are able to determine whether a recipient has opened the newsletter and clicked on one of the articles in the newsletter. Personal data collected in such a way is stored and evaluated in order to optimise what we offer and to align the content of future newsletters to the interests of subscribers even more closely.

Use of cookies
This website uses ‘cookies’. These are small files that are sent to your browser by our web server and are stored on your computer’s hard drive. No personal data is stored, but an individual pseudonym. As an example, this information is used to recognise you when navigating through our pages and to make navigation easier for you.

You can change your browser settings so that you are notified if cookies are placed on your machine. This makes the use of cookies transparent for you. Alternatively, you can view this website without using cookies. You can do so by changing your browser settings before you visit the website. Please note that in this case, you may be unable to use some functions of the website in part or in full.

Google Analytics traffic analysis
This website uses Google Analytics, which is a web analysis service from Google Inc. (‘Google’). Google Analytics uses ‘cookies’, which are text files that are saved on your computer and allow website use to be analysed. Information generated by the cookie about your use of this website is generally sent to a Google server in the USA and saved there. IP anonymisation is enabled for this website. Here your IP address is truncated and stored without the last octet. We then know which network the request comes from, but not the specific computer it comes from. Your IP address is truncated by Google within the European Union Member States or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and truncated there. By order of the operator of this website, Google will use this information to evaluate the use of the website, to prepare reports about website activities and to provide other services to the website operator that relate to website and internet use.

The IP address sent by your browser as part of Google Analytics will not be linked with any other data held by Google. You may disable cookies by selecting the appropriate settings in your browser; however please note that if you do so you may be unable to use all of this website’s functions to their full extent. You can also prevent the data generated by the cookie relating to your use of the website (including your IP address) from being captured and processed by Google by downloading and installing the browser plug-in available via the following link: http://tools.google.com/dlpage/gaoptout?hl=de

Use of external services
This website uses content from third-party providers. This may be videos, fonts or scripts. The respective purposes and legal bases on which we use this content are explained in detail in the section ‘Purposes of personal data processing and legal bases of processing’. In order to display content from third-party provider services used, your IP address must be sent to the respective provider for technical reasons. We have no control over how each third-party provider uses your personal data. However, please see below for an overview of all of the third-party provider services we use on this website. If applicable, we will also provide you with a link to the privacy policy of the third-party provider so that you can access information on processing of your personal data there and, if applicable, we will inform you of any opt-out options available.

External services:

  • External fonts from Google, Inc., www.google.com/fonts (‘Google Fonts’). Google Fonts are embedded through a server call to Google (generally in the USA); Privacy policy: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/
  • Maps shown are from the ‘Google Maps’ service provided by the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA Privacy policy: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/
  • Videos from the ‘YouTube’ platform, from the third-party provider Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; Privacy policy: https://www.google.com/policies/privacy/; Opt-out: https://www.google.com/settings/ads/
  • External code from the JavaScript framework ‘jQuery’. The code is provided through the website www.its-owl.de
  • Posts and fanpage from the platform ‘Facebook’ from the provider Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland; Privacy policy: https://www.facebook.com/privacy/explanation
  • Tweets from the platform ‘Twitter’ from the provider Twitter, Inc., Attn: Privacy Policy Inquiry, 1355 Market Street, Suite 900, San Francisco, CA 94103; Privacy policy: https://twitter.com/de/privacy
  • This website uses the provider GetSiteControl. GetSiteControl (GetWebCraft Limited Klimentos 41-43, Klimentos Tower, Flat/Office 25, 1061, Nicosia, Cyprus) is a programme that plays pop-ups and overlay windows on the website for informational purposes and for better user navigation. The window can be modulated using specific rules (e.g. number of site visits). GetSiteControl uses cookies for this purpose. Processing takes place on the basis of our legitimate interest in optimal user navigation on our website pursuant to Article 6 (1) (f) of the GDPR. The currently applicable privacy policy from GetSiteControl can be accessed at https://getsitecontrol.com/privacy/.


Facebook fanpage
We run a Facebook fanpage via the following link, for which we have joint responsibility together with Facebook Ireland Ltd. pursuant to Article 26 of the GDPR: https://www.facebook.com/itsOWL.Cluster/

Together with Facebook, we analyse how you use our fanpage (page insights function) pursuant to Article 26 of the GDPR, for which we have joint responsibility together with Facebook. Facebook provides the information to be made available under the GDPR with respect to data processing as part of page insights via the link: https://www.face- book.com/privacy/explanation.

Facebook also provides you with relevant content regarding the agreement made between Facebook and us with respect to processing with joint responsibility pursuant to Article 26 of the GDPR via the following link: https://www.face- book.com/legal/terms/page_controller_addendum.

Facebook Ireland has agreed to accept primary responsibility pursuant to the GDPR with respect to the processing of insight data and all duties under the GDPR with respect to the processing of insight data. This particularly relates to Articles 12 and 13 of the GDPR, Articles 15 to 22 of the GDPR and Articles 32 to 34 of the GDPR.

We only receive anonymised statistics within the scope of page insights. We have no access to personal data processed by Facebook. The anonymisation of data and the subsequent evaluation by Facebook takes place on the basis of legal permissions that stem from the GDPR. These permit personal data to be processed as there is an overriding legitimate interest in being able to better understand the interests of the visitor to the fanpage (Article 6 (1) (f) of the GDPR).

Twitter channels
Our website uses functions from Twitter, Inc., 1355 Market St, Suite 900, San Francisco, CA 94103, USA. When accessing our pages with Twitter plugins, a connection is established between your browser and Twitter servers. Data is sent to Twitter when you do so. If you have a Twitter account, this data can be linked with your account. If you do not want this data to be linked with your Twitter account, please sign out of Twitter before you visit our website. Interactions, in particular clicking on the ‘Retweet’ button, are also sent to Twitter. To find out more, please visit https://www.twitter.com/privacy.

XING
We have a XING company profile, which we link to from our website (https://www.xing.com/companies/itsowlclustermanagementgmbh).

The web portal XING is run by the German XING SE, Dammtorstraße 30, 20354 Hamburg.

The use of our company profile on XING can take place directly through the XING platform or by clicking on one of the direct links on our website. When you click on the link, you will be redirected to our company profile on XING. When you are redirected, no personal data is sent to XING SE, as no XING plugins are used on our site that would tell the operator which pages you have visited on our site.

If you access our company profile on XING, XING SE processes your personal data (e.g. your IP address, location data for your device, etc.) pursuant to its own privacy policy, which can be accessed via the following link: https://privacy.xing.com/de/datenschutzerklaerung.

YouTube
We use videos on our site that are saved on the online video portal YouTube (available at: https://www.YouTube.com).

The online video portal YouTube is provided by the US company YouTube LLC (LLC meaning limited liability company). YouTube LLC’s business address is: 901 Cherry Ave., San Bruno, CA 94066, USA. YouTube LLC is a subsidiary of Google Ireland Limited, which is based in Ireland. Google Ireland Limited’s business address is: Gordon House, Barrow Street, Dublin 4, Ireland.

Videos are used through the placement of a direct link to the video saved on the video portal YouTube and, if applicable, the associated preview image. Clicking on the link or the preview image associated with the link will redirect you to the corresponding YouTube page where you can watch the video. When you are redirected, no personal data is sent to YouTube LLC, as no YouTube plugins are used on our site that would, for example, tell the YouTube server which pages you have visited on our site.

If you access the video on the YouTube video portal, YouTube LLC processes your personal data (e.g. your IP address, location data for your device, your device’s sensor data, WiFi access points, etc.) pursuant to its own privacy policy, which can be accessed via the following link: https://policies.google.com/privacy?hl=de&gl=de.

Use of LinkedIn plugins
We use on our site the features and content of the LinkedIn service (available at: https://www.linkedin.com/) provided by LinkedIn Ireland Unlimited Company. The business address of LinkedIn Ireland Unlimited Company is Wilton Place, Dublin 2, Ireland. Further information about LinkedIn can be found at the following link: www.linkedin.com/legal/impressum

The services can include content such as images, videos, buttons via which you can use the LinkedIn services interactively (e.g. the functions ‘Share’ and ‘Rate’, or the so-called ‘LinkedIn-Recommend-Button’).

Each time you access our pages that contain LinkedIn functions, a connection is established to LinkedIn servers. LinkedIn then receives the information under which IP address you have visited our website. If, for example, you click on the ‘LinkedIn Recommend’ button and are logged into your LinkedIn account, LinkedIn can assign your visit to our website to your user account.

We have no influence on the way LinkedIn processes your data. LinkedIn will inform you about how LinkedIn processes your personal data in its privacy policy at the following address: https://www.linkedin.com/legal/privacy-policy?trk=hb_ft_priv

The LinkedIn plug-in is used on the basis of (Article 6 (1) (f) of the GDPR). As website operator, we have a legitimate interest in the widest possible visibility in social media.

Links to other websites
Our website contains links to other websites. We have no control over their operators’ compliance with data protection provisions. Despite carrying out careful checks on material, we cannot accept any liability for the content of external links. The operators of external sites are exclusively responsible for their own content.

Your security
We protect your data against unauthorised access, loss, manipulation and destruction through technical and organisational measures. Our security measures are continually adjusted so that they are in line with technological developments.
All of the communication between your end device and our servers is encrypted. This applies to downloading documents or information that we provide to you via our website, as well as information that you provide to us via the contact form or the application form.

Data subject rights/right to lodge a complaint
You have the right to request information about your personal data that is processed by us, pursuant to Article 15 of the GDPR. In particular, you can request information about the purposes of processing, the category of personal data processed concerning you, the categories of recipients to whom the data has been or is being disclosed, the intended storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint with a supervisory authority, the origin of your data if it was not collected by us, and the existence of automated decision-making including profiling and meaningful information regarding the details of this, where applicable.

You have the right to request that incorrect or incomplete personal data stored by us is immediately rectified pursuant to Article 16 of the GDPR.

You have the right to have personal data we store erased pursuant to Article 17 of the GDPR, provided that there is no legal basis that entitles us or obliges us to store the data for a longer period of time.

Pursuant to Article 18 of the GDPR, you have the right to request that the processing of your personal data is restricted if

  • the accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
  • the processing is unlawful, and you oppose the erasure of the personal data and request that the personal data is restricted instead;
  • we no longer need the personal data for the purposes of processing, but it is required by you for the establishment, exercise or defence of legal claims; or
  • you have objected to processing pursuant to Article 21 (1) of the GDPR, pending verification as to whether our legitimate grounds override your grounds.

You have the right to request that you receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format or to request its transmission to another controller, pursuant to Article 20 of the GDPR.

Pursuant to Article 77 of the GDPR, you have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of personal data relating to you infringes the GDPR.

Right to withdraw consent
You have the right to withdraw the consent you have previously given at any time pursuant to Article 7 (3) of the GDPR. This results in us no longer being able to process data on which this consent is based in the future. The lawfulness of processing previously carried out on the basis of consent will not be affected by this.

Right to object
If your personal data is processed on the basis of legitimate interests pursuant to Article 6 (1) (f) of the GDPR, you have the right to object against your personal data being processed pursuant to Article 21 of the GDPR, provided that there are reasons that relate to your particular situation.

Provision of your personal data
Personal data is information relating to your identity. As an example, this includes your name, address, telephone number and e-mail address. In order to use this website, it is not necessary for you to disclose personal data. However, in certain cases, we need your name, address and other information in order to provide the requested services.

For example, this applies to the use of our contact form or the sending of information to respond to individual questions. We will notify you where you are required to do so. In addition, we only store and process data that you provide to us on a voluntary basis or automatically. If you use advisory services, data is generally only collected if it is required to provide those services. If we ask you for additional data, this is given on a voluntary basis. The personal data you provide is exclusively processed for the purposes indicated and explained to you.

Changes to data protection provisions
We reserve the right to change security and data protection measures at any time, particularly if this is required due to technical developments. In these cases, we will update this policy on data protection accordingly. As such, please ensure you are up-to-date with the applicable version of this privacy policy.

Questions, suggestions, complaints
If you have further questions about the privacy policy or processing of your personal data, you can contact our data protection officer directly by using the contact details above.

Regardless of any other legal remedies under administrative law or through the courts, you have the right to lodge a complaint with a supervisory authority, in particular with an authority in the Member State in which you reside or in which the alleged breach took place, if you are of the opinion that the processing of personal data concerning you infringes the GDPR.

The supervisory authority with which complaints are lodged will inform the complainant of the status and the outcome of the complaint, including the option of legal remedies pursuant to Article 78 of the GDPR.

The supervisory authority responsible for the controller is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)
Postfach 20 04 44
40102 Düsseldorf
Telephone: 0211/38424-0
Fax: 0211/38424-10
E-mail: poststelle@ldi.nrw.de
Website: www.ldi.nrw.de

Date: October 2019