General information

Odenwald Faserplattenwerk GmbH takes the protection of your personal data very seriously. Your privacy is an important concern for us. We process your personal data in accordance with the relevant applicable statutory data protection requirements for the purposes listed below. Personal data within the meaning of this data protection information comprises all information that relates to your person.

The following information explains how we handle this data. To make things clearer, we have divided our data protection information into sections.

Data controller and Data Protection Officer

The controller responsible for processing personal data is
Odenwald Faserplattenwerk GmbH
Dr.-F.-A.-Freundt-Straße 3
63916 Amorbach
tel +49 93 73.2 01-0
fax +49 93 73.2 01-130

If you have any questions or comments relating to data protection (for example relating to information about your personal data and updating it), you may also contact our Data Protection Officer.

Thorsten Barino
Tel: +49 93 73.2 01-3 75
Fax: +49 93 73.2 01-5 75


Odenwald Faserplattenwerk GmbH
Dr.-F.-A.-Freundt-Straße 3
63916 Amorbach

Framework of the data processing

Source of the data collection

We process the personal data that we have collected directly from you.

If this is necessary for the provision of our services, we will process personal data that was permissibly obtained from other companies or other third parties (such as credit agencies and mailing list providers). We also process the personal data that we have permissibly obtained, received or acquired and are allowed to process from publicly accessible sources (such as telephone directories, commercial and associations registers, debtor registers, land registries, press, Internet and other media).

Origin and data categories of data that was not obtained directly from you

If this is necessary for the provision of our services, we will process personal data that was permissibly obtained from other companies or other third parties. We also process the personal data that we have permissibly obtained, received or acquired and are allowed to process from publicly accessible sources. Relevant personal data categories may be, in particular:

  • Personal data (name, profession/industry, position in the company and comparable data)
  • Contact data (address, e-mail address, telephone number and comparable data)
  • Data relating to your use of the telemedia offered by us (at the time when our website, apps or newsletter were accessed, pages/links from us that were clicked on, or entries and comparable data for example)
  • Video and image recordings

Purposes and legal basis of the processed data

We process personal data in accordance with the provisions of the General Data Protection Regulation (GDPR), the Federal Data Protection Act (new version) (BDSG-New) and other applicable data protection regulations (details below). Which individual data is processed and how depends largely on the services that are requested and/or agreed. For additional information or amendments to the purposes of the data processing, please refer to the respective contract documents, forms, a declaration of consent and/or other information provided to you (for example in the context of using our website or our terms and conditions).

Purposes for fulfilling a contract or pre-contractual measures (Art. 6 Par. 1 b GDPR)

Personal data is processed with the purpose of performing our contracts with you and executing your orders as well as to perform measures and activities within the context of pre-contractual relationships such as with interested parties. These include in essence: contract-related communication with you, the corresponding billing and related payment transactions, the traceability of orders and other agreements as well as quality control by means of corresponding documentation, goodwill procedures, measures for controlling and optimising business processes as well as for fulfilling the general due diligence obligations, monitoring and controls by affiliated companies; statistical evaluations for corporate management, cost recording and controlling, reporting, internal and external communication, emergency management, billing and fiscal evaluation of operational services, risk management, assertion of legal claims and defence in the event of legal disputes; guaranteeing IT security (including system and/or plausibility tests) and security in general, ensuring and exercising domiciliary rights (for example by means of access controls); ensuring the integrity, authenticity and availability of the data, prevention and detection of criminal offences as well as monitoring by supervisory bodies or controlling bodies (such as audits).

Purposes within the context of a legitimate interest of ours or third parties (Art. 6 Par. 1 f GDPR)

Beyond the actual fulfilment of the contract or preliminary contract, we will process your data where appropriate, if this is necessary to protect legitimate interests of ours or third parties, especially for the purposes of

  • Advertising or market and opinion research, provided that you have not objected to the use of your data;
  • Verifying and optimising procedures for requirement analysis;
  • Further developing services and products as well as existing systems and processes;
  • Enriching our data, including using or researching into publicly accessible data, among other things;
  • Statistical evaluations or market analysis; benchmarking;
  • Asserting legal claims and defence in the event of legal disputes that are not

directly attributable to the contractual relationship;

  • Storing the data for a limited period of time if deletion is not possible, or is possible only at a disproportionately high expense due to the special type of storage;
  • Developing scoring systems or automated decision-making processes;
  • Preventing and detecting criminal offences, unless these are exclusively to fulfil legal requirements;
  • Building and plant security (for example through access controls) if these exceed the general obligations to exercise due diligence;
  • Preserving and maintaining certifications of a private-law or official nature;
  • Ensuring and exercising domiciliary rights by means of corresponding measures (such as video monitoring) as well as preserving evidence in the event of criminal offences and their prevention.

Purposes in the context of your consent (Art. 6 Par. 1a GDPR)

Your personal data may be processed for specific purposes (such as the use of your e-mail address for marketing purposes) based on your consent. You can usually withdraw this consent at any time. This also applies to the withdrawal of declarations of consent that were granted to us before the validity of the GDPR, that is, before 25th May, 2018. You will be informed about the purposes and consequences of withdrawing or not granting your consent in the relevant text of the consent. As a general principle, withdrawing consent is effective for the future. Any processing of data that took place before consent was withdrawn is not affected by this and remains lawful.

Purposes for fulfilling legal requirements (Art. 6 Par. 1 c GDPR) or in the public interest (Art. 6 Par. 1 e GDPR)

Like every other player in the economy, we are subject to a number of legal obligations. These are primarily legal requirements (such as trade and tax legislation), as well as supervisory or other official regulations. The purposes of the processing operation include the fulfilment of fiscal monitoring and reporting obligations as well as archiving of data for purposes of data protection and data security and inspection by tax and other authorities. Furthermore, the disclosure of personal data may be required in the context of official/judicial measures for the purposes of evidence collection, prosecution or the enforcement of claims under civil law.

Scope of your obligations to provide us with data

You must provide only that data which is required for taking up and conducting a business relationship or for a pre-contractual relationship with us, or whose data we are legally obliged to collect. Without this data, we are not usually able to conclude or perform a contract with you. This may also refer to data that is required later on in the business relationship. If we request additional data from you, reference will be made to the voluntary nature of the information.

Existence of automated decision-making in individual cases (including profiling)

We do not employ any purely automated decision-making processes in accordance with Article 22 GDPR. However, if we were to employ such a process in future in individual cases, particular reference will be made to this fact if this is a legal requirement. We may process some of your data with the objective of analysing certain personal aspects (profiling).

We may use evaluation tools that enable us to provide you with tailored information and advice on products. These enable needs-based product design, communication and advertising including market and opinion research. Information pertaining to nationality as well as special categories of personal data in accordance with Art. 9 GDPR are not processed.

Consequences of not providing data

In the context of the business relationship, you must provide the personal data that is necessary to justify, perform and end the legal transaction, and to fulfil the contractual obligations associated with it, or that data which we are legally required to collect. We will not be able to conduct a legal transaction with you in the absence of this data.

Recipients of the data within the EU

Within our company, your data will be received by those internal departments or organisational units that require it to fulfil our contractual and statutory obligations or in the context of processing and implementing our legitimate interest.
The data will be forwarded to external parties only

  • In connection with order processing;
  • For purposes of fulfilling legal requirements according to which we are obligated to disclose, report or forward data, or if the dissemination of data lies in the public interest (see Section 2.4);

If external service companies process data on our behalf as processors or acquirers or functions (such as data centres, support/maintenance of IT applications, archiving, document processing, call centre services, compliance services, controlling, data validation or plausibility checks, data destruction, purchasing/procurement, customer administration, lettershops, marketing, media technology, research, risk controlling, billing, telephony, website management, audit services, financial institutions, printing companies or companies for data removal, courier services, logistics);

  • Due to our legitimate interest or the legitimate interest of the third party for the aforementioned purposes (such as in authorities, credit agencies, debt collection, lawyers, courts, valuers, subsidiaries and monitoring institutions and bodies);
  • If you have given us your consent to transmit it to third parties.

We will not forward your data to third parties beyond this. If we commission service providers as part of order processing, your data will be subject to the same security standards there as those that apply to us. In the other cases, the recipients may use the data only for the purposes for which the data was transmitted to them.

Data recipients outside of the EU

Data will be transmitted to bodies in countries outside of the European Union (EU) or the European Economic Area (EEA) (known as third countries) if this should be necessary to execute an order/contract by or with you, this is prescribed by law (such as fiscal reporting obligations), it lies within the context of our legitimate interest or that of a third party, or if you have given us your consent hereto.
Your data may also be processed in a third country in connection with the involvement of service providers as part of order processing.

If no decision exists from the EU Commission for the relevant country regarding an adequate level of data privacy protection there, we will ensure that your rights and freedoms are protected and guaranteed appropriately in accordance with the EU data protection guidelines by means of corresponding contracts. We will provide you with relevant detailed information at your request. Information about appropriate or adequate guarantees and the possibility of obtaining a copy from you can be requested from the operational Data Protection Officer.

Retention periods

We will process and store your data for the duration of our business relationship. This also includes the initiation of a contract (pre-contractual legal relationship) and the performance of a contract.

Furthermore, we are subject to various retention and documentation obligations that result from the German Commercial Code (HGB) and the German Revenue Code (AO). The retention or documentation periods specified therein amount up to ten years at the end of the calendar year beyond the end of the business relationship or the pre-contractual legal relationship.

Furthermore, special legal provisions may require a longer retention period such as the retention of evidence as part of statutory limitation periods. In accordance with Sections 195 ff. of the German Civil Code (BGB), although the regular limitation period is three years, limitation periods of up to 30 years may also be applicable.

If data is no longer required for fulfilling contractual or statutory obligations, it will be deleted on a regular basis, unless temporary further processing of the data is necessary to fulfil the purposes from a legitimate prevailing interest. Such an overriding legitimate interest also exists for example if deletion is not possible, or is possible only at a disproportionately high expense due to the special type of storage, and if processing of the data for other purposes is excluded by means of appropriate technical and organisational measures.

Your rights

You may assert your data protection rights over us under certain conditions.

  • You therefore have the right to obtain from us information relating to your data that we have stored in accordance with the regulations of Art. 15 GDPR (where necessary with restrictions in accordance with Section 34 Federal Data Protection Act).
  • At your request, we will correct the stored data relating to you in accordance with Art. 16 GDPR if it is inapplicable or incorrect.
  • If you wish, we will delete your data in accordance with the principles of Art. 17 GDPR, provided that this does not conflict with other statutory regulations (such as statutory retention obligations or restrictions in accordance with Section 35 GDPR) or a legitimate interest on our part.
  • In consideration of the prerequisites of Art. 18 GDPR, you may ask us to restrict the processing of your data.
  • Furthermore, you can object to the processing of your data in accordance with Art. 21 GDPR on the basis of which we must discontinue processing your data. This right of objection shall apply only where exceptional circumstances exist relating to your personal situation whereby our company’s rights may oppose your right of objection.
  • You also have the right to obtain your data according to the prerequisites of Art. 20 GDPR in a structured, common and machine-readable format or to transmit it to a third party.
  • Furthermore, you have the right to withdraw from us the consent that was granted to the processing of your personal data at any time with future effect (see section 2.3).
  • Furthermore, you are entitled to complain to a data protection supervisory authority (Art. 77 GDPR). However, we recommend that you always direct your complaint initially to our Data Protection Officer.
  • Your requests to exercise your rights should be addressed whenever possible in writing or via e-mail to the above-mentioned address or directly in writing or via e-mail to our Data Protection Officer.

Special reference to your right of objection in accordance with Art. 21 GDPR

You have the right to object at any time to the processing of your data which takes place on the basis of Art. 6 Par. 1 f GDPR (data processing based on a balancing of interests) or Art. 6 Par. 1 e GDPR (data processing in the public interest) if reasons for this exist that arise from your particular situation.

This also applies to profiling based on this provision within the meaning of Art. 4 No. 4 GDPR. If you submit an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate reasons for its processing that outweigh your interests, rights and freedoms, or if the processing serves to establish, exercise or defend legal claims.

Where necessary, we will also process your personal data for the purpose of direct advertising. If you do not wish to receive any advertising, you always have the right to object to this; this also applies to profiling insofar as it is connected to this direct advertising. We will note this objection for the future. We will no longer process your data for purposes of direct advertising if you object to the processing for these purposes.

You should submit your objection wherever possible to:

Odenwald Faserplattenwerk GmbH, Data Protection Officer, contact address as above datenschutz(at)owa(dot)de

You have the option of submitting a complaint to the above-mentioned Data Protection Officer or to a data protection supervisory authority.

The supervisory authority responsible for us is:

Bayerisches Landesamt für Datenschutzaufsicht
Promenade 27 (Schloss)
91522 Ansbach