OBO India
/
Tools & Services
/
/
Data protection declaration myOBO

Data protection declaration myOBO app

A. General data processing conditions for our “myOBO” app

1. Object of this data protection declaration

We, OBO Bettermann Holding GmbH & Co. KG (hereinafter referred to as OBO), are pleased that you are interested in our “myOBO” app (hereinafter also only referred to as “app”).

For us, the protection of personal data is a major and important issue. In the following text, we wish to provide you with comprehensive information as to the data that is collected during the use of the “myOBO” app and the use of the offers provided there, and how we then subsequently process or use it. In addition, we would like to inform you about which accompanying protection measures we have taken in a technical and organisational regard.
 
The processing of personal data, such as the name, address, e-mail address or telephone number of an affected person, will always occur in accordance with the valid data protection regulations. Through this data protection declaration, we wish to inform you about the type, scope and purpose of the personal data we collect, use and process, and provide you with information, should it be relevant to data protection.

Although, as the party responsible for the processing of personal data, we have implemented countless technical and organisational measures, Internet-based data transmission can always present security flaws, meaning that absolute protection cannot be guaranteed. We would ask that you take this into account when using our app.
 

2. Definitions

This data protection declaration uses terms specified by lawmakers in the General Data Protection Regulations (hereinafter known as the GDPR). You can view the GDPR at the following link:
https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
The aim of our data protection declaration is to provide you with simple and comprehensible information regarding the processing of your personal data in the “myOBO” app.
 

3. Name and address of the party responsible for processing

The responsible party in the sense of data protection law is:

OBO Bettermann Holding GmbH & Co. KG
Hüingser Ring 52
58710 Menden, Germany

Telephone: +49 (0)2373 89-0
Fax: +49 (0)2373 89-238
E-mail: info(at)obo.de
 

4. Contact data of the data protection officer

OBO Bettermann Holding GmbH & Co. KG
- Data Protection Officer -
Hüingser Ring 52
58710 Menden, Germany

Tel.: +49 (0)2373 89-1351
E-mail: datenschutz(at)obo.de
 

5. Deletion and blocking of personal data/storage period

Should nothing to the contrary be regulated for the processing of the personal data in Chapter B of this data protection declaration, then the data we have saved is deleted when storage is no longer required and no statutory storage obligations contradict the deletion. If the data of the affected person is not deleted because it is required for other legally permitted purposes, its processing will be restricted. This means that the data will be blocked and not used for other purposes. This applies, for example, to data of the affected person that must be stored for commercial and taxation law reasons.
 

6. Rights of the affected person

6.1. Right to confirmation

Each affected person shall have the right to demand a confirmation from the party responsible for processing as to whether their personal data is being processed. Should an affected person make use of this right of confirmation, they may then contact us or our Data Protection Officer at any time.

6.2. Right to be informed

Any person affected by the processing of personal data shall have the right to obtain information, free of charge, from us regarding the personal data saved by us, as well as a copy of this information. In addition, the affected person shall be able to obtain information about the following:

  • The processing purposes.
  • The categories of personal data being processed.
  • The recipients or categories of recipients for whom personal data has been or is being published, in particular with recipients in third countries or with international organisations.
  • If possible, the planned period for which the personal data is saved or – if this is not possible – the criteria for specifying this period.
  • The existence of a right to correction or deletion of the personal data affecting them or to limitation of processing by the responsible party or a right of revocation against this processing.
  • The existence of a right to complain to a supervisory authority.
  • If the personal data is not collected from the affected person: about all the available information on the original of the data;
  • about the existence of automatic decision-making, including profiling, in accordance with Art. 22, Para. 1 and 4 of the GDPR, and – at least in these cases – comprehensive information about the logic involved, as well as the scope and intended effects of such processing on the affected person.

In addition, the affected person shall have a right to information as to whether personal data was transmitted to a third country or an international organisation. If this is the case, then the affected person shall also have the right to obtain information on the suitable guarantees in conjunction with the transmission.
Should an affected person make use of this right to information, they may then contact us or our Data Protection Officer at any time.

6.3 Right to correction

Any person affected by the processing of personal data shall have the right to demand immediate correction of incorrect personal data affecting them. In addition, the affected person shall have the right, subject to the purposes of the processing, to completion of incomplete personal data through a supplementary declaration.

Should an affected person make use of this right to correction, they may then contact us or our Data Protection Officer at any time.

6.4 Right to erasure

Each person affected by the processing of personal data shall have the right to demand that the responsible party delete personal data affecting them immediately, should one of the following reasons be applicable and processing not be required:

  • The personal data was only collected for such purposes or was processed in such a way for which it is no longer required.
  • The affected person shall revoke their permission, upon which the processing was based, in accordance with Art. 6 Para. 1 a of the GDPR or Art. 9 Para. 2 a of the GDPR, and there is no other legal basis for processing.
  • The affected person objects to the processing according to Art. 21 Para. 1 of the GDPR and there are no superior authorised reasons for processing, or the affected person objects to processing according to Art. 21 Para. 2 of the GDPR.
  • The personal data was processed illegally.
  • The deletion of the personal data is required to fulfil a legal obligation according to the law of the European Union or the member states, to which the responsible party is subject.
  • The personal data was collected with reference to the services supplied by the IT company, according to Art. 8 Para. 1 of the GDPR.

Should one of the above cases be applicable and an affected person wish to instigate the deletion of personal data saved at OBO, they may then contact our Data Protection Officer or another employee at any time. We will then ensure that the deletion demand is met immediately.

6.5 Right to restriction of processing

Each person affected by the processing of personal data shall have the right to demand that the responsible party restrict processing, should one of the following preconditions be applicable:

  • The affected person asserts the incorrectness of the personal data for a period allowing the responsible party to check the correctness of the personal data.
  • The processing is improper, the affected person refuses the deletion of the personal data and, instead, demands the limitation of the use of the personal data.
  • The responsible party no longer requires the personal data for the purposes of processing, although the affected person requires them to make, assert or defend legal claims.
  • The affected person has objected to processing according to Art. 21 Para. 1 of the GDPR and it is not yet clear whether the legal rights of the responsible party outweigh those of the affected person.

Should one of the above cases occur and an affected person wish to demand the limitation of personal data saved at OBO, they may then contact us or our Data Protection Officer at any time. We will then limit processing.

6.6 Right to data portability

Each person affected by the processing of personal data shall have the right to demand to obtain the personal data provided to the responsible party by the affected person in a structured, standard and machine-readable format. The affected person shall also have the right to transfer this data to another responsible person, without hindrance by the existing responsible person to whom the personal data was made available, providing that the processing is based on the authorisation according to Art. 6 Para. 1 a of the GDPR or Art. 9 Para. 2 a of the GDPR or on a contract according to Art. 6 Para. 1 b of the GDPR, and processing is carried out using automated methods.

In addition, the affected person shall have the right, when exerting their right to data transfer according to Art. 20 Para. 1 of the GDPR, to have the personal data transmitted directly by a responsible person to another responsible person, insofar as this is technically feasible and does not impede the rights and freedoms of other people.

To exert their right to data transfer, the affected person can contact us or our Data Protection Officer at any time.

6.7 Right to object

Any person affected by the processing of personal data shall have the right, for reasons resulting from their particular situation, to object to the personal data affecting them, which was collected according to Art. 6 Para. 1 e or f of the GDPR. This shall also apply to profiling based on these conditions.

In the case of an objection, OBO will cease to process the personal data unless we can prove essential, legitimate reasons for processing, which are superior to the interests, rights and freedoms of the affected person, or the processing serves to make, exert or defend legal claims.

If OBO processes personal data in order to perform direct marketing, then the affected person has the right, at any time, to object to the processing of personal data for the purposes of such advertising. This also applies to profiling, insofar as it is connected to such direct marketing. Should the affected person make their objection known to us regarding processing for the purposes of direct marketing, then we will no longer process the personal data for these purposes.

In addition, the affected person shall have the right, for reasons resulting from their particular situation, to object to the processing affecting their personal data, carried out by us for the purpose of scientific or historical research or statistics according to Art. 89 Para. 1 of the GDPR, unless such processing is required to fulfil a task in the public interest.

The affected person can contact us directly to exert their right to object. In addition, the affected person is also able, in connection with the use of the services of the information society, irrespective of the Directive 2002/58/EC, to exert their right to object via automated methods in which technical specifications are used.

6.8 Automated individual decision-making, including profiling

Each person affected by the processing of personal data has the right, as declared by the European Directive and Ordinance authority, not to be subjected to a decision made solely by an automated procedure ‒ including possible profiling ‒ which has a legal impact on them or which impedes them in a similar manner, should the decision

  • not be required to complete or fulfil a contract between the affected person and the responsible party or
  • be permitted due to legal requirements of the European Union or member states to which the responsible party is subject, and these legal requirements contain reasonable measures to protect the rights, freedoms and valid interests of the affected person or
  • occur with the express authorisation of the affected person.

If the decision

  • is required to complete or fulfil a contract between the affected person and the responsible party or
  • takes place with the express permission of the affected person, OBO will take appropriate measures to protect the rights and freedoms and the valid interests of the affected person, which includes at least the right to obtain intervention by a person belonging to the responsible party, to presentation of one’s own opinion and to a challenge to the decision.

Should an affected person wish to exert their rights with regards to the automated decision-making, then they can contact us or our Data Protection Officer at any time.

6.9 Right to revoke consent under data protection law

Any person affected by the processing of personal data shall have the right to revoke an authorisation to process personal data affecting them at any time.

Should the affected person wish to exert their right to revoke an authorisation, then they can contact us or our Data Protection Officer at any time.

Each affected person can contact us directly and at any time with regard to any questions and suggestions about data protection.

6.10 Right to lodge a complaint with a data protection supervisory authority

Any person affected by the processing of personal data shall have the right to complain to a data protection supervisory authority about our processing of their personal data. The responsible supervisory authority shall be: Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen, Kavalleriestr. 2–4,40213 Düsseldorf, Germany, telephone: +49 (0)211 38424-0, fax: +49 (0)211 38424-10, e-mail: poststelle@ldi.nrw.de.
 

7. Lawful basis for processing personal data

If the description of the appropriate data processing procedure in Chapter B of this data protection declaration does not state otherwise, then the following regulations shall apply.

Art. 6 I lit. a of the GDPR serves as OBO’s legal basis for processing operations, for which permission must be obtained for a specific processing purpose. If the processing of personal data is required to fulfil a contract, whose contractual party is the affected person, by us or one of our subsidiary companies – to whose services and/or products the enquiry relates, then processing shall be based on Art. 6 I lit. b of the GDPR. The same applies to processing procedures required to carry out pre-contractual measures, such as enquiries about our services and products.

Should OBO be subject to a legal obligation, for which the processing of personal data is required, then the processing shall be based on Art. 6 I lit. c of the GDPR. In rare cases, the processing of personal data may be required to protect essential interests of the affected person or another natural person. In this case, processing shall be based on Art. 6 I lit. d of the GDPR.

Finally, processing operations could be based on Art. 6 I lit. f of the GDPR. This forms the legal basis of processing operations not included in any of the above legal basis if the processing is required to protect a valid interest of OBO or a third party, provided that the interests, basic rights and basic freedoms of the affected person do not outweigh this. We are especially permitted to carry out such processing operations because they are expressly mentioned in European law (cf. Recital 47 Clause 2 of the GDPR).
 

8. Consideration of legitimate interests

If, in the description of the appropriate data processing operation in Chapter B of this data protection declaration, there are no other stipulations and the processing of personal data is based on Art. 6 I lit. f of the GDPR, then our valid interest lies in the execution of our business activity and the connected economic interest.
 

9. Data storage

We delete or anonymise your personal data as soon as it is no longer required for the purpose for which we collected or used it in the points described in Section B of the following chapter. Should it not otherwise be regulated, we save your personal data for the length of the use or contractual relationship relating to the app, plus a period of 7 days, during which we keep backup copies after deletion, provided that this data is no longer required for criminal proceedings or to ensure, assert or enforce legal claims. Specific data in this data protection declaration or legal specifications on the storage and deletion of personal data, particularly that which we must keep for reasons of taxation, are unaffected.

B. General data processing conditions when using the “myOBO” app

1. Information on the processing of your personal data when using the app

Registration is not essential for the use of our “myOBO” app. However, in this case, only limited functions will then be available (such as the electronic catalogue only in the online version). If you register and thus complete an appropriate use agreement with us, then additional useful functions of the app are available to you; refer to B 1.5 of the function description below for more information. However, specific data is already processed automatically as soon as you use the app as an unregistered user. The following is a list of the personal data that is processed:

1.1 Information collected on downloading the app

When the app is downloaded, specific required information is transmitted to the app store you use (e.g. Google Play or Apple App Store), in particular the username, the e-mail address, the customer number of your account, the time of the download, payment information and the individual device code. The processing of this data is only carried out by the appropriate app store and is outside our sphere of influence.

1.2 Information collected automatically on opening

When you use the app, we collect specific data automatically. This includes the data collection by the following services:

1.2.1 Google Firebase Crashlytics

We use Google Firebase Crashlytics in our app to analyse and eliminate errors. This is a service from Google Ireland Limited, Gordon House, 44–47 Barrow Street Dublin 4 D, Ireland, a subsidiary company of the US company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter jointly referred to as “Google”),

The reporting produced here is used to stabilise and improve our app. Here, Google collects information on the device used and the use of the app (e.g. the timestamp of when the app was started and when the crash occurred). This makes it possible for us to diagnose and eliminate problems. These purposes concern our authorised interest in data processing. The legal basis for the use of Google Firebase Crashlytics is therefore Art. 6 Para. 1 lit. f) of the GDPR.

The data is saved in anonymous form. This personal data is not combined with your other profile information. You can find the period of storage of data collected in this way in the data protection conditions of the provider at https://firebase.google.com/support/privacy/

Please note that the technologies required for the service are saved as soon as our app is opened and cannot be deselected. In turn, the use of specific technologies is required for the functionality of the permission management service. You can find additional information on Google Firebase Crashlytics at https://firebase.google.com

1.2.2 Google (Firebase) Analytics (with “IP anonymisation”)

On account of your express permission, we use the Google (Firebase) Analytics analysis service for app analysis/tracking, in order to analyse the use of our app and thus improve it further. The anonymised user statistics (e.g. number and origin of the app users) help us to optimise our app and make it more interesting.

Google (Firebase) Analytics is an analytics service of Google Ireland Limited, Gordon House, Barrow Street Dublin 4 D, Ireland, a subsidiary company of the US company Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (hereinafter also referred to as “Google”), with the extension of “IP anonymisation”. A technical explanation of this function can be found at the following URL: https://support.google.com/analytics/answer/2763052?hl=en

For the use of this service, we have completed an order processing contract with Google according to Art. 28 of the GDPR, whereby Google will process the recorded data (data on your terminal or your web browser, IP addresses and your app activities) at our behest, in order to evaluate your use of the app for us, to compile reports on app activities and to provide additional services for us connected with the user of the app and the Internet use. You can obtain additional information this at https://privacy.google.com/businesses/processorterms/

The data recorded in the scope of Google (Firebase) Analytics can be stored and processed in the USA or in any other country in which Google or subcontractors of Google maintain facilities. The IP masking method we use means that, before transmission to a Google server in the USA and storage there, the IP address is shortened whilst still in the EU member states or in other EEA states, meaning that no complete IP address is transmitted, preventing the identification of a person or making it considerably more difficult. Only in exceptional cases is the complete, i.e. unshortened, IP address transmitted to a Google server in the USA and only then shortened. The data is stored for 14 months on account of the storage duration agreed between us and Google.

For data transmission to a third country, i.e. a country outside the EU or the EEA, appropriate guarantees are always required for the protection of your personal data. After the European Court of Justice declared that EU decision 2016/1250 of the European Commission of 12 July 2016 on the appropriateness of the protection offered by the EU-US Privacy Shield to be invalid, the EU-US Privacy Shield can no longer serve as a guarantee for a suitable level of protection in the USA according to EU standards. This means that there is currently no level of data protection in the USA that equates to that in the EU in the sense of Art. 45 of the GDPR and we also cannot provide any suitable guarantees according to Art. 46 of the GDPR, in order to compensate for this deficit. This means that data transmission to the USA is only permitted with your express permission, in accordance with Art. 49 Para. 1 lit. a of the GDPR. Possible risks of this data transmission include that access by offices of state, such as security and/or intelligence agencies, cannot be ruled out and that your data will be processed by them, without you being specifically informed of this and without any legal recourse being available to you, for reasons of national security, law enforcement or other purposes in the public interest in the USA.

You can view additional data use information in the overview of data use in Google (Firebase) Analytics: https://support.google.com/analytics/answer/6004245?hl=n

You can find the data protection declaration at: https://policies.google.com/privacy?hl=en

If you wish to deactivate Google (Firebase) Analytics, then, at the address https://tools.google.com/dlpage/gaoptout?hl=en, you can download and install the “Browser Add-on to Deactivate Google Analytics”. This option only prevents a web analysis for as long as you use the app upon which you have installed the add-on.

1.3 Creation of a user account and registration

When you create a user account or register, we use your access data (e-mail address and password) to provide you with access to your user account to manage it. To complete the use agreement completed with you, we require additional mandatory details, which are indicated specially in the context of registration and which are required for the completion of the use agreement. We use the mandatory details to authenticate you during login and to follow up requests to reset your password. The data entered by you during registration or logging in is processed and used by us, (1) to verify your authorisation to manage the user account; (2) to implement the terms of use of the app and all the rights and obligations connected with it and (3) to make contact with you to send you technical or legal information, updates, security messages or other messages affecting the management of your user account. In addition, to complete the registration, we require your permission to make contact with you, in accordance with the following Point 1.4. Only when you provide express permission are we able to provide you with access to all the functions of the app.

If you do not specify this data, you will not be able to create a user account and thus use all the functions of the app. This concerns the following mandatory details:

  • Salutation
  • Forename
  • Last name
  • Login data (e-mail address and password)
  • Company name
  • Number, street
  • Postcode
  • Town
  • Country
  • Main area of company activity
  • Function in the company

The following entries are optional:

  • Department
  • Telephone no.

The processing of this data is justified by the fact that (1) the processing is required for the fulfilment of the contract between you as the affected party and us in accordance with Art. 6 Para. 1 lit. b) of the GDPR for the use of the app, or (2) we have a reasonable interest in guaranteeing the functionality and error-free operation of the app, which, in this case, is greater than your rights and interests in the protection of your personal data in the sense of Art. 6 Para. 1 lit. f) of the GDPR.

1.4 Permission to use the registration data for OBO to make contact

Irrespective of the processing of data for the purposes named in B. 1.3, we will, on account of the permission obtained from you during registration, use it to make contact, in order to assist and contact you with regard to the functions used via the app and the projects you create. You therefore expressly permit that we may use the e-mail address given by you for the initial contact with you, in order to inform you about the functions of the app and to assist you with regard to the projects saved by you. Should you have, in addition to the mandatory statement of your e-mail address, also optionally provided your telephone number, then we shall also be permitted to contact you by telephone. The legal basis for this is provided by the permission expressly provided by you according to Art. 6 Para. 1 lit. a of the GDPR. You can revoke this at any time by informing us via e-mail or by post to the contact data provided in the imprint. After successful registration according to our terms or use, the advanced functions of the app are available to you.

1.5 Advanced functions of the “myOBO” app for registered users

If you register and thus complete an appropriate use agreement with us, then additional useful functions of the app are available to you.

These are:

  • Offline availability of the electronic catalogue
  • Create projects
  • Create product data/shopping basket
  • Transfer of the product data/shopping basket to a wholesaler of your choice via ELBRIDGE
  • Callback function

With these advanced functions, you can also create data, which we save in your personalised area. The personal data you specify during registration is saved on a server in the European Union for the duration of your registration.

You have the ability to have your saved data deleted at any time. However, in this case, the functions connected to registration will no longer be available to you. 

You can find additional information on the individual functions below:

1.5.1 Creation of a shopping basket

The data of the shopping basket is saved to make it available to you for additional functions. You can delete the data at any time using the app. The data of the shopping basket is saved in a personalised area. It is only possible to access this area by logging in with a username and password.

1.5.2 “Transmit product data/shopping basket”

If you wish to transmit the data of the shopping basket to a wholesaler of your choice, then you can do this using the “Transmit shopping basket” button. You are then forwarded to an external website of ETIM Deutschland e.V. to forward the product data via the ELBRIDGE interface https://interface.elbridge.etim-deutschland.de/ .
No personal data is forwarded. Please note that ETIM Deutschland e.V. is responsible for data protection on the website. You can find data protection information at https://etim.de/datenschutzerklaerung/

1.5.3 Creating a CSV file with the data from the shopping basket

If you wish to send the data of the shopping basket, e.g. via e-mail, then you can create a CSV file from the data of the shopping basket. In this case, we require the CSV file to make the data available to you to send it via e-mail. The legal basis for forwarding the data is Art. 6 Para. 1 lit. a of the GDPR, as you initiate the forwarding via the app yourself.  The Excel file is deleted automatically after 7 days.

The CSV file is saved in a personalised area. It is only possible to access this file using a generated link.

1.5.4 Saving of project data

If you have registered, then you have the option of creating a project and storing construction data and notes or a shopping basket there. The app automatically enters the creation data in the “Project title” field. You can delete the data yourself at any time using the app.

1.5.5 Callback function

Registration is required for the function and the function is only available when logged in. The precondition for the function is the specification of your telephone number.  In addition, you can also provide details of the time of the desired callback. We require the data to offer you the best possible callback service.  If you provide permission for further callbacks when saving the data, then we will save your data to make it available the next time this function is opened. If you do not want your data to be saved, then it is deleted after the callback request is sent.

You can revoke the permission to save the callback data at any time by removing the check mark by the permission in the app. The data is then deleted.  The legal basis for processing the data is Art. 6 Para. 1 lit. a of the GDPR.
 

2. Other functions for registered and unregistered users

2.1 Contact form

(1) During the voluntary use of our contact forms, you will be requested to provide your first name and surname, along with your e-mail address and enquiry text, whereby this data is marked as mandatory.  Should you not have registered, then, before sending the request, we would ask that you permit the saving and use of your data to respond to your enquiry and to forward the data to OBO Bettermann Vertrieb Deutschland GmbH & Co. KG.

(2) When you send your enquiry, we save the IP address you have used and the login time. The purpose of this procedure is to prove your enquiry and, if necessary, to trace any abuse of your personal data.

(3) The data processing is used to answer to the enquiry you initiated and thus the (pre-)contractual purposes in the sense of Art. 6 Para. 2 lit. b of the GDPR. In addition, data processing takes place according to a reasonable interest according to Art. 6 Para. 1 lit. f of the GDPR in the response to your enquiry regarding our services and/or offers and the proof of possible abuse of the e-mail provided for this purpose. Insofar as a distinction is made between mandatory details and voluntary details, then only that data shall be polled as mandatory details in the sense of Art. 5 Para. 1 lit. c, Art. 25 of the GDPR, as is normally transmitted via other modes of enquiry – e.g. via the e-mail signature of the enquirer.

(4) We will erase the data you have provided as soon as its storage is no longer required for the aforementioned purposes. If you have revoked your permission for data permission, which is possible at any time with effect to the future, but which leaves the permission of the data processing up to the time of the revocation, and/or exerts a revocation against the data processing as an authorised interest (Art. 6 Para. 1 lit. f of the GDPR), then we shall delete the data immediately. This only does not apply if another legal reason (e.g. that of pre- and post-contractual fulfilment from Art. 6 Para. 1 lit. b of the GDPR) justifies further processing or statutory storage obligations stand in the way of immediate deletion (Art. 6 Para. 1 lit. c of the GDPR).

(5) The recipients of the data processed according to these regulations are IT service providers (particularly hosters), with whom we have completed appropriate order processing agreements according to Art. 28 of the GDPR, and possibly subsidiaries whose services and/or products are referred to in your enquiry. If these subsidiary companies are in a third country, then we shall only forward your data if they have completed EU standard contractual clauses with us. The legal basis for the forwarding is our authorised interest in the optimum response to your enquiry according to Art. 6. Para. 1 lit. f of the GDPR, in conjunction with recital 48 of the GDPR.

2.2. Request of the OBO Newsletter

(1) With your authorisation, and subject to stating your e-mail address, you will be able to subscribe to our newsletter, through which we will inform you of our current interesting offers. The publicised goods and services are named in the declaration of authorisation. Only your e-mail address is mandatory for subscription to the newsletter.

(2) We use the so-called double opt-in method for subscription to our newsletter. This means that, after you have registered, we will send an e-mail to the stated e-mail address, in which we ask for your confirmation that you wish to subscribe to the newsletter. If you do not confirm your subscription within 72 hours, then your information will be blocked and deleted automatically after one month. In addition, we save the IP address you have used and the times of registration and confirmation. The purpose of this procedure is to be able to verify your registration and, if necessary, to clarify possible abuse of your personal data. After you confirm your ordering of the newsletter, we will save the data you have provided in accordance with Para. 2 for the purpose of sending the newsletter and identify possible misuse of your e-mail address according to Para. 2.

(3) The legal basis for the processing of your personal data is the permission you expressly issued according to Art. 6. Para. 1 lit. a of the GDPR and, with regard to the data processed according to Para. 2, our authorised interest according to Art. 6 Para. 1 lit. f of the GDPR in the proof of possible abuse of the e-mail address used.

(4) You can revoke your authorisation for sending the newsletter at any time and unsubscribe from the newsletter. You can express your desire to revoke by clicking the link available in any e-mail newsletter, via an e-mail to info@obo.de or via the app.

(5) To send the newsletter, your e-mail address will only be saved for the length of the desired subscription. We will delete the other data saved according to Para. 1 after a maximum period of one month after your unsubscription.

(6) The recipients of the data processed according to these regulations are IT service providers (particularly hosters), with whom we have completed appropriate order processing agreements according to Art. 28 of the GDPR.

2.3 Call function

Registration is not essential for this function. When the call function is used, a telephone connection to OBO is set up. Connection data of the outgoing call is saved on your mobile telephone. OBO has no access to this.
 

3. Data processing when leaving the app for the OBO website

When opening some content within the app, you will be forwarded to the OBO website under the URL www.obo.de. In this case, the banner of the Consent Tool from Usercentrics appears for the cookies used on the website. You can find individual details in the Consent Tool and, with regard to data processing, on the website of the data protection declaration under the URL www.obo.de/datenschutzerklaerung/