Data Protection Declaration of OILES DEUTSCHLAND GmbH
I. General information on data protection
1. Data privacy
Thank you for your interest and for visiting our website. As the operator of this website, OILES DEUTSCHLAND GmbH takes protecting your personal data very seriously. We treat your personal data confidentially and in accordance with statutory data protection regulations.
This data protection declaration informs you about the type, scope and purposes for processing personal data (hereinafter referred to as "data") within our online provision and the functions and contents associated with it. With regard to the terms used, such as "personal data", "processing" or "data controller", we refer to the definitions in Art. 4 of the General Data Protection Regulation (GDPR).
OILES DEUTSCHLAND GmbH as the controller has implemented numerous technical and organisational measures to ensure that personal data processed via this website are protected as fully as possible. Nevertheless, we would like to point out that transferring data via the internet (e.g. communicating by e-mail) may be subject to security breaches. Complete protection of data against access by third parties can therefore not be guaranteed.
The controller in the spirit of the GDPR and other national data protection laws as well as other data protection regulations is the company:
OILES Deutschland GmbH
Schorbachstr.9 35510 Butzbach, Germany
3. Data protection officer
The controller’s data protection officer is:
Alkemade IT-Security e.K.
Egerländer Str. 9
Tel.: +49 6002 939593
II. General information on processing data
1. Scope of processing personal data
We only process the personal data of visitors to our website to the extent required to provide a functional website as well as our content and services.
2. Legal basis for processing personal data
In accordance with Art. 13 GDPR, we are informing you of the legal basis for processing data. Provided the legal basis is not mentioned in the data protection declaration, the following applies:
In so far as processing personal data is carried out on the basis of approval from the data subject, Article 6(1) lit. (a) GDPR serves as the legal foundation.
Article 6(1) lit. (b) GDPR serves as the legal foundation for processing personal data required for fulfilling a contract, for which the party to the contract is the data subject. This also applies to processing procedures that are required to carry out pre-contractual measures.
Insofar as processing personal data is required for fulfilling a legal obligation which the controller is subject to, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that vital essential interests of the data subject or another natural person require processing personal data, Article 6(1)(d) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of the controller or a third party, taking into account the fact that the interests, fundamental rights and fundamental freedoms of the data subject do not prevail, Article 6(1)(f) GDPR serves as the legal basis for processing.
3. Deleting Data and Storage Duration
The data subject’s personal data shall be deleted or processing it will be restricted as soon as the purpose for processing ends. Moreover, processing may also take place if European or national legislation has provided for this in EU regulations, laws or other provisions the controller is subject to. Processing or deleting data is also restricted in cases in which a storage period prescribed by the aforementioned standards expires, unless a requirement for continued storage of the data for concluding or fulfilling a contract exists.
III. Provision of the website and creation of log files
1. Description and scope of data processing
Every time you visit our website, our system automatically collects data and information from the computer system of the computer calling it up.
The following data (so-called server log files), which your browser automatically transmits to us, are collected at this time:
- Information about the browser type (version used, language settings, etc.)
- The operating system
- The user's IP address
- Date and time of access
- The website from which the user's system accesses our website (website, search engine or link, so-called referrer URL)
- The website accessed by the user's system via our website
- Status information (e.g. error messages)
- Volume of data transferred
Data is also stored in our system’s log files. This data is not stored together with other personal data of the user.
We reserve the right to subsequently check or have this data checked if we become aware of any concrete indications of illegal use.
2. Legal basis for data processing
The legal basis for temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
Temporary storage of the IP address by the system is required to enable access to the website. The user’s (visitor’s) IP address must remain stored for the duration of the session for this purpose. Storage in log files serves for optimizing out website and to guarantee the security of our information technology systems. No evaluation of data for marketing purposes is carried out in this context.
These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
Data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of collecting data for providing the website, this is the case once the respective session has ended.
If the data is stored in log files, it will be deleted after seven days at the latest. Longer storage is possible (e.g. for security reasons, such as clarifying abuse or fraud, storage for evidentiary purposes). In this case, the users’ IP addresses are deleted or alienated, so that assignment of the client dialling up is no longer possible.
5. Possibility for objection and elimination
Collecting data for providing the website and storing data in log files is absolutely necessary for operating the website. Consequently, there is no possibility on the part of the user to object.
1. Description and scope of data processing
The following data is stored and transmitted in the cookies:
- Language settings
- Log-in information
2. Purpose of data processing
The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without using cookies. To do this, it is necessary for the browser to be recognized again, even after a page change.
We need cookies for the following uses:
- Accepting language settings
- Remembering search terms
User data collected by technically necessary cookies are not used to create user profiles.
3. Legal basis for data processing
For these purposes, our legitimate interest also lies in processing personal data in accordance with Art. 6 para. 1 lit. f GDPR.
4. Duration of storage, possibility of objection and elimination
Transferring Flash cookies cannot be prevented via the browser settings, however this can be prevented by changing the Flash Player settings.
V. Contact form and e-mail contact
1. Description and scope of data processing
There is a contact form on our website for requesting information material, which can be used for getting in touch electronically. If a user takes advantage of this possibility, then the data entered in the input screen is transferred to us and stored. This data is:
- Given name and Surname
- E-mail address
- Company name
- Subject/content of the message
The following data were stored in addition at the time the message is sent:
- The user’s IP address
- Date and time of registration
Your consent is obtained for processing the data within the scope of the sending process and reference is made to this data protection declaration.
Alternatively, you can contact us via the e-mail address provided. In this case, the user's personal data transmitted in the e-mail will be stored.
Data will not be passed on to third parties in this context. Data are used exclusively for processing the conversation.
2. Legal basis for processing data
The legal basis for processing data is the use’s consent within the meaning of Art. 6 para. 1 lit. a GDPR.
In addition, the legal basis for processing data transmitted in the course of sending an e-mail is Art. 6 para. 1 letter f GDPR. If the e-mail contact is aimed at concluding a contract, then the additional legal basis for processing is Art. 6 exp. 1 lit. b GDPR.
3. Purpose of data processing
Processing personal data from the input screen serves solely only for processing the contact made. In the event of contact by e-mail, this also constitutes the legitimate interest in processing data required.
Other personal data processed during the sending process serve to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
Data will be deleted as soon as it is longer necessary to achieve the purpose for which it was collected. For personal data from the input screen, the contact form and those that were sent by e-mail, this is the case when the respective conversation with the user has been finished. The conversation is terminated when it can be inferred from the circumstances that the facts in question have finally been clarified.
Additional personal data collected during the transmission process will be deleted after a period of seven days at the latest.
5. Possibility for objection and elimination
The user has the possibility to revoke his consent for processing personal data at any time. If the user contacts us by e-mail, he can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
A statement to OILES DEUTSCHLAND GmbH regarding the revocation, modification, correction and updating of such data can be made in writing, by e-mail or via the enquiry form.
All personal data stored in the course of contacting us will be deleted in this case.
VI. Data protection during job applications and the application process
The controller only processes job applicants’ personal data for the purpose of developing the application process and in accordance with statutory legal requirements. Processing may also be carried out electronically. This is especially the case if an applicant sends the corresponding application documents to the controller electronically, for example by e-mail.
If the controller concludes an employment contract with an applicant, the data transferred will be stored for the purpose of developing the employment relationship under consideration of the statutory provisions. If the controller for data processing does not conclude an employment contract with the applicant, the application documents will be deleted automatically six months after notification of the reason for the refusal, provided no other legitimate interests of the controller for processing oppose the deletion, or the applicant's consent for continued processing exists. Another legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Act on Equal Treatment (AGG). Invoices for any possible reimbursement of travel expenses are archived in accordance with tax regulations.
By submitting the application to us, applicants agree to their data being processed for the purposes of the application procedure in accordance with the nature and scope set out in this data protection declaration.
Processing applicants’ data takes place in order to fulfil our (pre)contractual obligations in the context of the application process within the meaning of Art. 6 para. 1 letter b GDPR, processing the application addressed to the controller takes place on a voluntary basis for the applicant within the meaning of Art. 6 para. 1 letter a GDPR.
VII. Rights of the data subject
If your personal data are processed, you are the data subject within the spirit of the GDPR and you have the following rights vis-à-vis the controller:
1. Right to information
You can ask the controller for confirmation of whether personal data concerning you will be processed by us.
If such processing takes place, you can request information on the following from the controller:
- the purposes for which the personal data are processed;
- the categories of personal data processed;
- the recipients or categories of recipients to whom the personal data concerning you have been or are still being disclosed;
- the planned duration for storing personal data concerning you or, if specific information on this is not possible, criteria for determining the storage period;
- the existence of rights to have personal data concerning you corrected or deleted, rights to have processing by the controller restricted or a right to object to such processing;
- the existence of rights to appeal to a supervisory authority;
- any available information on the origin of the data if personal data are not collected from the data subject;
- the existence of automatic decision-making, including profiling in accordance with Article 22(1) and (4) GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended effects of such processing for the data subject.
You have the right to request information as to whether personal data concerning you is transferred to a third country or to an international organisation. In this context, you may request to be informed of suitable guarantees in accordance with Art. 46 GDPR connected with the transmission.
2. Rights to correction
You have rights to correction and/or completion vis-à-vis the data controller if the personal data processed concerning you are incorrect or incomplete. The controller must make the correction without delay.
3. Rights to restriction of processing
Under the following conditions, you may request that processing personal data concerning you be restricted:
- if you dispute the accuracy of the personal data regarding you for a period of time that enables the controller to verify the accuracy of the personal data;
- the processing is unlawful and you decline deletion of personal data and instead request the use of the personal data be restricted;
- the controller no longer needs the personal data for processing purposes, however you need them to assert, exercise or defend legal claims, or
- if you have lodged an objection to processing pursuant to Art. 21 para. 1 GDPR and it is not yet clear whether the controller’s legitimate reasons take precedence over your reasons.
If processing personal data concerning you has been restricted, such data may only be processed - apart from being stored - with your consent or for the purpose of asserting, exercising or defending legal rights or protecting the rights of another natural or legal person or on grounds of important public interest of the Union or of a Member State.
If the processing has been restricted according to the above conditions, you will be informed by the controller before the restriction is lifted.
4. Right to deletion
a) Deletion obligation
You may request the data controller deletes personal data concerning you without delay and the controller is obliged to delete this data without delay if one of the following reasons applies:
- Personal data concerning you are no longer required for the purposes for which they were collected or were otherwise processed.
- You revoke your consent, on which the processing was based pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, and there is no other legal basis for the processing.
- You submit an objection to processing pursuant to Art. 21 para. 1 GDPR and there are no overriding legitimate grounds for processing, or you file an objection to processing pursuant to Art. 21 para. 2 GDPR.
- The personal data concerning you have been processed unlawfully.
- Deleting personal data concerning you is required to fulfil a legal obligation under Union law or the law of the Member States to which the data controller is subject.
- The personal data concerning you were collected with reference to information society services offered pursuant to Art. 8 para. 1 GDPR.
b) Information to third parties
If the controller has made personal data concerning you public and is obliged to delete it pursuant to Art. 17 para. 1 GDPR, he shall take appropriate measures, also of a technical nature, under consideration of the technology available and the implement- ation costs, to inform data processors responsible who process the personal data that you as the data subject have requested the deletion of all links to this personal data or of copies or reproductions of this personal data.
The right to cancellation does not exist insofar as processing is required
- to exercise the right to freedom of expression and information;
- for fulfilling a legal obligation required for processing under Union or Member State law to which the controller is subject or for performing a task in the public interest or in exercising public authority conferred on the controller;
- on grounds of public interest in the field of public health in accordance with Article 9(2)(h) and (i) and Article 9(3) GDPR;
- for archiving purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 GDPR, insofar as the rights referred to in section a) are likely to render impossible or seriously impair achieving the objectives of such processing, or
- or for asserting, exercising or defending legal claims.
5. Rights to information
If you have exercised your right for the controller to correct, delete or limit the processing, he is obliged to inform all recipients to whom the personal data concerning you has been disclosed of this correction or deletion of data or restriction to processing, unless this proves impossible or is connected with disproportionate effort.
You have the rights to be informed of these recipients by the controller.
6. Right to data portability
You have the right to receive personal data concerning you that you have provided to the controller in a structured, customary and machine-readable format. Furthermore, you have the right to transfer this data to another data controller without obstruction by the controller to whom the personal data was provided, provided that
- processing is based on a consent pursuant to Art. 6 para. 1 lit. a GDPR or Art. 9 para. 2 lit. a GDPR or on a contract pursuant to Art. 6 para. 1 lit. b GDPR and
- processing is carried out using automated processes.
In exercising this right, you also have the right to request that personal data concerning you is transmitted directly by a controller, to another controller, insofar as this is technically feasible. The freedoms and rights of other persons must not be impaired by this. The right to portability does not apply to processing personal data required for performing tasks in the public interest or for exercising official authority conferred on the controller.
7. Right of objection
You have the right to object at any time, for reasons arising from your particular circumstances, to processing personal data concerning you on the basis of Article 6(1)(e) or (f) GDPR; this also applies to profiling based on these provisions.
The data controller must no longer process personal data concerning you, unless he can prove compelling reasons worthy of protection for processing, which override your interests, rights and freedoms, or his processing serves to assert, exercise or defend legal claims.
If personal data concerning you is processed for direct marketing purposes, you have the right to object at any time to personal data concerning you being processed for such advertising purposes; this also applies to profiling, insofar as it is associated with such direct marketing.
If you object to processing for direct marketing purposes, then personal data concerning you will no longer be processed for these purposes.
You have the possibility to exercise your rights of objection in connection with the use of information society services by means of an automated process using a technical process, notwithstanding Directive 2002/58/EC.
8. Right to revoke the data protection declaration of consent
You have the right to revoke your data protection declaration of consent at any time. The revocation of consent shall not affect the lawfulness of processing carried out on the basis of consent up until revocation.
9. Automated decisions in individual cases including profiling
You have the right not to be subject to a decision based exclusively on automated processing - including profiling - that has a legal effect against you or significantly impairs you in a similar manner. This shall not apply where the decision
- is required for concluding or fulfilling a contract between you and the controller,
- is admissible under Union or Member State law to which the controller is subject and where such law contains appropriate measures to safeguard your rights and freedoms and your legitimate interests or
- is taken with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 para. 1 GDPR, unless Art. 9 para. 2 lit. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
If the decision is not based on legal provisions, the controller takes appropriate measures in order to protect the rights and freedoms as well as your legitimate interests, which at least includes the right of a person to intervene on the part of the controller, to state his own position and to challenge the decision.
10. Right of appeal to a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right of appeal to a supervisory authority, in particular in the Member State where you reside, work or suspect an infringement occurred, if you believe that processing personal data concerning you is contrary to the GDPR.
The supervisory authority to which the complaint was submitted must inform the complainant of the status and results of the complaint, including the possibility of judicial remedy under Article 78 GDPR.
The supervisory authority responsible for the controller’s data protection is:
The Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Michael Ronellenfitsch
VIII. Data transfer and cooperation with third parties
1. Cooperation with contract processors and third parties
If we disclose data to other persons and companies (contract processors or third parties) within the scope of our processing, transfer it to them or otherwise grant them access to the data, this shall only take place on the basis of legal permission (e.g. if transferring data to third parties, such as to payment service providers pursuant to Art. 6 para. 1 lit. b GDPR is required for contract fulfilment), provided you have consented, a legal obligation requires this or on the basis of our legitimate interests (e.g. when using agents, web hosting services etc.).
If we commission contractors to process data, we do this on the basis of Art. 28 GDPR.
2. Transfers to third countries
Insofar as we process data in a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)) or if this takes place in the context of using third-party services or disclosure or transferring data to third parties, this only takes place if it is carried out in order to fulfil our (pre)contractual obligations, on the basis of your consent, on grounds of a legal obligation or on the basis of our legitimate interests. Subject to legal or contractual permissions, we only process data or allow data to be processed in a third country if the special requirements of Art. 44 ff. GDPR are present. This means, for example, processing is carried out on the basis of special guarantees, such as the officially recognised determination of a data protection level corresponding to the EU (e.g. for the USA by the "Privacy Shield") or compliance with officially recognised special contractual obligations (so-called "standard contractual clauses").
3. Integration of third-party services and content
We use content and service provisions from third parties within our online provision, on the basis of our legitimate interests (i.e. interest in the analysis, optimisation and economic operation of our online offering within the meaning of Art. 6 para. 1 lit. f. GDPR), in order to integrate their content and services, such as videos or fonts (hereinafter uniformly referred to as "contents").
This always presupposes that third party providers of these contents perceive the IP address of users, as they would not be able to send the contents to their browser without the IP address. In this way the IP address is required for displaying these contents. We endeavour to use only those contents whose respective providers only use the IP address to deliver the contents. Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. "Pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous pieces of information may also be stored in cookies on the user's device and amongst other things may include technical information on the browser and operating system, referring websites, visiting time as well as other information on the use of our online provision, as well as being linked to such pieces of information from other sources.
4. Web hosting
The hosting services we use serve to provide the following services: infrastructure and platform services, computer capacity, storage space and database services, security services as well as technical maintenance services that we use for the purpose of operating this online provision.
In this way we or our hosting provider process customers’, interested parties’, and visitors to this online offering’s inventory data, contact data, content data, contract data, usage data, meta and communication data, on the basis of our legitimate interests in an efficient and secure provision of this online provision according to art. 6 par. 1 lit. f GDPR in connection with. Art. 28 GDPR (concluding a contract for order processing).
5. Data protection for third party websites
IX. Services from Google and Microsoft
IX. 1. Google Maps
We integrate maps from the "Google Maps" services of the provider Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, in order to display geographical information visually. When using Google Maps, Google also processes data about the use of the Maps functions by visitors to their websites. Google may possibly transfer the information obtained through Maps to third parties if this is required by law or provided third parties process this data on behalf of Google. Google will not associate your IP address with any other data held by Google under any circumstances. Nevertheless, it would be technically possible for Google to identify at least individual users on the basis of the data obtained. It would be possible for personal data and personal profiles of users of the Google website to be processed for other purposes, over which we have and cannot have any influence. Further information on data processing by Google can be inspected at https://www.google.com/policies/privacy/, Opt-Out: https://adssettings.google.com/authenticated. Google's "Privacy Center" allows users to change their individual settings so that their own data can be managed and protected (https://support.google.com/accounts/answer/3024190).
By using this website, you consent to the collection, processing and use of data collected automatically by Google Inc., their representatives and third parties.
X. Use of social media plug-ins
X. 1. LinkedIn
Every single time our website equipped with a LinkedIn component (LinkedIn plug-in) is called up, this component causes the browser used by the data subject to download a corresponding representation of the LinkedIn component. More information on LinkedIn plug-ins is available at https://developer.linkedin.com/plugins. In the course of this technical process, LinkedIn is informed which specific subpage of our website is visited by the data subject.
Provided the data subject is simultaneously logged in to LinkedIn, every time the data subject visits our website and for the entire duration of the respective visit to our website, LinkedIn detects which specific subpage of our website the person concerned visits. These pieces of information are collected by the LinkedIn component and assigned by LinkedIn to the respective LinkedIn account of the data subject. If the data subject clicks on a LinkedIn button integrated in our website, LinkedIn assigns this information to the personal LinkedIn user account of the data subject and stores these personal data.
LinkedIn receives information via the LinkedIn component that the data subject has visited our website whenever the person concerned is logged in to LinkedIn at the same time as accessing our website; this happens regardless of whether the data subject clicks on the LinkedIn component or not. If such a transfer of these pieces of information to LinkedIn is not desired by the data subject, he can prevent the transfer by logging out of his LinkedIn account before calling up our website.
LinkedIn offers the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads as well as to manage advertisement settings at https://www.linkedin.com/psettings/guest-controls. LinkedIn also uses partners such as Quantcast, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua and Lotame who can set cookies. Such cookies can be declined at https://www.linkedin.com/legal/cookie-policy.
LinkedIn's current data protection regulations are available for downloading at https://www.linkedin.com/legal/privacy-policy.
X. 2. Legal basis for processing personal data with social media plug-ins
The legal basis for processing data following the user's consent is Art. 6 para. 1 lit. a GDPR, otherwise processing takes place in accordance with Art. 6 para. 1 lit. f GDPR.
X. 3. Purpose of data processing
Processing personal data from social media plug-ins serves as a connection for us between our website and social networks such as Facebook, Twitter and Google Plus (developing social marketing channels) and the resultant generation of new visitors to the website. In case of a use of social media plugins, this also provides the required legitimate interest for processing data.
X. 4. Duration of storage
The data will be deleted as soon as they are no longer required by us for our record-keeping purposes.
X. 5. Possibility of objection and elimination
You have the right to object at any time to processing of your personal data in accordance with Article 6(1)(a) GDPR, for reasons arising from your particular situation.
Further information on protecting data for the individual providers can be found in the respective data protection declaration. Please follow the respective links under the provider names above.
XI. SSL encoding
This site uses SSL encryption for security reasons and to protect the transfer of confidential contents, such as requests you send to us as the operator of the site. You can recognize an encrypted connection by the fact that the address line of the browser changes from „http://“ to „https://“ and by the padlock symbol in your browser line.
If SSL encryption is activated, the data you transmit to us cannot be read by third parties.
XII. Other Information
1. Personal data of children and young people
Persons under the age of 14 should not send us any personal data without the consent of their responsible adults or legal guardians. We do not request any personal data from children or young people, we do not collect them and we do not pass them on to third parties unless we have explicit consent to do so. If the user of our website has not yet reached the age of 16 and the legal basis for processing takes place based on consent, this must be granted by the user's responsible adult or legal guardian or with his consent.
2. Objecting to advertising mails
We herewith object to the use of contact data published within the scope of the imprint obligation to send unsolicited advertising and information materials. The operators of these pages expressly reserve the right to take legal action in the event of unsolicited advertising information, such as spam e-mails.
3. Changes to our data protection regulations
We are changing our security and data protection measures provided the technical and legal developments require this, and adapting our data protection guidelines accordingly. Therefor please observe the current version in case.
Status of the data protection declaration: 25 May 2018