Odenwald Faserplattenwerk GmbH takes the protection of your personal data very seriously. Your privacy is an important concern for us. We process your personal data in accordance with the relevant applicable statutory data protection requirements for the purposes listed below. Personal data within the meaning of this data protection information comprises all information that relates to your person.
The following information explains how we handle this data. To make things clearer, we have divided our data protection information into sections.
Data controller and Data Protection Officer
If you have any questions or comments relating to data protection (for example relating to information about your personal data and updating it), you may also contact our Data Protection Officer.
Tel: +49 93 73.2 01-3 75
Fax: +49 93 73.2 01-5 75
Odenwald Faserplattenwerk GmbH
Framework of the data processing
Source of the data collection
We process the personal data that we have collected directly from you.
If this is necessary for the provision of our services, we will process personal data that was permissibly obtained from other companies or other third parties (such as credit agencies and mailing list providers). We also process the personal data that we have permissibly obtained, received or acquired and are allowed to process from publicly accessible sources (such as telephone directories, commercial and associations registers, debtor registers, land registries, press, Internet and other media).
If this is necessary for the provision of our services, we will process personal data that was permissibly obtained from other companies or other third parties. We also process the personal data that we have permissibly obtained, received or acquired and are allowed to process from publicly accessible sources. Relevant personal data categories may be, in particular:
We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (new version) (BDSG-New) and other applicable data protection regulations (details below). Which individual data is processed and how depends largely on the services that are requested and/or agreed. For additional information or amendments to the purposes of the data processing, please refer to the respective contract documents, forms, a declaration of consent and/or other information provided to you (for example in the context of using our website or our terms and conditions).
Personal data is processed with the purpose of performing our contracts with you and executing your orders as well as to perform measures and activities within the context of pre-contractual relationships such as with interested parties. These include in essence: contract-related communication with you, the corresponding billing and related payment transactions, the traceability of orders and other agreements as well as quality control by means of corresponding documentation, goodwill procedures, measures for controlling and optimising business processes as well as for fulfilling the general due diligence obligations, monitoring and controls by affiliated companies; statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and fiscal evaluation of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; guaranteeing IT security (including system and/or plausibility tests) and security in general, ensuring and exercising domiciliary rights (for example by means of access controls); ensuring the integrity, authenticity and availability of the data, prevention and detection of criminal offences as well as monitoring by supervisory bodies or controlling bodies (such as audits).
Beyond the actual fulfilment of the contract or preliminary contract, we will process your data where appropriate, if this is necessary to protect legitimate interests of ours or third parties, especially for the purposes of
directly attributable to the contractual relationship;
Your personal data may be processed for specific purposes (such as the use of your e-mail address for marketing purposes) based on your consent. You can usually withdraw this consent at any time. This also applies to the withdrawal of declarations of consent that were granted to us before the validity of the GDPR, that is, before 25th May, 2018. You will be informed about the purposes and consequences of withdrawing or not granting your consent in the relevant text of the consent. As a general principle, withdrawing consent is effective for the future. Any processing of data that took place before consent was withdrawn is not affected by this and remains lawful.
Like every other player in the economy, we are subject to a number of legal obligations. These are primarily legal requirements (such as trade and tax legislation), as well as supervisory or other official regulations. The purposes of the processing operation include the fulfilment of fiscal monitoring and reporting obligations as well as archiving of data for purposes of data protection and data security and inspection by tax and other authorities. Furthermore, the disclosure of personal data may be required in the context of official/judicial measures for the purposes of evidence collection, prosecution or the enforcement of claims under civil law.
You must provide only that data which is required for taking up and conducting a business relationship or for a pre-contractual relationship with us, or whose data we are legally obliged to collect. Without this data, we are not usually able to conclude or perform a contract with you. This may also refer to data that is required later on in the business relationship. If we request additional data from you, reference will be made to the voluntary nature of the information.
We do not employ any purely automated decision-making processes in accordance with Article 22 GDPR. However, if we were to employ such a process in future in individual cases, particular reference will be made to this fact if this is a legal requirement. We may process some of your data with the objective of analysing certain personal aspects (profiling).
We may use evaluation tools that enable us to provide you with tailored information and advice on products. These enable needs-based product design, communication and advertising including market and opinion research. Information pertaining to nationality as well as special categories of personal data in accordance with Art. 9 GDPR are not processed.
In the context of the business relationship, you must provide the personal data that is necessary to justify, perform and end the legal transaction, and to fulfil the contractual obligations associated with it, or that data which we are legally required to collect. We will not be able to conduct a legal transaction with you in the absence of this data.
Within our company, your data will be received by those internal departments or organisational units that require it to fulfil our contractual and statutory obligations or in the context of processing and implementing our legitimate interest.
The data will be forwarded to external parties only
If external service companies process data on our behalf as processors or acquirers or functions (such as data centres, support/maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, audit services, financial institutions, printing companies or companies for data removal, courier services, logistics);
We will not forward your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards there as those that apply to us. In the other cases, the recipients may use the data only for the purposes for which the data was transmitted to them.
Data will be transmitted to bodies in countries outside of the European Union (EU) or the European Economic Area (EEA) (known as third countries) if this should be necessary to execute an order/contract by or with you, this is prescribed by law (such as fiscal reporting obligations), it lies within the context of our legitimate interest or that of a third party, or if you have given us your consent hereto.
Your data may also be processed in a third country in connection with the involvement of service providers as part of order processing.
If no decision exists from the EU Commission for the relevant country regarding an adequate level of data privacy protection there, we will ensure that your rights and freedoms are protected and guaranteed appropriately in accordance with the EU data protection guidelines by means of corresponding contracts. We will provide you with relevant detailed information at your request. Information about appropriate or adequate guarantees and the possibility of obtaining a copy from you can be requested from the operational Data Protection Officer.
We will process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the performance of a contract.
Furthermore, we are subject to various retention and documentation obligations that result from the German Commercial Code (HGB) and the German Revenue Code (AO). The retention or documentation periods specified therein amount up to ten years at the end of the calendar year beyond the end of the business relationship or the pre-contractual legal relationship.
Furthermore, special legal provisions may require a longer retention period such as the retention of evidence as part of statutory limitation periods. In accordance with Sections 195 ff. of the German Civil Code (BGB), although the regular limitation period is three years, limitation periods of up to 30 years may also be applicable.
If data is no longer required for fulfilling contractual or statutory obligations, it will be deleted on a regular basis, unless temporary further processing of the data is necessary to fulfil the purposes from a legitimate prevailing interest. Such an overriding legitimate interest also exists for example if deletion is not possible, or is possible only at a disproportionately high expense due to the special type of storage, and if processing of the data for other purposes is excluded by means of appropriate technical and organisational measures.
You may assert your data protection rights over us under certain conditions.
You have the right to object at any time to the processing of your data which takes place on the basis of Art. 6 Par. 1 f GDPR (data processing based on a balancing of interests) or Art. 6 Par. 1 e GDPR (data processing in the public interest) if reasons for this exist that arise from your particular situation.
This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you submit an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for its processing that outweigh your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.
Where necessary, we will also process your personal data for the purpose of direct advertising. If you do not wish to receive any advertising, you always have the right to object to this; this also applies to profiling insofar as it is connected to this direct advertising. We will note this objection for the future. We will no longer process your data for purposes of direct advertising if you object to the processing for these purposes.
You should submit your objection wherever possible to:
Odenwald Faserplattenwerk GmbH, Data Protection Officer, contact address as above datenschutz(at)owa(dot)de
You have the option of submitting a complaint to the above-mentioned Data Protection Officer or to a data protection supervisory authority.
Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)