Valid from 17.12.2020
Personal data is all data with which you can be personally identified. Your personal data may be processed for various purposes. Essentially, OPEN MIND Technologies AG (hereinafter also referred to as "OPEN MIND" or "We") can divide the data processing operations into the following areas of application:
- For the purpose of processing or initiating contracts, we process the necessary data of our customers and interested parties. You will find more information on this under Part C.
- Our business partners' and suppliers' data are used exclusively for the direct placing, processing and execution of orders. You will find more information on this under Part C.
Please visit each section for quick and contextual information on specific processing situations.
General information on data protection, data processing procedures and data subject rights, which applies to all data processing procedures carried out for us, can be found in Part A below.
A. General information on data protection and data subject rights
I. Who is responsible for data processing and who can you contact if you have any questions?
“Controller” according to the GDPR and other national data protection laws of the member states as well as other provisions of data protection law are:
OPEN MIND Technologies AG
Representation by the Executive Board
Argelsrieder Feld 5
Tel.: +49 8153 933-500
Fax: +49 8153 933-501
Our appointed data protection officer can be contacted at:
Rechtsanwalt Richard Metz
Lohmanns Lankes & Partner PartGmbB
Rechtsanwälte und Patentanwalt
Tel: 089 / 552 75 500
II. What rights do you have with regard to your personal data?
If your personal data is processed, you are the "data subject" as defined by the GDPR, which means that you may be entitled to the rights described below. If you assert any rights against OPEN MIND as the responsible party, we recommend that you direct them to the following address:
OPEN MIND Technologies AG
Argelsrieder Feld 5
1. Right of access
In accordance with Art. 15 GDPR, you can request confirmation from us as to whether personal data relating to you is being processed by us and to what extent we are processing your data.
2. Right to rectification
If personal data concerning you is incorrect or incomplete, you have a right to correction and/or completion pursuant to Art. 16 GDPR.
3. Right to erasure
If the legal requirements of Art. 17 GDPR are met, you can demand that we erase your data if we process it unlawfully or if the processing disproportionately interferes with your legitimate protection interests. Please note that there may be reasons that prevent an immediate erasure, e.g. in the case of legally regulated storage obligations.
Irrespective of the exercise of your right to erasure, we will immediately and completely erase your data in order to fulfil our statutory obligations to erase after the processing purpose has ceased to apply, provided there is no legal or statutory retention period to the contrary.
4. The right to restriction of processing
In the cases specified in Art. 18 GDPR, you may request us to restrict the processing of your data. If you have restricted the processing of your personal data, this data - apart from its storage - may only be processed with your consent or for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a member state.
5. Right to data portability
Pursuant to Art. 20 GDPR, you have the right to have data provided by you, which we process automatically on the basis of your consent or in fulfilment of a contract, transferred to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another responsible person, this will only be done as far as it is technically feasible. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task in the public interest or in the exercise of official authority assigned to the person responsible.
6. Right to object
If we process your data on the basis of a legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR, you may object to this data processing at any time for reasons arising from your particular situation; this also applies to profiling based on these provisions (see Art. 21 GDPR). If you file an objection, we will no longer process your personal data concerned unless we can prove compelling legitimate grounds for the processing which override your interests as a data subject or for the establishment, exercise or defence of legal claims.
Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes; this also applies to profiling insofar as it is connected with such direct advertising. If you object, your personal data will no longer be used for direct marketing purposes. You can object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
7. Right to withdraw consent under data protection law
Some data processing operations are only possible with your express consent pursuant to Art. 6 para. 1 lit. a GDPR. You can withdraw your consent at any time with effect for the future. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Please note that even after withdrawing your consent, it may still be possible to process the data concerned in whole or in part on the basis of other legal principles.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes upon GDPR (Art. 77 GDPR in conjunction with § 19 BDSG). A list of data protection authorities in Germany and their contact details can be found at the following link: www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.
If you are of the opinion that we violate German or European data protection law when processing your data, please contact us in order to clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for our company headquarters:
Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
III. Which personal data are processed and from which sources?
1. The origin of the personal data
We mainly process the data that we receive directly from the data subjects as part of a business relationship (see also Part C).
In addition, we process - to the extent necessary for the provision of our services or the fulfilment of a contract with you - data that we have received from other companies in our group of companies or partner companies or locally responsible companies integrated into our sales system with which we have a long-term business relationship (see https://www.openmind-tech.com/en/privacy/partners.html).
In individual cases, we also process data that we have received or acquired from other third parties such as credit agencies, creditor protection associations or authorities, or that we have obtained, received or acquired from publicly accessible sources (e.g. telephone directories, company registers, press, Internet or other media).
Via our Website, we process data that we receive during your visit to the Website or that you actively communicate to us when using the Website, e.g. when using our contact form. Other data is automatically collected by our IT systems when you visit the Website. These are mainly technical data (e.g. Internet browser, operating system or time of the page call). This data is collected automatically as soon as you enter our Website. Details can be found under Part B.
2. Categories of personal data
Among the personal data that we regularly process are personal master/contact data such as: First and last name, address, e-mail address, telephone number, fax, position in the company.
In addition, we also process the following additional personal data depending on the order/service:
- information on the type and content of our business relationship such as contract data, order data, sales and document data, customer and supplier history, consulting documents.
- information on financial status (for example, creditworthiness data)
- advertising and sales data,
- documentation data (e.g. consultation protocols, data from service meetings or support cases)
- information from your electronic dealings with us (e.g. IP address, log-in data),
- other data that we have received from you in the context of our business relationship (e.g. in discussions with customers),
- the documentation of declarations of consent
- photos taken at public events
IV. For which purposes and on what legal basis are data processed?
We process your data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG) as amended, in particular on the following basis:
1. Fulfilment of (pre-)contractual obligations (Art. 6 para. 1 lit. b GDPR)
Personal data is processed on the basis of Art. 6 para. 1 lit. B GDPR in order to fulfil OPEN MIND's contractual obligations, in particular in connection with the sale and distribution of our goods and services as well as all activities customary in the industry for the operation or administration of OPEN MIND (e.g. customer administration). The data may also be processed on a pre-contractual level as part of initiating business with OPEN MIND or in the course of other contractual relationships with OPEN MIND.
Art. 6 para. 1 lit. b GDPR, for example, is the legal basis in the following cases:
- creating and maintaining a customer account or a supplier account
- keeping customer/prospect files or our customer/prospect database
- sending information
- offering and selling OPEN MIND Software products
- offering and implementing our services (e.g. training, consulting and support services)
Einzelheiten zum Zweck dieser Datenverarbeitungen ergeben sich aus den jeweiligen Vertragsunterlagen und Geschäftsbedingungen.
2. Safeguarding legitimate interests (Art. 6 para. 1 lit.f GDPR)
On the basis of a weighing of interests, data processing may take place beyond the actual fulfilment of a contract in order to safeguard the legitimate interests of OPEN MIND or third parties. That is permissible except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data. Data processing to safeguard legitimate interests is carried out in the following cases, for example:
- transmission of data to companies affiliated with us (see https://www.openmind-tech.com/en/privacy/partners.html)
- consultation of and data exchange with credit bureaus and creditor protection associations to determine creditworthiness data and maintenance of a group-wide creditworthiness database to identify financial default risks in specific business transactions
- execution of payment transactions via external service providers
- use of debt collection service providers and lawyers to collect receivables and/or enforce them in court
- assertion of other legal claims and defence in legal disputes
- advertising or marketing
- market and opinion surveys
- image and sound recordings at public events (e.g. trade fairs, open days, workshops, industry events)
- measures for business management and further development of our services;
- maintaining databases on customers/prospects and service providers to improve our offering
- carrying out a risk assessment (due diligence) in the context of any company restructuring or a company acquisition or sale
- ensuring the IT security and IT operations of our company
- measures for building and plant safety
3. Fulfilment of legal obligations (Art. 6 para. 1 lit.c GDPR)
The processing of your data may be necessary in part for the purpose of fulfilling various legal obligations and requirements to which we are subject, e.g. from the German Commercial Code (Handelsgesetzbuch “HGB”) or the German Tax Code (Abgabenordnung “AO”).
4. Consent (Art. 6 para. 1 lit.a GDPR)
If, in individual cases, you have given us your consent to process your data, it will be processed in accordance with the purposes and to the extent agreed in the declaration of consent. Consent given, e.g. for sending a newsletter, can be revoked at any time with effect for the future. For this purpose, please contact the contact data listed under A. No. I or No. II. Please note that processing which took place before the withdrawal is not affected by the withdrawal and under certain circumstances data processing may continue to be possible at least partially on the grounds of some other legal basis.
For this we use your data for the following purposes:
- quality assurance: In order to continuously improve our services, our products and our services for you, we conduct surveys to your satisfaction, as well as your experiences from your contractual relationship.
- general and personalised advertising by e-mail, fax or telephone.
- if you have given us a SEPA Direct Debit Mandate, we will use your bank details. We collect open amounts via the SEPA Direct Debit Mandate in accordance with the contractual agreements.
V. Who receives my data?
At OPEN MIND, those employees or organizational units who need your data to fulfil our contractual and legal obligations or to process or pursue our legitimate interests receive it.
Your data will be forwarded to companies for the initiation or execution of a contractual relationship (e.g. provision of a service or sale of goods) in accordance with Art. 6 para. 1 lit. b GDPR or - depending on the type of concrete contractual relationship - and on the basis of our legitimate interests in accordance with Art. 6 para. 1 lit. f GDPR, in particular to companies which we regularly use in connection with the provision of our service or the execution of the contract. This applies to the following recipients or recipient categories:
- IT service providers (e.g. e-mail service providers, web hosting companies)
- affiliated companies and partner companies (see https://www.openmind-tech.com/en/privacy/partners.html)
- sales partners
- advertising partners
- communication provider (telephone provider, fax provider)
- payment service providers
- shipping and logistics service providers
- credit bureaus
- chartered accountant
- tax and legal advisors
If we use a service provider in the sense of order processing in accordance with Art. 28 GDPR, we shall nevertheless remain responsible for the protection of your data. Insofar as required by law, contract processors are contractually obliged by means of an order processing agreement to treat your data confidentially and to process it only within the scope of providing the service. The processors commissioned by us will receive your data insofar as they require the data to perform their respective services.
Your data will only be transferred to state institutions and authorities or collected for this purpose within the framework of mandatory national legal provisions or if you have commissioned us to do so.
VI. How long will my data be stored?
Your personal data will only be used for the purpose for which you provided it to us or for which you gave us your consent and will be stored until this specific purpose has been fulfilled. After complete processing of the purpose, or as soon as you request us to delete your data, your data will only be stored as long as it is necessary due to statutory limitation periods or retention periods (in particular tax and commercial law nature).
However, the data will be deleted at the latest after expiry of all time limits unless you have expressly consented to further or other use. You can also assert rights during the retention periods, such as blocking your data. See A. Point II. Your data will be erased or blocked by us as soon as the purpose of storage no longer applies or you request us to erase it.
We process and in particular store your data in principle at most only until the termination of the business relationship or until the expiry of the applicable guarantee, warranty and limitation periods. For example, the statute of limitations according to §§ 195 ff. of the German Civil Code (BGB) is generally three years, but in certain cases also up to thirty years. In addition, it may be necessary for data to be retained until the legally binding termination of any legal disputes for which the data is required as evidence.
We are also subject to statutory documentation and storage periods (e.g. from the German Commercial Code (Handelsgesetzbuch, “HGB”) (e.g. § 257 HGB), the German Money Laundering Act or the German Tax Code (Abgabenordnung “AO”) (e.g. § 147 AO)). The time limits specified there for storage or documentation are two to ten years. For example, even after termination of a contract with you, we would be required to store your data for a period of time until the completion of the tax audit of the last calendar year in which you were our customer.
VII. Will personal data be transferred to a third country?
As part of our processing activities, in certain business transactions or areas of activity, personal data may also be transferred to locations in so-called third countries outside the EU or the EEA to which the EU Commission has not yet attested an adequate level of data protection, for example in the USA. If such data transfer should become necessary in individual cases, this will only be done on the basis of an adequacy decision of the European Commission, standard contractual clauses, suitable guarantees for compliance with data protection or your express consent.
Our affiliated companies and partners in third countries can be found in the overview under this link https://www.openmind-tech.com/en/privacy/partners.html.
If you accept Cookies from US service providers such as Google, Facebook, LinkedIn, Twitter or YouTube, by clicking on the “Accept cookies" button when you enter our website, or by clicking on “Accept all” in the cookie settings, you also agree, in accordance with Art. 49 para. 1 sentence 1 letter a GDPR that your data may be processed in the US, as mentioned above. If you click on the button "Open cookie settings” and then “Save settings”, this transfer will not take place.
B. Use of our Websites
In principle, you can visit our Websites and use them for information purposes without having to provide any personal details (e.g. register, place orders or otherwise provide information about yourself). In this case, we process personal data of our users only to the extent necessary to provide a functional Website and our content and services or to the extent that cookies used on the Website provide us with personal information when visiting the Website. For information on our own cookies used by us, please refer to B Section II. Other cookies enable our partner companies or third parties to recognise your browser on your next visit, if applicable. For information on such third party cookies, please refer to B Section III.
In addition, the processing of personal data of our users is carried out regularly only with the consent of the user. An exception applies in those cases in which it is not possible to obtain prior consent for factual reasons and the processing of the data is permitted by statutory provisions.
I. Provision of the Website and creation of log files
Description of data processing
Each time you access our Website, our system automatically collects data and information from the computer system of the accessing computer, which your Internet browser automatically transmits to us or our web host (so-called log files). These server logfiles contain IP addresses or other data that enable an assignment to a user. This could be the case, for example, if the link to the Website from which the user accesses the Website or the link to the Website to which the user switches contains personal data. The following information is collected:
- information about the browser type and version used
- the user's operating system
- the Internet service provider of the user
- the IP address of the user
- date and time of access
- Websites from which the user's system accesses our Website
- Websites accessed by the user's system through our Website
These data are not stored together with other personal data of the user.
Legal basis and purpose of data processing
The legal basis for the temporary storage of data and log files is Art. 6 para. 1 lit. f GDPR.
The temporary storage of the IP address by the system is necessary to enable delivery of the Website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The data is stored in log files in order to ensure the functionality of the Website. The data is also used to optimise the Website and to ensure the security of our information technology systems.
Duration of storage / right of objection and elimination
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected. In the case of the collection of data for the purpose of providing the Website, this is the case when the session in question has ended.
When data is stored in log files, this is the case after 24 hours at the latest. Storage going beyond this is possible. In this event, the IP addresses of the users will be erased or alienated so that an assignment of the accessing client is no longer possible. After 24 hours, anonymous data will be available from our provider for 3 months.
The collection of data for the provision of the Website and the storage of data in log files is mandatory for the operation of the Website. Consequently, there is no possibility for the user to object.
Description of data processing
Some cookies are deleted after the end of the browser session when your browser is closed (so-called session cookies). These cookies are technically necessary, e.g. so that you can log in to the application and also remain logged in across pages during your visit to our Website.
Other cookies remain on your end device for a specified period of time and enable us to recognize your browser during your next visit (so-called persistent or protocol cookies). The purpose of using these cookies is to provide you with optimal user guidance, to "recognize" you and to present you with as varied a Website and new content as possible when you repeatedly use it.
Flash cookies are stored on your computer as data elements of web pages when they are operated with Adobe Flash. Flash cookies have no time limit.
We use the following cookies to make our Website more user-friendly and store or transmit the following data:
C. Contractual relationships with customers and business partners
I. Am I obliged to provide data?
Further information on the individual cookies we use, can be accessed via our Cookie Consent-Tool by clicking the button "Open cookie settings" and browsing the function groups listed there.
Legal basis and purpose of data processing
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR to protect our legitimate interests in the best possible functionality and security of the Website and a customer-friendly and effective design of the site visit, unless we ask you for consent under Art. 6 para. 1 lit. a GDPR.
Storage duration / right of objection and elimination
If cookies are deactivated for our Website, it is possible that all functions of the Website can no longer be used to their full extent.
In principle, we collect the necessary data from you ourselves through personal contact. Of course, you can also contact us by telephone, fax, post or alternatively via our e-mail address (see Legal Notice) or via the e-mail addresses of our employees provided to you. In the latter case, the personal data transmitted with the e-mail will be stored. Please note that e-mail communication is not encrypted for technical reasons.
Your data will be used for the processing of the conversation and the post-processing of the respective inquiry or meeting contents. Your data will be processed on the basis of Art. 6 para. 1 lit. b GDPR if the communication is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures.
In all other cases, processing is based on our legitimate interests (Art. 6 para. 1 lit. f GDPR) in the effective processing of enquiries addressed to us.
In this context, the data will not be passed on to third parties unless it is necessary to pursue our claims or legitimate interests (Art. 6 para. 1 lit. f GDPR) or there is a legal obligation to do so (Art. 6 para. 1 lit. c GDPR).
III. Data processing within the framework of distribution
Personal data will be processed on the basis of Art. 6 Para. 1 lit. b GDPR in order to provide the service you have commissioned us to provide, in particular to implement our contracts or pre-contractual measures, as well as all activities required for the operation and administration of OPEN MIND.
The resulting purposes of data processing shall primarily depend on the activities and individual services specifically agreed with you and may include, but are not limited to, consulting activities or activities within the scope of controlling sales processes (e.g. compiling documents, sending OPEN MIND product or event information, providing OPEN MIND services) or accompanying sales negotiations and concluding contracts.
Further details on the scope, purpose and recipients of your data can be found in the relevant contractual documents and associated terms and conditions.
To the extent necessary within the framework of our operational processes, we process your data in connection with our services beyond the actual fulfilment of the contract to safeguard our legitimate interests (Art. 6 para. 1 lit. f GDPR).
In connection with the offer or provision of our services, we may be subject to special legal obligations, such as requirements of tax legislation. The purposes of processing your data may therefore include, among other things, compliance with fiscal control and reporting obligations, customs or export regulations and the assessment and control of risks. The data processing required for this is based on Art. 6 para. 1 lit. c GDPR.
IV. Transmission of data
Depending on the scope of the service, your data or documents may be passed on to public authorities or private service providers or persons with whom we cooperate on a regular basis during the enquiry or offer phase as well as during the execution of the contract (see Section A, Section V).
Due to the further development of our Website or our offers as well as due to changed legal or official requirements, it may become necessary to change this data protection declaration. You can access the current data protection declaration on our Website at any time and print it out if necessary.