Introduction and scope 

The Odenwald Faserplattenwerk GmbH (hereafter “OWA”) is committed to process personal data responsibly and in compliance with the applicable data protection laws in all countries in which the company operates.

This Customer/Vendor Data Protection Notice (the “Notice”) describes the types of personal data OWA collects, how OWA uses that personal data, with whom OWA shares your personal data, and the rights you, as a data subject, have regarding OWA use of the personal data. This notice also describes the measures OWA takes to protect the security of the data and how you can contact us about our data protection practices.

Contact details of the Data Controller

Odenwald Faserplattenwerk GmbH 
Dr.-F.-A.-Freundt-Straße 3 
63916 Amorbach 
tel  +49 93 73.2 01-0
fax +49 93 73.2 01-130

Contact details of the Data Protection Officer (DPO)

The DPO is involved in all issues related to the protection of your personal data. In particular, the DPO is in charge of monitoring and ensuring compliance with this notice and the applicable data protection laws. They will also provide advice on data protection matters upon request.

For any clarification or additional information you may need in order to fully understand this Notice, please contact:

Thorsten Barino
Address and contact as above

Purposes of data processing and legal basis

OWA processes personal data in accordance with applicable data protection laws and regulations and only for limited, explicit and legitimate purposes. OWA will not use personal data for any purpose that is incompatible with the original purpose for which it was collected unless you provide your prior explicit consent for further use. 

Personal data relating to customers/vendors may be processed for the purposes of: 

  • Managing commercial relationships with current and potential clients;
  • Managing commercial relationships with current and potential suppliers and vendors;
  • Carrying out promotional operations;
  • Conducting statistical surveys and marketing studies, etc.

OWA ensures that our internal governance procedures clearly specify the reasons behind decisions to use personal data for alternative processing purposes. Prior to using your personal data for a purpose other than the one for which it was initially collected, you will be informed about such new purpose.

Categories of personal data processed

The provision of personal data is a requirement necessary to enter into a contract with OWA or a requirement by law or regulation for OWA to administer your customer/vendor relationship. The personal data processed is limited to the data necessary for carrying out the purpose for which such personal data is collected. 

Personal data processed includes the following:

  • Business information (such as name of organization, department and job title);
  • Contractual information (such as date of agreement, type of commercial relationship, etc.).

OWA will not collect personal data if such collection is prohibited under the applicable data protection laws.

In no case will personal data revealing religious beliefs, racial or ethnic origin, political opinions, philosophical beliefs, trade union membership or concerning sex life be processed in the customer/vendor context.

OWA will maintain personal data in a manner that ensures it is accurate, complete and up-to-date.

Data Security

OWA has implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, such risk analysis includes an analysis of the risk of compromising the rights of the data subject, costs of implementation, and the nature, scope, context and purposes for data processing. 

The measures include 

(i) encryption of personal data where applicable/appropriate; 

(ii) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of Processing systems and services; 

(iii) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and 

(iv) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. 

Recipients of personal data

OWA will only grant access to personal data on a need-to-know basis, and such access will be limited to the personal data that is necessary to perform the function for which such access is granted. 

Authorization to access personal data will always be linked to the function so that no authorization will be extended to access personal data on a personal basis. Service providers will only receive personal data according to the purposes of the service agreement with the Company. 

International data transfers

International data transfers refer to transfers of personal data outside of the European Economic Area (“EEA”). The international footprint of OWA involves the transfer of personal data to and from other group companies or third parties, which may be located outside the EEA. OWA will ensure that when personal data is transferred to countries that have different standards of data protection, appropriate safeguards to adequately protect the personal data are implemented to secure such data transfers in compliance with applicable data protection laws. OWA has implemented Data Transfer agreements based on EU model clauses to cover international data transfers.

Retention of personal data

OWA will not retain your Personal data for longer than is allowed under the applicable data protection laws and regulations or for longer that is justified for the purposes for which it was originally collected or otherwise processed, subject to applicable local retention requirements. 

Data Protection rights 

Under applicable data protection laws, you will benefit from the following rights. You can exercise these rights at any time by contacting the DPO, where applicable: 

  • Right to access to, rectification and erasure of personal information;
  • Right to restriction of processing and to object to processing;
  • Right of data portability to the extent applicable; 
  • Right to withdraw consent where the processing is based on consent; and
  • Right to lodge a complaint with the supervisory authority. 

Notice compliance and contact information

Monitoring and ensuring compliance of the personal data processing within OWA with this notice and applicable data protection laws and regulations is the responsibility of the DPO, where applicable.

You may contact the DPO with regard to any issue related to processing of your personal data and to exercise your rights as mentioned above. 


This notice will be effective as of 25.05.2018 and will be applicable to OWA.

This notice may be revised and amended from time to time and appropriate notice about any amendments will be given.

OWA is allowed to adapt the text of this notice only in order to be compliant with local legislation by means of an addendum attached to this notice. In case of any discrepancies between this notice and a specific local addendum made in accordance with local law, the terms of the latter will prevail.




Wilt u meer weten? Neem dan contact op met ons op telefoonnummer 020-6825305 of via de mail: info(at)owa(dot)nl