Privacy Policy

Data protection at a glance

1) Basic data processing information

This privacy policy clarifies how we use personal data within our online offer and for what purpose.

You can access this information at any time on our website.

We take the protection of your personal data seriously and treat your personal data confidentially and in accordance with the statutory data protection regulations. We collect, use and store personal data exclusively within the scope of the provisions of the data protection laws. These are in particular the Basic Data Protection Ordinance (GDPR), the Federal Data Protection Act (BDSG) and country-specific data protection laws. In concrete terms, this means that we will only use your data if this is permitted by law. This means that we may process your data if the data processing is necessary or required by law to provide our services (e.g. sale of second-hand goods), your consent is available, or if it is justified by our legitimate interests (economic operation of our business and the security of our online offer) to process the data.

The terms used, such as "personal data" or their "processing" correspond to the definitions of the GDPR guidelines.

2) Responsible

The data controller is:

OIK gGmbH

            Venloer Straße 47-53

            50672 Cologne

            Represented by the Managing Director Mr. Alexander Carius

            Contact: alexander.carius@oik.org

3) Legal bases

We would like to point out that the following legal bases exist for processing:

• Consents Art. 6 paragraph 1 (a) and Article 7 GDPR.

• Processing for the performance of our services, implementation of contractual measures, Art. 6 paragraph 1 b) GDPR.

• Fulfillment of our legal obligations, Art. 6 paragraph 1 c) GDPR.

• Safeguarding our legitimate interests, Art. 6 paragraph 1 f) GDPR.

 

4) Disclosure of data to third parties and third parties

We only pass on your data to third parties within the scope of the statutory requirements, for example if you have given your consent herein (Art. 6 paragraph 1 a) and Art. 7 GDPR), which is required for the purposes of the GDPR on the basis of Art. 6 paragraph 1 b), the performance of our legal obligations is served by Art. 6 paragraph 1 c) GDPR or on the basis of legitimate interests under Art. 6 paragraph 1 f) GDPR.

When we use third parties to provide our online offer, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of your personal data.

5) Collection and use of data

We collect and use personal data of each user to the extent necessary for the user to use our online offer. This includes in particular characteristics for the identification of the user and information at the beginning and end as well as the extent of use of our online offer.

We collect a range of general data and information every time we access our online offer. This general data and information is stored in the log files of the server (see point 7 of this Privacy Policy).

6) Security

We maintain technical and organizational measures to ensure data security. Security measures include, in particular, the entrenched transfer of data between your browser and our server.

However, we would like to point out that data transmission over the Internet (e.g. when communicating via e-mail) may have security gaps. Complete protection of data against access by third parties is not possible.

7) Server logs

Based on our legitimate interests within the meaning of Article 6 paragraph 1 f) GDPR, we collect data on every access to the server on which our online offer is located (so-called server log files).

Your browser automatically transmits these server log files to us. The data collected in this way include, but are not only the date and time of access, location, country, state, region, city, URL (internet address) of the referring website, the retrieved file, information about the successful retrieval, the browser type and browser version as well as information about the user's operating system. We use this information exclusively for statistical purposes as well as for internal analysis purposes, such as improving the supply. This data cannot be allocated to specific persons. This data will not be merged with other data sources.

8) Cookies

In our online offer, cookies are used in order to make the offer attractive and to enable the use of certain functions. Cookies are small text files that are stored on your computer and enable the recognition of your browser. They are thus also used to determine the frequency of use and the number of users of our Internet offer.

Our websites use so-called "session cookies", which are cached exclusively for the duration of the use of one of our websites and are subsequently automatically deleted.

In addition, so-called "permanent cookies" are used to record information about users who repeatedly use our online offer. With the help of the "permanent cookies" we can recognize users and offer them optimal use of our Internet offers.

In addition, we use cookies to store login data on the server.

You will be informed about the use of cookies in the context of tracking and marketing purposes within the framework of this data protection declaration.

Changing the browser settings can prevent cookies from being stored on the computer of users of our website. The storage of cookies can be prevented by selecting "Do not accept cookies" in the browser settings. As a result, the range of functions of our online line can be limited.

9) Mailto-Links/contact forms

If you ask us about mailto links/contact forms on our online offer, your details (in particular the data from the e-mail sent to us via the mailto link) will be stored in our Customer Relationship Management System ("CRM System") for the purpose of processing the request and in case of follow-up questions.

If you register on our online offer, you must provide [name, email address, city, country telephone number, etc]. We process your data to contact you and process your request. In addition, your data will be stored in our CRM system for the purpose of receiving the request and in case of follow-up questions.

We will not share your information from the email without your consent (except for the processors who help us provide our online offer).

The processing is carried out based on Art. 6 paragraph 1 (b) GDPR for the processing of the contact request and its processing.

We delete the data for the requests if the data no longer seems necessary to correspond with you because of the request, but at the latest after 6 months after the last contact with you.

10) Online social media presences

We maintain online presences on social networks and platforms in order to communicate with the customers, interested parties and users active there and to inform them about our company and our services. This is done on the basis of our legitimate interests within the meaning of Article 6 (1) (f) GDPR. When accessing the respective networks and platforms, the terms and conditions and the data management guidelines of the respective operators apply.

We process users' data as long as users communicate with us on social networks and platforms, for example when users post on our on-line presences or send us messages.

11) Integration of third-party services and content

Within our online offer, we use content or service offers from third parties on the basis of our legitimate interests (means our interest in the analysis, optimization and economic operation of our online offer within the meaning of Art. 6 sec. 1 lit. f. GDPR) or on the basis of your prior consent, content or service offers from third parties in order to integrate their content and services, such as videos or fonts ("Content"). For this, it is necessary that the providers of this content perceive the IP address of the users. Because without the IP address, they cannot send the content to their browser.

The IP address is therefore necessary for the presentation of this content. We try to use only those content where the respective provider only uses the IP address to deliver the content.

Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to analyze information, such as traffic on the pages of this website. The pseudonymous information can also be stored in cookies on the user's device. They may include, among other things, technical information about the browser and operating system, referring websites, visit time and other information on the use of our online offer, as well as they can be linked to such information from other sources.

The following shows which third-party content we use, including links to their privacy statements:

• External fonts from Google, LLC., www.google.com/fonts ("Google Fonts"). The integration of the Google fonts takes place by a server call to Google (usually in the USA). Privacy Policy: https://policies.google.com/privacy

Opt-Out: https://adssettings.google.com/authenticated

 

• Maps of the Google Maps service provided by google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Privacy policy: https://www.google.com/policies/privacy /, opt-out: https://www.google.com/settings/ads/ .

 

• Functions of the service or platform Twitter may be integrated within our online offer (hereinafter referred to as "Twitter"). Twitter is an offer from Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The functions include the presentation of our posts within Twitter within our online offer, the link to our profile on Twitter as well as the possibility to interact with the posts and functions of Twitter, as well as to measure whether users access our online offer via the advertisements we have posted on Twitter (so-called conversion measurement). Twitter is certified under the Privacy Shield Agreement and provides a guarantee to comply with European data protection law (https://www.privacyshield.gov/participant?id=a2zt0000000TORzAAO&status=Active ). Privacy Policy: https://twitter.com/de/privacy , Opt-Out: https://twitter.com/personalization .

 

12) Your rights

If the legal requirements are met, they are entitled to rights under Articles 15 to 22 GDPR. These are your rights of access, rectification, deletion, restriction of processing and data portability.

In addition, you have the right to object to the processing, which is based on Article 6 paragraph 1 (f) GDPR and thus our legitimate interests.

You may object at any time to the future processing of the data concerning you in accordance with Article 21 GDPR. The opposition may be made in particular against the processing for direct marketing purposes.

You can revoke your consent at any time for the future.

13) Right to appeal to the supervisory authority

Pursuant to Article 77 GDPR, you have the right to contact the supervisory authority if you believe that the processing of your personal data is not lawful.

14) Deletion of data

The data stored by us will be deleted as soon as the data are no longer necessary for the purposes you have chosen and the deletion is not precluded by any statutory obligation to comply. The statutory retention periods are six years in accordance with Section 257 of the German Commercial Code (HGB) for commercial books, inventories, commercial letters, opening balance sheets, etc. and ten years after Section 147 of the AO for books, records, documents and other documents that are relevant to the public.

 

• Last updated July 27th, 2020 –